SlideShare a Scribd company logo

Securing Asterisk: A practical approach

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Securing Asterisk: A practical approach

Internet
1 of 29
Download to read offline
SECURING ASTERISK;A PRACTICAL APPROACH          SUMAN  KUMAR  SAHA            Manager,  System  Administra6on                      Dhakacom  Limited            suman@dhakacom.com  
AGENDA §  Typical Threats Overview §  Call stealing §  Compromising the server §  How to Protect the PBX §  SSH communication §  Separating data & voice §  HTTP communication §  Passwords §  etc.
TYPICAL THREATS §  Stealing of calls via: §  telephony §  VoIP trunks §  SIP §  IAX2 §  Compromising the Linux server via SSH/HTTP
STEALING CALLS VIA TELEPHONY OR VOIP TRUNKS §  Disable the option of uncontrolled trunk-to- trunk calls §  DISA (Direct Inward System Access) §  use long passwords
STEALING CALLS VIA SIP / IAX2: STAGE 1 §  Find PBX IP address and port number §  Suggested tools: §  nmap (http://nmap.org/) §  svmap (http://code.google.com/p/sipvicious) $ ./svmap.py 192.168.0.1/24 | SIP Device | User Agent | Fingerprint | -------------------------------------------------------------------------- | 192.168.0.61:5060 | Asterisk PBX 1.6.2.| Asterisk / Linksys/PAP2T-3.1.| | 192.168.0.185:5060 | Yealink SIP-T28P 2.| AVM or Speedport | | 192.168.0.124:5060 | Grandstream GXP2000| Grandstream phone | | 192.168.2.4:5060 | Yealink SIP-T26P 6.| AVM or Speedport | | 192.168.0.184:5060 | Yealink SIP-T22P 7.| AVM or Speedport | | 192.168.0.134:5060 | YATE/2.2.0 | AVM or Speedport |
STEALING CALLS VIA SIP / IAX2: STAGE 1 If you come through NAT: ./svmap.py -p1000-5062 202.4.100.35 | SIP Device | User Agent | Fingerprint | ----------------------------------------------------------------------------------- | 202.4.100.35:2762 | Grandstream HT487 1.1.0.42 DevId 000b82233939 | disabled | | 202.4.100.35:3303 | Grandstream HT487 1.1.0.42 DevId 000b82233fa9 | disabled | | 202.4.100.35:1069 | Grandstream HT487 1.1.0.42 DevId 000b82233fec | disabled | | 202.4.100.35:1061 | Grandstream HT487 1.1.0.42 DevId 000b82233e14 | disabled |
STEALING CALLS VIA SIP / IAX2: STAGE 2 §  Find a PBX extension §  svwar (http://code.google.com/p/sipvicious) §  Attacker tries to differentiate between existing/non-existent extensions §  SIP response to a REGISTER/INVITE/OPTION request analysis could be used for it
STEALING CALLS VIA SIP / IAX2: STAGE 2 [root@ippbx sipvicious-0.2.8]# ./svwar.py -e1001 202.4.96.18 –force ERROR:TakeASip:Response: 'SIP/2.0 401 UnauthorizedrnVia: SIP/ 2.0/UDP 202.4.96.20:5061;branch=z9hG4bK-3218676409;received=202. 4.96.20;rport=5061rnFrom: "1001"<sip: 1001@202.4.96.18>;tag=31303031013337333237353837333 0rnTo: "1001"<sip:1001@202.4.96.18>;tag=as26840901r nCall-ID: 677757433rnCSeq: 1 REGISTERrnServer: Asterisk PBX 1.8.10.1~dfsg-1ubuntu1rnAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISHr nSupported: replaces, timerrnWWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="03f9b484"rnContent- Length: 0rnrn' WARNING:root:found nothing
STEALING CALLS VIA SIP / IAX2: STAGE 3 §  Find the password §  svcrak (http://code.google.com/p/sipvicious) §  When PBX is attacked there are many warning messages in the Asterisk log: [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. ] NOTICE[30940] chan_sip.c: Registration from '"308" failed for '192.168.0.192' - Wrong password
STEALING CALLS VIA SIP / IAX2: STAGE 3 ./svcrack.py -u1001 9.9.9.9 WARNING:ASipOfRedWine:could not bind to :5060 - some process might already be listening on this port. Listening on port 5061 instead | Extension | Password | ------------------------ | 1001 | 1001 |
STEALING CALLS VIA SIP / IAX2: STAGE 4 §  The PBX has been conquered §  A malicious user has registered an extension and makes calls for free §  In many cases this will be discovered only when the next telephone bill is received
COMPROMISING THE LINUX SERVER §  An Asterisk server is a regular Linux machine that can also be compromised §  Malware (viruses, trojan horses etc) may infiltrate via different Linux networking services such as SSH or HTTP
HOW TO PROTECT THE PBX §  There are countless methods to “harden” a server against attack §  Each method has its price §  99% of attacks are “simple” attacks, and there are simple means to prevent them
SSH COMMUNICATION §  Use public/private key authentication instead of password authentication §  Create a user account and disable log in as 'root': §  /etc/ssh/sshd_config §  Then it will be possible to connect to the PBX as a non-'root' user, and then become a “super-user”: §  ssh john@my-pbx-ip -p 4245 §  su - §PermitRootLogin no §  or § PermitRootLogin without-password
SSH COMMUNICATION CONT’D §  Restrict the source IP addresses that are allowed to access the server §  Don't use the default SSH port (22/tcp) a.  arrange port forwarding on the NAT router or b.  change the listening port in the PBX SSH server configuration: •  /etc/ssh/sshd_config •  #Port 22 •  Port 4245
SEPARATING DATA & VOIP NETWORKS §  Some customers with higher security requirements separate the VoIP network from the data network §  Dedicated cabling network not required; VLAN technology may be used instead §  Helps prevent company data servers from direct access from potentially vulnerable VoIP devices
HTTP COMMUNICATION §  Don't expose the PBX Web server to the Internet §  Use SSH tunneling for the PBX Web-based management interface §  Windows users can create SSH tunnels very easily using PuTTY
PASSWORDS §  Don't use the default passwords §  Don't use simple passwords
SECURE VOIP COMMUNICATION §  Don't expose SIP and IAX2 ports unless absolutely necessary §  Use IP restriction for internal VoIP extensions §  Allows use of weak passwords or no passwords for the internal extensions §  Use strong passwords for remote extensions
LAN-ONLY REGISTRATION FOR EXTENSION #  vim  /etc/asterisk/sip.conf     Deny=0.0.0.0/0.0.0.0   Allow=192.168.0.0/24  
INTRUSION DETECTION OPTIONS §  It is possible to use a network intrusion detection system §  Fail2Ban (http://www.fail2ban.org) §  Scans the log files and updates firewall rules to reject the IP address §  Snort (http://www.snort.org) §  Powerful network intrusion prevention and detection system (IDS/IPS)
FAIL2BAN FEATURES §  Log-based brute force blocker §  Runs as daemon §  unlike cron-based tools, no delay before taking action §  can use iptables or TCP Wrappers (/etc/ hosts.deny) §  can handle more than one service: sshd, apache, SIP traffic etc. §  can send e-mail notifications §  can ban IPs either for a limited amount of time or permanently
FAIL2BAN USAGE [asterisk-iptables] # if more than 4 attempts are made within 6 hours, ban for 24 hours enabled = true filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all] sendmail[name=ASTERISK, dest=suman@dhakacom.com, sender=fail2ban@dhakacom.com] logpath = /var/log/asterisk/messages maxretry = 4 findtime = 21600 bantime = 86400
FAIL2BAN EMAIL ALERT From:fail2ban@dhakacom.com To:noc@dhakacom.com Hi, The IP 195.154.33.3 has just been banned by Fail2Ban after 61 attempts against ASTERISK. Regards, Fail2Ban
SNORT FEATURES §  Sniffer mode §  Logger mode §  NIDS mode §  Can capture and analyze traffic for several servers §  Intrusion prevention mode §  Extremely mature system; actively developed since 1998
SNORT USAGE Packet sniffer: Snort reads IP packets and displays them on the console. #./snort -vd Packet Logger: Snort logs IP packets. #./snort -dev -l /var/log/snort Intrusion Detection System: Snort uses rule sets to inspect IP packets. When an IP packet matches the characteristics of a given rule, Snort may take one or more actions.
SNORT NIDS MODE To run Snort for intrusion detection and log all packets relative to the 192.168.10.0 network, use the command: snort -d -h 192.168.10.0 -l -c snort.conf
SUMMARY §  Types of threats §  Call stealing §  Intrusion §  Best practices §  Protecting the PBX §  Detecting attacks quickly
THANK YOU suman@dhakacom.com  

Recommended

pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
DDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriDDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriBGA Cyber Security
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Holynix v1
Holynix v1Holynix v1
Holynix v1BGA Cyber Security
 

Recommended

pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
DDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriDDoS Engelleme Ürünleri
DDoS Engelleme ÜrünleriBGA Cyber Security
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Holynix v1
Holynix v1Holynix v1
Holynix v1BGA Cyber Security
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Hping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaHping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaBGA Cyber Security
 
Snort
SnortSnort
SnortFadwa Gmiden
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma sonAçık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma sonBGA Cyber Security
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 
PCD - Process control daemon
PCD - Process control daemonPCD - Process control daemon
PCD - Process control daemonhaish
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientManassé Achim kpaya
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Hping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiHping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiBGA Cyber Security
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
EXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONEXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONBGA Cyber Security
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationChanaka Lasantha
 
bdNOG Conference Report
bdNOG Conference Report bdNOG Conference Report
bdNOG Conference Report Bangladesh Network Operators Group
 
OpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live DemonstrationOpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live DemonstrationBangladesh Network Operators Group
 

More Related Content

What's hot

All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Hping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaHping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaBGA Cyber Security
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma sonAçık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma sonBGA Cyber Security
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 
PCD - Process control daemon
PCD - Process control daemonPCD - Process control daemon
PCD - Process control daemonhaish
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientManassé Achim kpaya
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationChanaka Lasantha
 

What's hot (20)

Firewall
FirewallFirewall
Firewall
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Hping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaHping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle Oynama
 
Snort
SnortSnort
Snort
 
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma YöntemleriDoS ve DDoS Saldırıları ve Korunma Yöntemleri
DoS ve DDoS Saldırıları ve Korunma Yöntemleri
 
NMAP
NMAPNMAP
NMAP
 
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma sonAçık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
Açık kaynak kodlu uygulamalar ile adli bilişim labaratuarı kurma son
 
Wireshark
WiresharkWireshark
Wireshark
 
PCD - Process control daemon
PCD - Process control daemonPCD - Process control daemon
PCD - Process control daemon
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et client
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configuration
 
Hping, TCP/IP Paket Üretici
Hping, TCP/IP Paket ÜreticiHping, TCP/IP Paket Üretici
Hping, TCP/IP Paket Üretici
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
 
EXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATIONEXPLOIT POST EXPLOITATION
EXPLOIT POST EXPLOITATION
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integration
 

Viewers also liked

Best Current Operational Practice (BCOP) - Updates from around the world
Best Current Operational Practice (BCOP) - Updates from around the worldBest Current Operational Practice (BCOP) - Updates from around the world
Best Current Operational Practice (BCOP) - Updates from around the worldBangladesh Network Operators Group
 
বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!Bangladesh Network Operators Group
 

Viewers also liked (20)

bdNOG Conference Report
bdNOG Conference Report bdNOG Conference Report
bdNOG Conference Report
 
OpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live DemonstrationOpenStack Cloud Administration Through Live Demonstration
OpenStack Cloud Administration Through Live Demonstration
 
Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
IP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple CalculationIP Transit : Simple Math - Simple Calculation
IP Transit : Simple Math - Simple Calculation
 
Sync'ed Clients and Traffic Trends
Sync'ed Clients and Traffic Trends Sync'ed Clients and Traffic Trends
Sync'ed Clients and Traffic Trends
 
Dot BD Domain and Shared Registry Model- A Policy Proposal
Dot BD Domain and Shared Registry Model- A Policy Proposal Dot BD Domain and Shared Registry Model- A Policy Proposal
Dot BD Domain and Shared Registry Model- A Policy Proposal
 
ICANN Engagement Update
ICANN Engagement UpdateICANN Engagement Update
ICANN Engagement Update
 
EDNS0 Client-Subnet for DNS Based CDNs
EDNS0 Client-Subnet for DNS Based CDNs EDNS0 Client-Subnet for DNS Based CDNs
EDNS0 Client-Subnet for DNS Based CDNs
 
IPv6 Address & Deployment Planning
IPv6 Address & Deployment PlanningIPv6 Address & Deployment Planning
IPv6 Address & Deployment Planning
 
ISOC Engagement Activities
ISOC Engagement ActivitiesISOC Engagement Activities
ISOC Engagement Activities
 
Best Current Operational Practice (BCOP) - Updates from around the world
Best Current Operational Practice (BCOP) - Updates from around the worldBest Current Operational Practice (BCOP) - Updates from around the world
Best Current Operational Practice (BCOP) - Updates from around the world
 
Converged & Efficient Licensing Framework
Converged & Efficient Licensing FrameworkConverged & Efficient Licensing Framework
Converged & Efficient Licensing Framework
 
APNIC42 Announcement
APNIC42 AnnouncementAPNIC42 Announcement
APNIC42 Announcement
 
bdCERT Activities Update
bdCERT Activities UpdatebdCERT Activities Update
bdCERT Activities Update
 
Traffic Engineering for CDNs
Traffic Engineering for CDNs Traffic Engineering for CDNs
Traffic Engineering for CDNs
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
 
বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!
 

Similar to Securing Asterisk: A practical approach

Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Asterisksecuritykingasterisk 130723131448-phpapp01
Asterisksecuritykingasterisk 130723131448-phpapp01Asterisksecuritykingasterisk 130723131448-phpapp01
Asterisksecuritykingasterisk 130723131448-phpapp01King Astreisk Technologies
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdwebuploader
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiMackenzie Morgan
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin Davide Cioccia
 
How to secure ubuntu 12.04
How to secure ubuntu 12.04 How to secure ubuntu 12.04
How to secure ubuntu 12.04 John Richard
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegidoCisco do Brasil
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco routerIT Tech
 
Application and Server Security
Application and Server SecurityApplication and Server Security
Application and Server SecurityBrian Pontarelli
 

Similar to Securing Asterisk: A practical approach (20)

Server hardening
Server hardeningServer hardening
Server hardening
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
What Is IVR ?
What Is IVR ?What Is IVR ?
What Is IVR ?
 
Asterisksecuritykingasterisk 130723131448-phpapp01
Asterisksecuritykingasterisk 130723131448-phpapp01Asterisksecuritykingasterisk 130723131448-phpapp01
Asterisksecuritykingasterisk 130723131448-phpapp01
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsd
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFi
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
Fail2ban
Fail2banFail2ban
Fail2ban
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
 
How to secure ubuntu 12.04
How to secure ubuntu 12.04 How to secure ubuntu 12.04
How to secure ubuntu 12.04
 
O seu DNS está protegido
O seu DNS está protegidoO seu DNS está protegido
O seu DNS está protegido
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For Voip
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq Hanaysha
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Application and Server Security
Application and Server SecurityApplication and Server Security
Application and Server Security
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 

Recently uploaded (20)

VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 

Securing Asterisk: A practical approach

  • 1. SECURING ASTERISK;A PRACTICAL APPROACH          SUMAN  KUMAR  SAHA            Manager,  System  Administra6on                      Dhakacom  Limited            suman@dhakacom.com  
  • 2. AGENDA §  Typical Threats Overview §  Call stealing §  Compromising the server §  How to Protect the PBX §  SSH communication §  Separating data & voice §  HTTP communication §  Passwords §  etc.
  • 3. TYPICAL THREATS §  Stealing of calls via: §  telephony §  VoIP trunks §  SIP §  IAX2 §  Compromising the Linux server via SSH/HTTP
  • 4. STEALING CALLS VIA TELEPHONY OR VOIP TRUNKS §  Disable the option of uncontrolled trunk-to- trunk calls §  DISA (Direct Inward System Access) §  use long passwords
  • 5. STEALING CALLS VIA SIP / IAX2: STAGE 1 §  Find PBX IP address and port number §  Suggested tools: §  nmap (http://nmap.org/) §  svmap (http://code.google.com/p/sipvicious) $ ./svmap.py 192.168.0.1/24 | SIP Device | User Agent | Fingerprint | -------------------------------------------------------------------------- | 192.168.0.61:5060 | Asterisk PBX 1.6.2.| Asterisk / Linksys/PAP2T-3.1.| | 192.168.0.185:5060 | Yealink SIP-T28P 2.| AVM or Speedport | | 192.168.0.124:5060 | Grandstream GXP2000| Grandstream phone | | 192.168.2.4:5060 | Yealink SIP-T26P 6.| AVM or Speedport | | 192.168.0.184:5060 | Yealink SIP-T22P 7.| AVM or Speedport | | 192.168.0.134:5060 | YATE/2.2.0 | AVM or Speedport |
  • 6. STEALING CALLS VIA SIP / IAX2: STAGE 1 If you come through NAT: ./svmap.py -p1000-5062 202.4.100.35 | SIP Device | User Agent | Fingerprint | ----------------------------------------------------------------------------------- | 202.4.100.35:2762 | Grandstream HT487 1.1.0.42 DevId 000b82233939 | disabled | | 202.4.100.35:3303 | Grandstream HT487 1.1.0.42 DevId 000b82233fa9 | disabled | | 202.4.100.35:1069 | Grandstream HT487 1.1.0.42 DevId 000b82233fec | disabled | | 202.4.100.35:1061 | Grandstream HT487 1.1.0.42 DevId 000b82233e14 | disabled |
  • 7. STEALING CALLS VIA SIP / IAX2: STAGE 2 §  Find a PBX extension §  svwar (http://code.google.com/p/sipvicious) §  Attacker tries to differentiate between existing/non-existent extensions §  SIP response to a REGISTER/INVITE/OPTION request analysis could be used for it
  • 8. STEALING CALLS VIA SIP / IAX2: STAGE 2 [root@ippbx sipvicious-0.2.8]# ./svwar.py -e1001 202.4.96.18 –force ERROR:TakeASip:Response: 'SIP/2.0 401 UnauthorizedrnVia: SIP/ 2.0/UDP 202.4.96.20:5061;branch=z9hG4bK-3218676409;received=202. 4.96.20;rport=5061rnFrom: "1001"<sip: 1001@202.4.96.18>;tag=31303031013337333237353837333 0rnTo: "1001"<sip:1001@202.4.96.18>;tag=as26840901r nCall-ID: 677757433rnCSeq: 1 REGISTERrnServer: Asterisk PBX 1.8.10.1~dfsg-1ubuntu1rnAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISHr nSupported: replaces, timerrnWWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="03f9b484"rnContent- Length: 0rnrn' WARNING:root:found nothing
  • 9. STEALING CALLS VIA SIP / IAX2: STAGE 3 §  Find the password §  svcrak (http://code.google.com/p/sipvicious) §  When PBX is attacked there are many warning messages in the Asterisk log: [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. for ] NOTICE[30940] '192.168.0.192' chan_sip.c: Registration - Wrong password from '"308" failed [Jun.. ] NOTICE[30940] chan_sip.c: Registration from '"308" failed for '192.168.0.192' - Wrong password
  • 10. STEALING CALLS VIA SIP / IAX2: STAGE 3 ./svcrack.py -u1001 9.9.9.9 WARNING:ASipOfRedWine:could not bind to :5060 - some process might already be listening on this port. Listening on port 5061 instead | Extension | Password | ------------------------ | 1001 | 1001 |
  • 11. STEALING CALLS VIA SIP / IAX2: STAGE 4 §  The PBX has been conquered §  A malicious user has registered an extension and makes calls for free §  In many cases this will be discovered only when the next telephone bill is received
  • 12. COMPROMISING THE LINUX SERVER §  An Asterisk server is a regular Linux machine that can also be compromised §  Malware (viruses, trojan horses etc) may infiltrate via different Linux networking services such as SSH or HTTP
  • 13. HOW TO PROTECT THE PBX §  There are countless methods to “harden” a server against attack §  Each method has its price §  99% of attacks are “simple” attacks, and there are simple means to prevent them
  • 14. SSH COMMUNICATION §  Use public/private key authentication instead of password authentication §  Create a user account and disable log in as 'root': §  /etc/ssh/sshd_config §  Then it will be possible to connect to the PBX as a non-'root' user, and then become a “super-user”: §  ssh john@my-pbx-ip -p 4245 §  su - §PermitRootLogin no §  or § PermitRootLogin without-password
  • 15. SSH COMMUNICATION CONT’D §  Restrict the source IP addresses that are allowed to access the server §  Don't use the default SSH port (22/tcp) a.  arrange port forwarding on the NAT router or b.  change the listening port in the PBX SSH server configuration: •  /etc/ssh/sshd_config •  #Port 22 •  Port 4245
  • 16. SEPARATING DATA & VOIP NETWORKS §  Some customers with higher security requirements separate the VoIP network from the data network §  Dedicated cabling network not required; VLAN technology may be used instead §  Helps prevent company data servers from direct access from potentially vulnerable VoIP devices
  • 17. HTTP COMMUNICATION §  Don't expose the PBX Web server to the Internet §  Use SSH tunneling for the PBX Web-based management interface §  Windows users can create SSH tunnels very easily using PuTTY
  • 18. PASSWORDS §  Don't use the default passwords §  Don't use simple passwords
  • 19. SECURE VOIP COMMUNICATION §  Don't expose SIP and IAX2 ports unless absolutely necessary §  Use IP restriction for internal VoIP extensions §  Allows use of weak passwords or no passwords for the internal extensions §  Use strong passwords for remote extensions
  • 20. LAN-ONLY REGISTRATION FOR EXTENSION #  vim  /etc/asterisk/sip.conf     Deny=0.0.0.0/0.0.0.0   Allow=192.168.0.0/24  
  • 21. INTRUSION DETECTION OPTIONS §  It is possible to use a network intrusion detection system §  Fail2Ban (http://www.fail2ban.org) §  Scans the log files and updates firewall rules to reject the IP address §  Snort (http://www.snort.org) §  Powerful network intrusion prevention and detection system (IDS/IPS)
  • 22. FAIL2BAN FEATURES §  Log-based brute force blocker §  Runs as daemon §  unlike cron-based tools, no delay before taking action §  can use iptables or TCP Wrappers (/etc/ hosts.deny) §  can handle more than one service: sshd, apache, SIP traffic etc. §  can send e-mail notifications §  can ban IPs either for a limited amount of time or permanently
  • 23. FAIL2BAN USAGE [asterisk-iptables] # if more than 4 attempts are made within 6 hours, ban for 24 hours enabled = true filter = asterisk action = iptables-allports[name=ASTERISK, protocol=all] sendmail[name=ASTERISK, dest=suman@dhakacom.com, sender=fail2ban@dhakacom.com] logpath = /var/log/asterisk/messages maxretry = 4 findtime = 21600 bantime = 86400
  • 24. FAIL2BAN EMAIL ALERT From:fail2ban@dhakacom.com To:noc@dhakacom.com Hi, The IP 195.154.33.3 has just been banned by Fail2Ban after 61 attempts against ASTERISK. Regards, Fail2Ban
  • 25. SNORT FEATURES §  Sniffer mode §  Logger mode §  NIDS mode §  Can capture and analyze traffic for several servers §  Intrusion prevention mode §  Extremely mature system; actively developed since 1998
  • 26. SNORT USAGE Packet sniffer: Snort reads IP packets and displays them on the console. #./snort -vd Packet Logger: Snort logs IP packets. #./snort -dev -l /var/log/snort Intrusion Detection System: Snort uses rule sets to inspect IP packets. When an IP packet matches the characteristics of a given rule, Snort may take one or more actions.
  • 27. SNORT NIDS MODE To run Snort for intrusion detection and log all packets relative to the 192.168.10.0 network, use the command: snort -d -h 192.168.10.0 -l -c snort.conf
  • 28. SUMMARY §  Types of threats §  Call stealing §  Intrusion §  Best practices §  Protecting the PBX §  Detecting attacks quickly