Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Elastix securing, preventing, monitoring


Published on

Bob Fryer
5Th conference - ElastixWorld 2011
Elastix securing, preventing, monitoring
Elastix, asegurando, previniendo, monitoreando

Published in: Technology
  • Bob Fryer
    Australia Bluepackets
    5Th conference - ElastixWorld 2011
    Elastix securing, preventing, monitoring
    Elastix, asegurando, previniendo, monitoreando
    Are you sure you want to  Yes  No
    Your message goes here

Elastix securing, preventing, monitoring

  1. 1. Elastix® Security Securing, Prevention, Monitoring
  2. 2. Security Reality – the hard facts
  3. 4. Toll Fraud - A growing issue
  4. 5. Toll Fraud – what is the potential damage?
  5. 6. What do they gain from Toll Fraud?
  6. 7. Toll Fraud - Highly organised & Smart
  7. 8. A Quick Analysis of an Attack: SIP Port Probe
  8. 9. A Quick Analysis of an Attack: Extension Harvest
  9. 10. A Quick Analysis of an Attack: Dictionary Attack
  10. 11. A Quick Analysis of an Attack Quick Facts
  11. 12. Summary <ul><li>SIP Hacking Tools are readily available and for free. </li></ul><ul><li>SIPVicious is one such tool. </li></ul><ul><li>Toll Fraud costs money, and can happen to anyone. </li></ul><ul><li>Securing, Prevention, Monitoring is of the utmost importance. </li></ul>
  12. 14. Securing - Extension Security <ul><li>Do not use simple words even with a couple of numbers on the end. </li></ul><ul><li>Do not use extension number as password </li></ul><ul><li>Passwords like Hy7g6#8!9pWe are good </li></ul><ul><li>Use the Permit/Deny for each extension </li></ul><ul><li>Remote Extensions – require them to use a static IP address or at least via VPN </li></ul><ul><li>Change the SIP Port for the phone / Extension </li></ul>
  13. 15. Securing - Remote Extensions
  14. 16. Securing - Elastix® PBX Security
  15. 17. Securing – Network Firewall Security
  16. 18. Securing - Elastix® Firewall
  17. 19. Securing - Trunk Security <ul><li>Look for Voice Providers that can provide a trunk via a VPN (e.g. OpenVPN) </li></ul><ul><li>Consider using IAX Trunks between offices, and further securing them with RSA keys </li></ul><ul><li>Take the time to understand Trunks and what each configuration line means to your security. </li></ul>
  18. 21. Prevention – Don’t Install applications!!
  19. 22. Prevention – Change Control
  20. 23. Prevention - Use a VPN
  21. 24. Prevention – Outbound options
  22. 25. Prevention - SIP Provider Daily Cost Limits <ul><li>Select a Voice Provider that can set a limit per day or per month on call costs. </li></ul><ul><li>Still allows calls in when over your limit </li></ul><ul><li>Greatly limits your possible monetary liability </li></ul><ul><li>Gives you a very clear idea that something is wrong when you can’t make calls out. </li></ul>
  23. 27. Monitoring - Regular Maintenance <ul><li>Implement Regular Maintenance </li></ul><ul><li>Time frame will be dependent on other security measures in place </li></ul><ul><li>Test SIP Port access from external locations </li></ul><ul><li>Check logs </li></ul><ul><li>Check CDR logs for any unusual events </li></ul>
  24. 28. Monitoring - Log review <ul><li>Regularly review the logs </li></ul><ul><li>Review the logs when any unusual event occurs (e.g. calls with nobody there, ringing individual extensions, extensions going offline) </li></ul><ul><li>Look at the following logs </li></ul><ul><ul><li>/var/log/messages </li></ul></ul><ul><ul><li>/var/log/secure </li></ul></ul><ul><ul><li>/var/log/full </li></ul></ul>
  25. 29. Fail2Ban <ul><li>If implemented, it will be sending you email when it has blocked an entry </li></ul><ul><li>Recommend that Fail2ban email is sent to a group address. If you are away, you need someone else to be reacting to emails. </li></ul>
  26. 30. Monitoring - Humbug <ul><li>Humbug now part of add-ons for Elastix 2.2+ </li></ul><ul><li>Low cost (starting from $4.99 per month to monitor key call indicators </li></ul><ul><li>Blacklist Alerts, Long Distance Alerts, via email, SMS, etc. </li></ul>
  27. 31. Monitoring - Router/Firewall Log Review
  28. 32. Monitoring – Via Network Management
  29. 33. Monitoring – Who pays for it? <ul><li>Sell maintenance contracts to your clients </li></ul><ul><ul><li>Typically charge 1 or 2 hours per month </li></ul></ul><ul><ul><li>Review the logs and other housekeeping </li></ul></ul><ul><li>Sell Monitoring Contracts to your clients </li></ul><ul><ul><li>Monitor for unusual activity </li></ul></ul><ul><ul><li>Monitor for High Bandwidth Usage </li></ul></ul><ul><ul><li>Monitor for trunk over subscription </li></ul></ul><ul><ul><li>Monitor Connectivity / Phones online </li></ul></ul><ul><ul><li>Provide monthly graphs </li></ul></ul><ul><li>Sell Security Reviews (even for non-clients) </li></ul><ul><ul><li>Perform Log check </li></ul></ul><ul><ul><li>Review Firewall/Router setup </li></ul></ul><ul><ul><li>Attempt external penetration test </li></ul></ul><ul><ul><li>Recommend improvements to security </li></ul></ul>
  30. 34. Security - Common Mistakes
  31. 35. How can I implement some of these suggestions <ul><li>Review this Presentation again in your own time </li></ul><ul><li>Think holistically about your security – don’t concentrate on just one area or tool </li></ul><ul><li>Always think of three layers of security as a minimum </li></ul><ul><ul><li>E.g. </li></ul></ul><ul><ul><ul><li>Router/Firewall (maybe not under your control) </li></ul></ul></ul><ul><ul><ul><li>Elastix® Firewall (under your control) </li></ul></ul></ul><ul><ul><ul><li>Fail2ban (under your control) </li></ul></ul></ul><ul><ul><ul><li>Complex passwords on Extensions (under your control) </li></ul></ul></ul>
  32. 36. Elastix Security - More info Application Note releases and updates are posted on twitter @ElastixBob
  33. 37. Any Questions?