elastix securing, preventing, monitoring
DESCRIPTION
Bob Fryer Australia Bluepackets 5Th conference - ElastixWorld 2011 Elastix securing, preventing, monitoring Elastix, asegurando, previniendo, monitoreandoTRANSCRIPT
![Page 1: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/1.jpg)
Elastix® SecuritySecuring, Prevention, Monitoring
![Page 2: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/2.jpg)
Security Reality – the hard facts
![Page 3: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/3.jpg)
![Page 4: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/4.jpg)
Toll Fraud - A growing issue
![Page 5: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/5.jpg)
Toll Fraud – what is the potential damage?
![Page 6: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/6.jpg)
What do they gain from Toll Fraud?
![Page 7: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/7.jpg)
Toll Fraud - Highly organised & Smart
![Page 8: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/8.jpg)
A Quick Analysis of an Attack: SIP Port Probe
![Page 9: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/9.jpg)
A Quick Analysis of an Attack: Extension Harvest
![Page 10: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/10.jpg)
A Quick Analysis of an Attack: Dictionary Attack
![Page 11: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/11.jpg)
A Quick Analysis of an Attack Quick Facts
![Page 12: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/12.jpg)
Summary
• SIP Hacking Tools are readily available and for free.
• SIPVicious is one such tool.
• Toll Fraud costs money, and can happen to anyone.
• Securing, Prevention, Monitoring is of the utmost importance.
![Page 13: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/13.jpg)
![Page 14: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/14.jpg)
Securing - Extension Security
• Do not use simple words even with a couple of numbers on the end.
• Do not use extension number as password
• Passwords like Hy7g6#8!9pWe are good
• Use the Permit/Deny for each extension
• Remote Extensions – require them to use a static IP address or at least via VPN
• Change the SIP Port for the phone / Extension
![Page 15: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/15.jpg)
Securing - Remote Extensions
![Page 16: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/16.jpg)
Securing - Elastix® PBX Security
![Page 17: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/17.jpg)
Securing – Network Firewall Security
![Page 18: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/18.jpg)
Securing - Elastix® Firewall
![Page 19: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/19.jpg)
Securing - Trunk Security
• Look for Voice Providers that can provide a trunk via a VPN (e.g. OpenVPN)
• Consider using IAX Trunks between offices, and further securing them with RSA keys
• Take the time to understand Trunks and what each configuration line means to your security.
![Page 20: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/20.jpg)
![Page 21: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/21.jpg)
Prevention – Don’t Install applications!!
![Page 22: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/22.jpg)
Prevention – Change Control
![Page 23: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/23.jpg)
Prevention - Use a VPN
![Page 24: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/24.jpg)
Prevention – Outbound options
![Page 25: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/25.jpg)
Prevention - SIP Provider Daily Cost Limits
• Select a Voice Provider that can set a limit per day or per month on call costs.
• Still allows calls in when over your limit
• Greatly limits your possible monetary liability
• Gives you a very clear idea that something is wrong when you can’t make calls out.
![Page 26: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/26.jpg)
![Page 27: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/27.jpg)
Monitoring - Regular Maintenance
• Implement Regular Maintenance
• Time frame will be dependent on other security measures in place
• Test SIP Port access from external locations
• Check logs
• Check CDR logs for any unusual events
![Page 28: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/28.jpg)
Monitoring - Log review
• Regularly review the logs
• Review the logs when any unusual event occurs (e.g. calls with nobody there, ringing individual extensions, extensions going offline)
• Look at the following logs
• /var/log/messages
• /var/log/secure
• /var/log/full
![Page 29: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/29.jpg)
Monitoring - Humbug
• Humbug now part of add-ons for Elastix 2.2+
• Low cost (starting from $4.99 per month to monitor key call indicators
• Blacklist Alerts, Long Distance Alerts, via email, SMS, etc.
![Page 30: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/30.jpg)
Monitoring - Router/Firewall Log Review
![Page 31: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/31.jpg)
Monitoring – Via Network Management
![Page 32: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/32.jpg)
Monitoring – Who pays for it?• Sell maintenance contracts to your clients
• Typically charge 1 or 2 hours per month
• Review the logs and other housekeeping
• Sell Monitoring Contracts to your clients
• Monitor for unusual activity
• Monitor for High Bandwidth Usage
• Monitor for trunk over subscription
• Monitor Connectivity / Phones online
• Provide monthly graphs
• Sell Security Reviews (even for non-clients)
• Perform Log check
• Review Firewall/Router setup
• Attempt external penetration test
• Recommend improvements to security
![Page 33: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/33.jpg)
Security - Common Mistakes
![Page 34: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/34.jpg)
How can I implement some of these suggestions
• Review this Presentation again in your own time
• Think holistically about your security – don’t concentrate on just one area or tool
• Always think of three layers of security as a minimum
• E.g.
• Router/Firewall (maybe not under your control)
• Elastix® Firewall (under your control)
• Fail2ban (under your control)
• Complex passwords on Extensions (under your control)
![Page 35: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/35.jpg)
Elastix Security - More info
Application Note releases and updates are posted on twitter @ElastixBob
![Page 36: Elastix securing, preventing, monitoring](https://reader038.vdocuments.us/reader038/viewer/2022102922/547af3a0b4af9f43118b4788/html5/thumbnails/36.jpg)
Any Questions?