securingpreventingmonitoring-111119155454-phpapp01nullElastix® SecurityElastix® SecuritySecuring, Prevention, MonitoringSecurity Reality – the hard factsSecurity Reality – the hard factsnullToll Fraud - A growing issueToll Fraud - A growing issueToll Fraud – what is the potential damage?Toll Fraud – what is t...
nullElastix® SecurityElastix® SecuritySecuring, Prevention, MonitoringSecurity Reality – the hard factsSecurity Reality – the hard factsnullToll Fraud - A growing issueToll Fraud - A growing issueToll Fraud – what is the potential damage?Toll Fraud – what is the potential damage?What do they gain from Toll Fraud?What do they gain from Toll Fraud?Toll Fraud - Highly organised & SmartToll Fraud - Highly organised & SmartA Quick Analysis of an Attack:
SIP Port ProbeA Quick Analysis of an Attack:
SIP Port ProbeA Quick Analysis of an Attack:
Extension HarvestA Quick Analysis of an Attack:
Extension HarvestA Quick Analysis of an Attack:
Dictionary AttackA Quick Analysis of an Attack:
Dictionary AttackA Quick Analysis of an Attack
Quick FactsA Quick Analysis of an Attack
Quick FactsSummarySummarySIP Hacking Tools are readily available and for free.
SIPVicious is one such tool.
Toll Fraud costs money, and can happen to anyone.
Securing, Prevention, Monitoring is of the utmost importance.nullSecuring - Extension SecuritySecuring - Extension SecurityDo not use simple words even with a couple of numbers on the end.
Do not use extension number as password
Passwords like Hy7g6#8!9pWe are good
Use the Permit/Deny for each extension
Remote Extensions – require them to use a static IP address or at least via VPN
Change the SIP Port for the phone / ExtensionSecuring - Remote ExtensionsSecuring - Remote ExtensionsSecuring - Elastix® PBX SecuritySecuring - Elastix® PBX SecuritySecuring – Network Firewall SecuritySecuring – Network Firewall SecuritySecuring - Elastix® FirewallSecuring - Elastix® FirewallSecuring - Trunk SecuritySecuring - Trunk SecurityLook for Voice Providers that can provide a trunk via a VPN (e.g. OpenVPN)
Consider using IAX Trunks between offices, and further securing them with RSA keys
Take the time to understand Trunks and what each configuration line means to your security.
nullPrevention – Don’t Install applications!!Prevention – Don’t Install applications!!Prevention – Change ControlPrevention – Change ControlPrevention - Use a VPNPrevention - Use a VPNPrevention – Outbound optionsPrevention – Outbound optionsPrevention - SIP Provider Daily Cost LimitsPrevention - SIP Provider Daily Cost LimitsSelect a Voice Provider that can set a limit per day or per month on call costs.
Still allows calls in when over your limit
Greatly limits your possible monetary liability
Gives you a very clear idea that something is wrong when you can’t make calls out.nullMonitoring - Regular MaintenanceMonitoring - Regular MaintenanceImplement Regular Maintenance
Time frame will be dependent on other security measures in place
Test SIP Port access from external locations
Check logs
Check CDR logs for any unusual eventsMonitoring - Log reviewMonitoring - Log reviewRegularly review the logs
Review the logs when any unusual event occurs (e.g. calls with nobody there, ringing individual extensions, extensions going offline)
Look at the following logs
/var/log/messages
/var/log/secure
/var/log/fullFail2BanFail2BanIf implemented, it will be sending you email when it has blocked an entry
Recommend that Fail2ban email is sent to a group address. If you are away, you need someone else to be reacting to emails.Monitoring - HumbugMonitoring - HumbugHumbug now part of add-ons for Elastix 2.2+
Low cost (starting from $4.99 per month to monitor key call indicators
Blacklist Alerts, Long Distance Alerts, via email, SMS, etc.Monitoring - Router/Firewall Log ReviewMonitoring - Router/Firewall Log ReviewMonitoring – Via Network Management Monitoring – Via Network Management Monitoring – Who pays for it?Monitoring – Who pays for it?Sell maintenance contracts to your clients
Typically charge 1 or 2 hours per month
Review the logs and other housekeeping
Sell Monitoring Contracts to your clients
Monitor for unusual activity
Monitor for High Bandwidth Usage
Monitor for trunk over subscription
Monitor Connectivity / Phones online
Provide monthly graphs
Sell Security Reviews (even for non-clients)
Perform Log check
Review Firewall/Router setup
Attempt external penetration test
Recommend improvements to securitySecurity - Common MistakesSecurity - Common MistakesHow can I implement some of these suggestionsHow can I implement some of these suggestionsReview this Presentation again in your own time
Think holistically about your security – don’t concentrate on just one area or tool
Always think of three layers of security as a minimum
E.g.
Router/Firewall (maybe not under your control)
Elastix® Firewall (under your control)
Fail2ban (under your control)
Complex passwords on Extensions (under your control)Elastix Security - More infoElastix Security - More infoApplication Note releases and updates are posted on twitter @ElastixBobAny Questions?Any Questions?
本文档为【securingpreventingmonitoring-111119155454-phpapp01】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。