elastix securing, preventing, monitoring
DESCRIPTION
Bob Fryer Australia Bluepackets 5Th conference - ElastixWorld 2011 Elastix securing, preventing, monitoring Elastix, asegurando, previniendo, monitoreandoTRANSCRIPT
Elastix® SecuritySecuring, Prevention, Monitoring
Security Reality – the hard facts
Toll Fraud - A growing issue
Toll Fraud – what is the potential damage?
What do they gain from Toll Fraud?
Toll Fraud - Highly organised & Smart
A Quick Analysis of an Attack: SIP Port Probe
A Quick Analysis of an Attack: Extension Harvest
A Quick Analysis of an Attack: Dictionary Attack
A Quick Analysis of an Attack Quick Facts
Summary
• SIP Hacking Tools are readily available and for free.
• SIPVicious is one such tool.
• Toll Fraud costs money, and can happen to anyone.
• Securing, Prevention, Monitoring is of the utmost importance.
Securing - Extension Security
• Do not use simple words even with a couple of numbers on the end.
• Do not use extension number as password
• Passwords like Hy7g6#8!9pWe are good
• Use the Permit/Deny for each extension
• Remote Extensions – require them to use a static IP address or at least via VPN
• Change the SIP Port for the phone / Extension
Securing - Remote Extensions
Securing - Elastix® PBX Security
Securing – Network Firewall Security
Securing - Elastix® Firewall
Securing - Trunk Security
• Look for Voice Providers that can provide a trunk via a VPN (e.g. OpenVPN)
• Consider using IAX Trunks between offices, and further securing them with RSA keys
• Take the time to understand Trunks and what each configuration line means to your security.
Prevention – Don’t Install applications!!
Prevention – Change Control
Prevention - Use a VPN
Prevention – Outbound options
Prevention - SIP Provider Daily Cost Limits
• Select a Voice Provider that can set a limit per day or per month on call costs.
• Still allows calls in when over your limit
• Greatly limits your possible monetary liability
• Gives you a very clear idea that something is wrong when you can’t make calls out.
Monitoring - Regular Maintenance
• Implement Regular Maintenance
• Time frame will be dependent on other security measures in place
• Test SIP Port access from external locations
• Check logs
• Check CDR logs for any unusual events
Monitoring - Log review
• Regularly review the logs
• Review the logs when any unusual event occurs (e.g. calls with nobody there, ringing individual extensions, extensions going offline)
• Look at the following logs
• /var/log/messages
• /var/log/secure
• /var/log/full
Monitoring - Humbug
• Humbug now part of add-ons for Elastix 2.2+
• Low cost (starting from $4.99 per month to monitor key call indicators
• Blacklist Alerts, Long Distance Alerts, via email, SMS, etc.
Monitoring - Router/Firewall Log Review
Monitoring – Via Network Management
Monitoring – Who pays for it?• Sell maintenance contracts to your clients
• Typically charge 1 or 2 hours per month
• Review the logs and other housekeeping
• Sell Monitoring Contracts to your clients
• Monitor for unusual activity
• Monitor for High Bandwidth Usage
• Monitor for trunk over subscription
• Monitor Connectivity / Phones online
• Provide monthly graphs
• Sell Security Reviews (even for non-clients)
• Perform Log check
• Review Firewall/Router setup
• Attempt external penetration test
• Recommend improvements to security
Security - Common Mistakes
How can I implement some of these suggestions
• Review this Presentation again in your own time
• Think holistically about your security – don’t concentrate on just one area or tool
• Always think of three layers of security as a minimum
• E.g.
• Router/Firewall (maybe not under your control)
• Elastix® Firewall (under your control)
• Fail2ban (under your control)
• Complex passwords on Extensions (under your control)
Elastix Security - More info
Application Note releases and updates are posted on twitter @ElastixBob
Any Questions?