securingpreventingmonitoring-111119155454-phpapp01

nullElastix® SecurityElastix® SecuritySecuring, Prevention, MonitoringSecurity Reality – the hard factsSecurity Reality – the hard factsnullToll Fraud - A growing issueToll Fraud - A growing issueToll Fraud – what is the potential damage?Toll Fraud – what is the potential damage?What do they gain from Toll Fraud?What do they gain from Toll Fraud?Toll Fraud - Highly organised & SmartToll Fraud - Highly organised & SmartA Quick Analysis of an Attack: SIP Port ProbeA Quick Analysis of an Attack: SIP Port ProbeA Quick Analysis of an Attack: Extension HarvestA Quick Analysis of an Attack: Extension HarvestA Quick Analysis of an Attack: Dictionary AttackA Quick Analysis of an Attack: Dictionary AttackA Quick Analysis of an Attack Quick FactsA Quick Analysis of an Attack Quick FactsSummarySummarySIP Hacking Tools are readily available and for free. SIPVicious is one such tool. Toll Fraud costs money, and can happen to anyone. Securing, Prevention, Monitoring is of the utmost importance.nullSecuring - Extension SecuritySecuring - Extension SecurityDo not use simple words even with a couple of numbers on the end. Do not use extension number as password Passwords like Hy7g6#8!9pWe are good Use the Permit/Deny for each extension Remote Extensions – require them to use a static IP address or at least via VPN Change the SIP Port for the phone / ExtensionSecuring - Remote ExtensionsSecuring - Remote ExtensionsSecuring - Elastix® PBX SecuritySecuring - Elastix® PBX SecuritySecuring – Network Firewall SecuritySecuring – Network Firewall SecuritySecuring - Elastix® FirewallSecuring - Elastix® FirewallSecuring - Trunk SecuritySecuring - Trunk SecurityLook for Voice Providers that can provide a trunk via a VPN (e.g. OpenVPN) Consider using IAX Trunks between offices, and further securing them with RSA keys Take the time to understand Trunks and what each configuration line means to your security. nullPrevention – Don’t Install applications!!Prevention – Don’t Install applications!!Prevention – Change ControlPrevention – Change ControlPrevention - Use a VPNPrevention - Use a VPNPrevention – Outbound optionsPrevention – Outbound optionsPrevention - SIP Provider Daily Cost LimitsPrevention - SIP Provider Daily Cost LimitsSelect a Voice Provider that can set a limit per day or per month on call costs. Still allows calls in when over your limit Greatly limits your possible monetary liability Gives you a very clear idea that something is wrong when you can’t make calls out.nullMonitoring - Regular MaintenanceMonitoring - Regular MaintenanceImplement Regular Maintenance Time frame will be dependent on other security measures in place Test SIP Port access from external locations Check logs Check CDR logs for any unusual eventsMonitoring - Log reviewMonitoring - Log reviewRegularly review the logs Review the logs when any unusual event occurs (e.g. calls with nobody there, ringing individual extensions, extensions going offline) Look at the following logs /var/log/messages /var/log/secure /var/log/fullFail2BanFail2BanIf implemented, it will be sending you email when it has blocked an entry Recommend that Fail2ban email is sent to a group address. If you are away, you need someone else to be reacting to emails.Monitoring - HumbugMonitoring - HumbugHumbug now part of add-ons for Elastix 2.2+ Low cost (starting from $4.99 per month to monitor key call indicators Blacklist Alerts, Long Distance Alerts, via email, SMS, etc.Monitoring - Router/Firewall Log ReviewMonitoring - Router/Firewall Log ReviewMonitoring – Via Network Management Monitoring – Via Network Management Monitoring – Who pays for it?Monitoring – Who pays for it?Sell maintenance contracts to your clients Typically charge 1 or 2 hours per month Review the logs and other housekeeping Sell Monitoring Contracts to your clients Monitor for unusual activity Monitor for High Bandwidth Usage Monitor for trunk over subscription Monitor Connectivity / Phones online Provide monthly graphs Sell Security Reviews (even for non-clients) Perform Log check Review Firewall/Router setup Attempt external penetration test Recommend improvements to securitySecurity - Common MistakesSecurity - Common MistakesHow can I implement some of these suggestionsHow can I implement some of these suggestionsReview this Presentation again in your own time Think holistically about your security – don’t concentrate on just one area or tool Always think of three layers of security as a minimum E.g. Router/Firewall (maybe not under your control) Elastix® Firewall (under your control) Fail2ban (under your control) Complex passwords on Extensions (under your control)Elastix Security - More infoElastix Security - More infoApplication Note releases and updates are posted on twitter @ElastixBobAny Questions?Any Questions?