SlideShare a Scribd company logo

DEFCON 23 - Patrick mcneil - guidelines for securing your voip PBX

Felipe Prado
Felipe Prado

DEFCON 23 - Patrick mcneil - guidelines for securing your voip PBX

Technology
1 of 1
Download to read offline
Guidelines for Securing Your VoIP PBX Unregistered436 / Patrick McNeil – July 2015 Information Leakage Prevention (Confidentiality) Block scanners with firewall rules or a VoIP security appliance that matches on signatures of known scanners and/or credential cracking behaviors (See our iptables rules). Change the User-Agent value to something generic or even to that of an alternate type of system to trick attackers into the wrong approach. Ex: “Asterisk” becomes “Avaya CM”. Set or change the default SIP realm. If possible, use a different set of audio prompts than the system default. Take a packet capture and look for identifying fields (and investigate how to change them). Consider a Session Border Controller (SBC) to anchor sessions, perform NAT, and filter out identifying fields with header manipulation rules (topology hiding). Management & Services Assurance (Integrity) Follow vendor specific hardening guides like THIS Don’t put PBX admin interfaces on the Internet. Block access to management IP address ranges and/or protocols on the edge router or firewall. Require VPN access for management functions. SIP usernames should never match extensions. Use long passwords, and change ALL of them! Use a secure encrypted management protocol for everything (no telnet/FTP), and audit the encryption algorithms configured for use (HTTPS, SSH, etc). Note that “None” is a valid HTTPS algorithm, meaning NO encryption is performed! Don’t assume that the vendor’s out of band management ports are safe because they are out of band. An attacker can “pivot” from a compromised internal network to a management network. Don’t use a monolithic PBX distribution OR be diligent about auditing what software you really need to be running. Shut down unnecessary services. Ex: Do you NEED AMI? PATCH! Sign up for vendor security notifications. Where feasible, use TLS to protect VoIP signaling, and SRTP to protect media. Do not re-use existing vendor certificates, and always issue your own or buy a public certificate. For TLS, employ mutual authentication so client and server need to validate each other. This prevents “man in the middle” attacks and encryption downgrades. Client certificates can be time consuming to administer, but even a single organizational cert will greatly increase security. DoS (Availability) Use DoS mitigation devices to block volumetric attacks and challenge setup of new TCP and UDP sessions. Consider combining on premises detection and cleaning with a cloud scrubbing capability. Use a security appliance that can enforce SIP message format and session state to prevent out of state floods as well as oddly formatted messages that crash the system. Apply rate limiting on edge routers. Apply BCP 38 / RFC2827 to ban private IP ranges as public source IPs (sometimes used in attacks). Use iptables and fail2ban to apply rate limiting on the host in case edge protections are not sufficient Consider high-availability or multi-site deployment for critical systems. Detection & Prevention of Fraud & Abuse Don’t use three digit extensions, which are the default for SIPVicious. If using something longer, don’t start with “1000”. Ask your telecom provider what fraud protections they offer. If asked, many have default settings or paid services to block certain types of calls, cap spending, or eliminate calls to high-cost destinations. Limit (or eliminate) use of call forwarding, voicemail callback, and dialing out from voicemail. Block international dialing when possible, and require a pin code for accessing international trunks. Remember that there are international destinations that are in the North American Numbering Plan. See NANPA for the complete list. Delete or administratively disable unused extensions. Once cracked, unused extensions can be abused longer than active ones. Audit user passwords by trying to crack them. Enforce application (SIP) message rates and number of active sessions using thresholds and blacklisting. Watch real-time signaling for fraud patterns, using a fraud detection system that is either in-line or in monitor / tap mode if possible, and NOT ON the PBX. Call Detail Records can be modified if a system is sufficiently compromised. Security or fraud management systems should be capable of learning normal traffic baselines and watching for changes in ratio, frequency, or direction. DEF CON 23Installment TWO of the PBX mysterys series!!

Recommended

Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Security Benefits of Firewall Protection
Security Benefits of Firewall ProtectionSecurity Benefits of Firewall Protection
Security Benefits of Firewall Protectiondavid rom
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 

Recommended

Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Security Benefits of Firewall Protection
Security Benefits of Firewall ProtectionSecurity Benefits of Firewall Protection
Security Benefits of Firewall Protectiondavid rom
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Importance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionImportance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionHTS Hosting
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Firewall
FirewallFirewall
FirewallApo
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版Ploynatcha Akkaraputtipat
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 

More Related Content

What's hot

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Importance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionImportance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionHTS Hosting
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Firewall
FirewallFirewall
FirewallApo
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 

What's hot (20)

Dmz
Dmz Dmz
Dmz
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 
Importance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionImportance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat Protection
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Firewall
FirewallFirewall
Firewall
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
FireWall
FireWallFireWall
FireWall
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix Firewall
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 
Firewall
FirewallFirewall
Firewall
 

Similar to DEFCON 23 - Patrick mcneil - guidelines for securing your voip PBX

Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sally's Special Services
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issuesmmubashirkhan
 
STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology GuidelineSTATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology GuidelineVideoguy
 
Elastix securing, preventing, monitoring
Elastix securing, preventing, monitoringElastix securing, preventing, monitoring
Elastix securing, preventing, monitoringPaloSanto Solutions
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
6 Steps to Secure Network Devices
6 Steps to Secure Network Devices6 Steps to Secure Network Devices
6 Steps to Secure Network DevicesLisa Kearney
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
5 Common Hosted VoIP Myths Debunked
5 Common Hosted VoIP Myths Debunked5 Common Hosted VoIP Myths Debunked
5 Common Hosted VoIP Myths DebunkedJive Communications
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
why-your-network-needs-an-sbc-guide.pdf
why-your-network-needs-an-sbc-guide.pdfwhy-your-network-needs-an-sbc-guide.pdf
why-your-network-needs-an-sbc-guide.pdftardis2
 

Similar to DEFCON 23 - Patrick mcneil - guidelines for securing your voip PBX (20)

Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issues
 
Network security
Network securityNetwork security
Network security
 
STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology GuidelineSTATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology Guideline
 
Elastix securing, preventing, monitoring
Elastix securing, preventing, monitoringElastix securing, preventing, monitoring
Elastix securing, preventing, monitoring
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, English
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
6 Steps to Secure Network Devices
6 Steps to Secure Network Devices6 Steps to Secure Network Devices
6 Steps to Secure Network Devices
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration Easy
 
5 Common Hosted VoIP Myths Debunked
5 Common Hosted VoIP Myths Debunked5 Common Hosted VoIP Myths Debunked
5 Common Hosted VoIP Myths Debunked
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
why-your-network-needs-an-sbc-guide.pdf
why-your-network-needs-an-sbc-guide.pdfwhy-your-network-needs-an-sbc-guide.pdf
why-your-network-needs-an-sbc-guide.pdf
 

More from Felipe Prado

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 

More from Felipe Prado (20)

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 

DEFCON 23 - Patrick mcneil - guidelines for securing your voip PBX

  • 1. Guidelines for Securing Your VoIP PBX Unregistered436 / Patrick McNeil – July 2015 Information Leakage Prevention (Confidentiality) Block scanners with firewall rules or a VoIP security appliance that matches on signatures of known scanners and/or credential cracking behaviors (See our iptables rules). Change the User-Agent value to something generic or even to that of an alternate type of system to trick attackers into the wrong approach. Ex: “Asterisk” becomes “Avaya CM”. Set or change the default SIP realm. If possible, use a different set of audio prompts than the system default. Take a packet capture and look for identifying fields (and investigate how to change them). Consider a Session Border Controller (SBC) to anchor sessions, perform NAT, and filter out identifying fields with header manipulation rules (topology hiding). Management & Services Assurance (Integrity) Follow vendor specific hardening guides like THIS Don’t put PBX admin interfaces on the Internet. Block access to management IP address ranges and/or protocols on the edge router or firewall. Require VPN access for management functions. SIP usernames should never match extensions. Use long passwords, and change ALL of them! Use a secure encrypted management protocol for everything (no telnet/FTP), and audit the encryption algorithms configured for use (HTTPS, SSH, etc). Note that “None” is a valid HTTPS algorithm, meaning NO encryption is performed! Don’t assume that the vendor’s out of band management ports are safe because they are out of band. An attacker can “pivot” from a compromised internal network to a management network. Don’t use a monolithic PBX distribution OR be diligent about auditing what software you really need to be running. Shut down unnecessary services. Ex: Do you NEED AMI? PATCH! Sign up for vendor security notifications. Where feasible, use TLS to protect VoIP signaling, and SRTP to protect media. Do not re-use existing vendor certificates, and always issue your own or buy a public certificate. For TLS, employ mutual authentication so client and server need to validate each other. This prevents “man in the middle” attacks and encryption downgrades. Client certificates can be time consuming to administer, but even a single organizational cert will greatly increase security. DoS (Availability) Use DoS mitigation devices to block volumetric attacks and challenge setup of new TCP and UDP sessions. Consider combining on premises detection and cleaning with a cloud scrubbing capability. Use a security appliance that can enforce SIP message format and session state to prevent out of state floods as well as oddly formatted messages that crash the system. Apply rate limiting on edge routers. Apply BCP 38 / RFC2827 to ban private IP ranges as public source IPs (sometimes used in attacks). Use iptables and fail2ban to apply rate limiting on the host in case edge protections are not sufficient Consider high-availability or multi-site deployment for critical systems. Detection & Prevention of Fraud & Abuse Don’t use three digit extensions, which are the default for SIPVicious. If using something longer, don’t start with “1000”. Ask your telecom provider what fraud protections they offer. If asked, many have default settings or paid services to block certain types of calls, cap spending, or eliminate calls to high-cost destinations. Limit (or eliminate) use of call forwarding, voicemail callback, and dialing out from voicemail. Block international dialing when possible, and require a pin code for accessing international trunks. Remember that there are international destinations that are in the North American Numbering Plan. See NANPA for the complete list. Delete or administratively disable unused extensions. Once cracked, unused extensions can be abused longer than active ones. Audit user passwords by trying to crack them. Enforce application (SIP) message rates and number of active sessions using thresholds and blacklisting. Watch real-time signaling for fraud patterns, using a fraud detection system that is either in-line or in monitor / tap mode if possible, and NOT ON the PBX. Call Detail Records can be modified if a system is sufficiently compromised. Security or fraud management systems should be capable of learning normal traffic baselines and watching for changes in ratio, frequency, or direction. DEF CON 23Installment TWO of the PBX mysterys series!!