This document provides an introduction to network and security for Elastix systems. It discusses that security is a broad topic that requires constant monitoring and improvement. The document outlines four layers of security: firewalls, authentication, obfuscation, and monitoring. It warns of "script kiddies" who use automated tools to find vulnerabilities, and stresses the importance of strong passwords and monitoring logs. The overall message is that security requires ongoing effort across multiple layers to protect systems from evolving threats.
The document summarizes the artificial fish swarm algorithm (AFSA), which is a population-based metaheuristic optimization algorithm inspired by fish schooling behavior. It describes how AFSA simulates behaviors like swarming, chasing, and random movement to explore the search space and exploit promising solutions. The algorithm represents potential solutions as individual fish and moves them through the search space based on their visual scope and interactions with neighboring fish. While AFSA has advantages like global search ability and parameter tolerance, it also has drawbacks such as higher time complexity and lack of balance between exploration and exploitation.
O documento discute os conceitos e tipos de armazenagem e estoque, incluindo: (1) a importância da logística de armazenagem na cadeia de suprimentos; (2) tipos de estocagem como tradicional, informatizada e robotizada; (3) sistemas de informação para armazenagem; (4) gestão de estoques para identificar modelos e objetivos de controle.
This document summarizes the bat algorithm, which is a metaheuristic optimization algorithm inspired by the echolocation behavior of microbats. It describes how bats use echolocation to locate prey and obstacles. The basic steps of the bat algorithm are outlined, including how bats emit calls and adjust properties like frequency and loudness. Variants of the bat algorithm are mentioned for solving multi-objective, fuzzy logic, and other problems. Applications discussed include engineering design, scheduling, data clustering, and image processing. Advantages include quick convergence and flexibility, while disadvantages include possible stagnation if parameters are adjusted too rapidly.
The document is a summary of a student's results on a final exam for a wireless networking course. The exam consisted of 36 multiple choice questions. The student answered 34 questions correctly, earning a score of 94%. The summary provides an overview of the key details about the exam, including the number and type of questions, the student's score, and that they performed excellently on the exam.
The document summarizes the artificial fish swarm algorithm (AFSA), which is a population-based metaheuristic optimization algorithm inspired by fish schooling behavior. It describes how AFSA simulates behaviors like swarming, chasing, and random movement to explore the search space and exploit promising solutions. The algorithm represents potential solutions as individual fish and moves them through the search space based on their visual scope and interactions with neighboring fish. While AFSA has advantages like global search ability and parameter tolerance, it also has drawbacks such as higher time complexity and lack of balance between exploration and exploitation.
O documento discute os conceitos e tipos de armazenagem e estoque, incluindo: (1) a importância da logística de armazenagem na cadeia de suprimentos; (2) tipos de estocagem como tradicional, informatizada e robotizada; (3) sistemas de informação para armazenagem; (4) gestão de estoques para identificar modelos e objetivos de controle.
This document summarizes the bat algorithm, which is a metaheuristic optimization algorithm inspired by the echolocation behavior of microbats. It describes how bats use echolocation to locate prey and obstacles. The basic steps of the bat algorithm are outlined, including how bats emit calls and adjust properties like frequency and loudness. Variants of the bat algorithm are mentioned for solving multi-objective, fuzzy logic, and other problems. Applications discussed include engineering design, scheduling, data clustering, and image processing. Advantages include quick convergence and flexibility, while disadvantages include possible stagnation if parameters are adjusted too rapidly.
The document is a summary of a student's results on a final exam for a wireless networking course. The exam consisted of 36 multiple choice questions. The student answered 34 questions correctly, earning a score of 94%. The summary provides an overview of the key details about the exam, including the number and type of questions, the student's score, and that they performed excellently on the exam.
This document discusses classifying bird species based on their sounds. It notes there are over 9,000 bird species and the goal is to automatically recognize species or individual birds by their sounds. This is important for environmental monitoring and scientific research. The document reviews literature on using signal processing and machine learning techniques like mel-frequency cepstral coefficients and classifiers like k-nearest neighbor and support vector machines. It then describes the method of collecting and preprocessing audio, extracting features, and classifying birds. It concludes there is still room for improvement by using more data, handling noise better, and developing more efficient techniques.
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
This document discusses swarm intelligence and how it can be used to design algorithms. It provides examples of how ants exhibit swarm intelligence through their collective foraging behaviors without centralized control. Specifically, it mentions how ant colony algorithms have been designed and applied to solve optimization problems like the traveling salesman problem by simulating the indirect communication of ants through pheromone trails. The document also notes some potential applications of swarm intelligence in robotics and communication networks.
The document describes the Social Spider Optimization (SSO) algorithm, which is inspired by the behaviors of social spiders. The SSO algorithm initializes a population of solutions represented as spiders (both male and female). It then evaluates the fitness of each solution and models vibrations transmitted through a communal web. Operators like female cooperation, male cooperation, and mating are applied to update solution positions. The algorithm iterates until termination criteria are met, with the goal of finding high-quality solutions represented by heavier/fitter spiders.
The document summarizes a seminar report on packet sniffing submitted by four students. It discusses different packet sniffing methods like IP-based, MAC-based, and ARP-based sniffing. It also explains how Anti-Sniff tries to detect these sniffing programs using MAC address detection and DNS detection methods. The report analyzes how packet sniffers work on both shared and switched Ethernet networks and their various uses for both network troubleshooting and unauthorized access purposes. Common sniffing tools like tcpdump, sniffit, and ethereal are also mentioned.
The RADIUS accounting messages contain cleartext user identity and device identifiers that can be used to track users even if the authentication traffic is encrypted. Some ways to mitigate this are:
- Use EAP-TLS or EAP-PWD authentication to avoid sending IMSI or username in cleartext
- Enable IMSI privacy in EAP-SIM/EAP-AKA methods
- Tunnel or encrypt RADIUS accounting messages to prevent eavesdropping of user identities
- Use temporary identifiers instead of permanent ones in accounting messages
Proper configuration of authentication and accounting privacy features can help prevent user tracking via network monitoring of 802.1X and RADIUS traffic. However, complete anonymity is difficult to achieve in centralized network authentication systems
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
This document describes the Spider Monkey Optimization (SMO) algorithm, which is based on the social behavior of spider monkeys. It discusses how spider monkeys live in groups and divide into subgroups to forage for food. The subgroups communicate within and between groups to share information. The SMO algorithm imitates this behavior through population initialization, local leader and global leader phases where the group is divided into subgroups that learn and share information.
Glowworm swarm optimization (GSO) is a swarm intelligence based algorithm, introduced by K.N. Krishnanand and D. Ghose in 2005, for simultaneous computation of multiple optima of multimodal functions
The document provides an overview of hacking wireless networks and related concepts. It discusses types of wireless networks, standards like 802.11a/b/g/i/n, antennas, wireless access points, SSIDs, and how to set up a wireless local area network. It also covers topics like detecting wireless networks, tools for scanning and sniffing wireless traffic, and securing wireless networks using methods such as WEP, WPA, WIDZ and RADIUS. The document is meant to familiarize readers with concepts needed to hack wireless networks like cracking WEP keys and the steps involved.
Swarm intelligence is a modern artificial intelligence discipline that is concerned with the design of multiagent systems with applications, e.g., in optimization and in robotics. The design paradigm for these systems is fundamentally different from more traditional approaches.
This document discusses WLAN attacks and protections. It describes common WLAN attacks like man-in-the-middle, denial of service, and rogue access points that threaten confidentiality, integrity, availability, and authentication. Existing solutions like WEP, WPA, WPA2 aim to provide encryption and authentication, but also have vulnerabilities. The document recommends combining WPA2/AES encryption with 802.1x authentication and wireless intrusion detection/prevention systems to secure WLANs at both the frame and RF levels.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Intrusion Detection System using Snort webhostingguy
This document summarizes the installation and configuration of an intrusion detection system using the open source tools Snort, MySQL, Apache web server, PHP, ACID, SAM, and SNOT. It provides step-by-step instructions for installing each component, configuring them to work together, and testing the system using SNOT to generate attack packets that can be monitored through the SAM and ACID interfaces.
This document provides an overview of security features in GSM and UMTS mobile networks. It describes the key entities and architecture of GSM, including authentication using a shared secret key stored on the SIM card. It outlines security issues with GSM such as the insecure radio channel. The document then explains the enhanced authentication mechanism used in UMTS known as AKA, which generates authentication vectors to authenticate the user equipment and network. Finally, it provides references used in the research.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
This document discusses classifying bird species based on their sounds. It notes there are over 9,000 bird species and the goal is to automatically recognize species or individual birds by their sounds. This is important for environmental monitoring and scientific research. The document reviews literature on using signal processing and machine learning techniques like mel-frequency cepstral coefficients and classifiers like k-nearest neighbor and support vector machines. It then describes the method of collecting and preprocessing audio, extracting features, and classifying birds. It concludes there is still room for improvement by using more data, handling noise better, and developing more efficient techniques.
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
This document discusses swarm intelligence and how it can be used to design algorithms. It provides examples of how ants exhibit swarm intelligence through their collective foraging behaviors without centralized control. Specifically, it mentions how ant colony algorithms have been designed and applied to solve optimization problems like the traveling salesman problem by simulating the indirect communication of ants through pheromone trails. The document also notes some potential applications of swarm intelligence in robotics and communication networks.
The document describes the Social Spider Optimization (SSO) algorithm, which is inspired by the behaviors of social spiders. The SSO algorithm initializes a population of solutions represented as spiders (both male and female). It then evaluates the fitness of each solution and models vibrations transmitted through a communal web. Operators like female cooperation, male cooperation, and mating are applied to update solution positions. The algorithm iterates until termination criteria are met, with the goal of finding high-quality solutions represented by heavier/fitter spiders.
The document summarizes a seminar report on packet sniffing submitted by four students. It discusses different packet sniffing methods like IP-based, MAC-based, and ARP-based sniffing. It also explains how Anti-Sniff tries to detect these sniffing programs using MAC address detection and DNS detection methods. The report analyzes how packet sniffers work on both shared and switched Ethernet networks and their various uses for both network troubleshooting and unauthorized access purposes. Common sniffing tools like tcpdump, sniffit, and ethereal are also mentioned.
The RADIUS accounting messages contain cleartext user identity and device identifiers that can be used to track users even if the authentication traffic is encrypted. Some ways to mitigate this are:
- Use EAP-TLS or EAP-PWD authentication to avoid sending IMSI or username in cleartext
- Enable IMSI privacy in EAP-SIM/EAP-AKA methods
- Tunnel or encrypt RADIUS accounting messages to prevent eavesdropping of user identities
- Use temporary identifiers instead of permanent ones in accounting messages
Proper configuration of authentication and accounting privacy features can help prevent user tracking via network monitoring of 802.1X and RADIUS traffic. However, complete anonymity is difficult to achieve in centralized network authentication systems
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
This document describes the Spider Monkey Optimization (SMO) algorithm, which is based on the social behavior of spider monkeys. It discusses how spider monkeys live in groups and divide into subgroups to forage for food. The subgroups communicate within and between groups to share information. The SMO algorithm imitates this behavior through population initialization, local leader and global leader phases where the group is divided into subgroups that learn and share information.
Glowworm swarm optimization (GSO) is a swarm intelligence based algorithm, introduced by K.N. Krishnanand and D. Ghose in 2005, for simultaneous computation of multiple optima of multimodal functions
The document provides an overview of hacking wireless networks and related concepts. It discusses types of wireless networks, standards like 802.11a/b/g/i/n, antennas, wireless access points, SSIDs, and how to set up a wireless local area network. It also covers topics like detecting wireless networks, tools for scanning and sniffing wireless traffic, and securing wireless networks using methods such as WEP, WPA, WIDZ and RADIUS. The document is meant to familiarize readers with concepts needed to hack wireless networks like cracking WEP keys and the steps involved.
Swarm intelligence is a modern artificial intelligence discipline that is concerned with the design of multiagent systems with applications, e.g., in optimization and in robotics. The design paradigm for these systems is fundamentally different from more traditional approaches.
This document discusses WLAN attacks and protections. It describes common WLAN attacks like man-in-the-middle, denial of service, and rogue access points that threaten confidentiality, integrity, availability, and authentication. Existing solutions like WEP, WPA, WPA2 aim to provide encryption and authentication, but also have vulnerabilities. The document recommends combining WPA2/AES encryption with 802.1x authentication and wireless intrusion detection/prevention systems to secure WLANs at both the frame and RF levels.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Intrusion Detection System using Snort webhostingguy
This document summarizes the installation and configuration of an intrusion detection system using the open source tools Snort, MySQL, Apache web server, PHP, ACID, SAM, and SNOT. It provides step-by-step instructions for installing each component, configuring them to work together, and testing the system using SNOT to generate attack packets that can be monitored through the SAM and ACID interfaces.
This document provides an overview of security features in GSM and UMTS mobile networks. It describes the key entities and architecture of GSM, including authentication using a shared secret key stored on the SIM card. It outlines security issues with GSM such as the insecure radio channel. The document then explains the enhanced authentication mechanism used in UMTS known as AKA, which generates authentication vectors to authenticate the user equipment and network. Finally, it provides references used in the research.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
In this presentation, Dmitry Khlebnikov sets forward six broad principles for designing secure IT systems. He also provides a comprehensive overview of "Host-based Security"
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneAlec Sloman
In this presentation, Dmitry Khlebnikov sets forward 6 broad principles for designing secure IT infrastructure, and provides a comprehensive overview of "Host-based Security".
This document discusses the importance of conducting a cyber security vulnerability assessment. It recommends beginning by selecting a security standard to guide the assessment. A key step is taking an inventory of all cyber assets, how they are connected and configured. This information should be documented and updated regularly. The document provides tips for involving staff, reviewing documentation, analyzing network and wireless traffic, and physically verifying connections. The goal is to identify vulnerabilities before a hacker could exploit them.
Chapter 5Overview of SecurityTechnologiesWe can’t hWilheminaRossi174
Chapter 5
Overview of Security
Technologies
“We can’t help everyone, but everyone can help someone.” —Ronald Reagan
This chapter discusses the use of technologies that have evolved to support and enhance
network security. Many of these technologies are used today without the user under-
standing when or where they operate. After reading this chapter, you will understand the
benefits of these technologies, where they operate, and some of the operational risks
associated with them. By the end of this chapter, you should know and be able to explain
the following:
■ How you can employ packet filtering to reduce threats to a network
■ Understand precisely what stateful packet inspection is, and why its important for
firewalls to use this technique
■ The role and placement of a proxy technology within a secure network
■ Network Address Translation (NAT) and how you can use it to allow the Internet to
continue to grow in IPv4
■ How Public Key Infrastructure (PKI) has the potential to protect the flow of informa-
tion in a global manner
Answering these key questions and understand the concepts behind them will enable you
to understand the overall characteristics and importance of the security technologies cov-
ered in this chapter. By the time you finish this book, you will have a solid appreciation for
network security, its issues, how it works, and why it is important.
So far, this book has painted in broad strokes the steps an attacker could possibly take to
gain access to sensitive resources. The first step in protecting these assets is the global
security policy created by combining the many aspects discussed in Chapter 2, “Security
Policies.” This chapter introduces some of the more broadly used security technologies.
Each of these technologies contains a concept or specific role that increases the security
of your network when designed and implemented in a layered design.
128 Network Security First-Step
Security First Design Concepts
Network security can be a hydra (many-headed beast) with regard to potential attacks and
threats against the network. The resources and opinions on this subject are incredible, and
opinions vary greatly depending on whom you ask. For example, in 2004 when I wrote the
first edition of this book, a simple Google search on “designing a secure network”
returned almost half a million results. In 2012, that same search string returns more than
five and a quarter million hits. It is no wonder that conflicting security concepts bombard
people, causing a great deal of confusion. To be honest, if you were to look up network
security books, any bookstore also reveals almost as many!
The point is that experts in each area of network design have written so much on design-
ing secure network architecture that to try to do the subject justice here is beyond the
scope of this book. Books and websites deal with every aspect of network security, server
security, application security, and so forth. We endeavor to prov ...
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
The document discusses the importance of using checklists to optimize security operations. It provides an initial security checklist for internet service providers (ISPs) to assess positive control, virtual terminal access control lists (VTY ACLs), vendor security partnerships, upgrade plans, IPv6 security, attack tree analysis, border gateway protocol (BGP) policies, DNS architecture resilience, and developing a security community. The checklist highlights key areas ISPs should review to strengthen their defenses against evolving cyber threats from criminals, hackers, and nation states. Regular use of such checklists is encouraged to proactively address vulnerabilities before exploits can be launched.
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
IT teams are overwhelmed trying to manage network security and compliance regulations while responding to help tickets. Endpoint profiling can help by providing complete visibility into all devices on the network. It allows teams to more efficiently manage initiatives like data security, rogue device detection, compliance, incident response, asset discovery, BYOD programs, authentication, and outsourcing verification. The document describes how endpoint profiling supports each of these areas.
Building a Modern Security Engineering OrganizationZane Lackey
Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes, specifically covering:
- Practical advice for building and scaling modern AppSec and NetSec programs
- Lessons learned for organizations seeking to launch a bug bounty program
- How to run realistic attack simulations and learn the signals of compromise in your environment
This document provides a 5-step guide to securing a business's data in the cloud. Step 1 is to secure the office by destroying passwords written on sticky notes and using a password manager. Step 2 is to enforce passwords on all devices. Step 3 is to install antivirus software and update devices regularly. Step 4 is to use end-to-end encrypted cloud services to protect important data. Step 5 is to educate employees on security policies and risks. Following these basic steps provides a solid foundation for cloud data security.
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
This document discusses network security recommendations for small to medium businesses. It begins by acknowledging hackers' skills and describes how hacking has evolved over time. It then provides six suggestions for improving network security: 1) update all computers regularly, 2) don't rely solely on WSUS for updates, 3) patching alone is not enough, additional verification is needed, 4) unanticipated hardware/software pose risks, 5) embrace application automation, and 6) use a single integrated solution for management. It promotes GFI LanGuard as a solution that provides patch management, vulnerability assessment, asset inventory, auditing and compliance features to help secure a network.
This document discusses implementing AppLocker whitelisting to prevent malware execution. It begins by explaining the limitations of traditional antivirus and introduces AppLocker as a "whitelisting" approach that allows only approved applications to run. It then provides guidance on planning and deploying AppLocker, including determining scope, generating application rules, selecting rule types, and configuring Group Policy for enforcement. The presentation aims to demonstrate how AppLocker can eliminate many IT problems by preventing the execution of unauthorized or unknown software.
Download DOC Word file from below links
Link 1: http://gestyy.com/eiT4zZ
Link 2: http://fumacrom.com/RQRL
Disclaimer: Above doc file is only for education purpose only
Contains some important questions on information security/cyber security
Q1) When you want to authenticate yourself to your computer, most likely you type in your username and password. The username is considered public knowledge, so it is the password that authenticates you. Your password is something you know.
1.1 It is also possible to authenticate based on something you are, that is, a physical characteristic. Such a characteristic is known as a biometric. Give an example of biometric-based authentication.
1.2 It is also possible to authenticate based on something you have, that is, something in your possession. Give an example of authentication based on something you have.
1.3 Two-factor authentication requires that two of the three authentication methods (something you know, something you have, something you are) be used. Give an example from everyday life where two-factor authentication is used. Which two of the three are used?
Q2) Malware is software that is intentionally malicious, in the sense that it is designed to do damage or break the security of a system. Malware comes in many familiar varieties, including viruses, worms, and Trojans.
2.1 Has your computer ever been infected with malware? If so, what did the malware do and how did you get rid of the problem? If not, why have you been so lucky?
2.2 In the past, most malware was designed to annoy users. Today, it is often claimed that most malware is written for profit. How could malware possibly be profitable?
Q3) What is war dialling and war driving?
Q4) Suppose that we have a computer that can test 240 keys each second.
4.1 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 288?
4.2 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2112?
4.3 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2256?
Q5) What kind of attacks are possible on mobile/cell phones? Explain with example.
Q6) Explain the countermeasures to be practiced for possible attacks on mobile/cell phones.
This document provides information about computer hacking tools and skills. It discusses hacking tools like SQLI Helper, Dark Port Scanner, Sonic Bat virus creator, Brutus password cracker, and IP Tools. It also mentions Cain and Abel password recovery tool. The document outlines essential hacking skills like network packet sniffing, password hash cracking, rainbow tables, and cryptanalysis attacks. It emphasizes the wide IT knowledge required to become a skilled hacker, including fundamentals like networking, operating systems, and programming.
A presentation specifically designed for non-technical decision makers who would like to understand Cyber Security and GDPR better, and how to protect their businesses.
Integrating OMS and Azure Security Center for Enhanced Cloud SecurityMaryJWilliams2
Explore the synergy between Operations Management Suite (OMS) and Azure Security Center in this comprehensive guide designed for IT professionals and cloud administrators. Learn how to leverage the combined power of OMS's log analytics and Azure Security Center's enhanced security posture management to monitor, detect, and respond to threats in real-time across your Azure and hybrid environments. To Know more: https://stonefly.com/white-papers/demonstration-of-oms-and-azure-security/
Maximizing Cloud Security and Efficiency: A Guide to Integrating OMS and Azur...MaryJWilliams2
This comprehensive guide explores the dynamic integration of Operations Management Suite (OMS) and Azure Security Center, illustrating how these powerful Microsoft tools can revolutionize cloud security monitoring and management. Aimed at IT professionals and cloud administrators, it provides step-by-step instructions for leveraging the combined capabilities of OMS and Azure Security Center to enhance threat detection, increase operational efficiency, and bolster the security of Azure cloud environments. To Know more: https://stonefly.com/white-papers/demonstration-of-oms-and-azure-security/
UNLOCKING HEALTHCARE 4.0: NAVIGATING CRITICAL SUCCESS FACTORS FOR EFFECTIVE I...amsjournal
The Fourth Industrial Revolution is transforming industries, including healthcare, by integrating digital,
physical, and biological technologies. This study examines the integration of 4.0 technologies into
healthcare, identifying success factors and challenges through interviews with 70 stakeholders from 33
countries. Healthcare is evolving significantly, with varied objectives across nations aiming to improve
population health. The study explores stakeholders' perceptions on critical success factors, identifying
challenges such as insufficiently trained personnel, organizational silos, and structural barriers to data
exchange. Facilitators for integration include cost reduction initiatives and interoperability policies.
Technologies like IoT, Big Data, AI, Machine Learning, and robotics enhance diagnostics, treatment
precision, and real-time monitoring, reducing errors and optimizing resource utilization. Automation
improves employee satisfaction and patient care, while Blockchain and telemedicine drive cost reductions.
Successful integration requires skilled professionals and supportive policies, promising efficient resource
use, lower error rates, and accelerated processes, leading to optimized global healthcare outcomes.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
The CBC machine is a common diagnostic tool used by doctors to measure a patient's red blood cell count, white blood cell count and platelet count. The machine uses a small sample of the patient's blood, which is then placed into special tubes and analyzed. The results of the analysis are then displayed on a screen for the doctor to review. The CBC machine is an important tool for diagnosing various conditions, such as anemia, infection and leukemia. It can also help to monitor a patient's response to treatment.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
3. Elastix & Network
Security Guide
Author Bob Fryer
Organisation Blue Packets (ACT, Australia)
Date 09/01/2011
Revision 1.0
Level Beginner/Intermediate/Advanced
Date for Review 30/03/2011 or Elastix 2.04 Release
Relates to Elastix 2.0 – and some earlier versions
Licence GNU/FDL
Contributors
4. Introduction
Security is a very broad subject and rightly so. It is a very subjective topic as well, and to a certain
degree it is a subject that will never have a definitive end. That’s why I generally dismiss any book
that claims to be a Definitive Guide to Security. It is a constant living subject, with improvements,
changes, retractions and even changes in thinking and direction every year.
There is also no subject like security that stirs up the emotions, especially when statements are
made as everyone has their own views and ideas.
Security is also not going to be fixed by one device that fixes everything. It is a set of tools, backed up
by procedures, and ultimately backed up by diligent review and monitoring.
Security is only as good as the weakest link in the chain, which is why this guide covers Network as
well, but no matter how well you follow this guide, implement its measures, follow procedures, it
will always come undone by something very basic, something you have never considered to be an
issue or a link in the chain of security.
This document is not a definitive guide on Security. I won’t even promise you that by following this
guide that your Elastix system will not be hacked. Only you can continue to work on this side of
things, learning more about security, implementing new measures as you feel are needed.
Likewise, Security is as much as you want to make it. You may be able to secure your system to cover
70% of your system using tools/products that you have and no further hardware, you may be able to
cover 95% of your system with a few hundred dollars, but to get to that 99%+, it could cost you
thousands of dollars, and you may still have that 1% chance that someone gets through.
This guide will provide you with an introduction on tools and techniques you can implement to cover
that 70% to 95%. This guide will describe some of the common techniques that these intruders use
as well as tips and tricks to lessen the possibility of an intruder will make a successful intrusion into
your system.
When implementing security I personally working the basis of four layers which generally come
down to the basics
• Firewall
Most people know what I mean here, and the prime security measure needs to exist on the
perimeter of your network. I have no issue with it existing on your Elastix system, especially
as a properly implemented Linux IPTables is probably regarded as one the best firewall
implementations, in fact many Firewall Appliance products both commercial and Open
Source are based on a Linux Kernel with IPTables. However as a general rule it is always best
if the primary firewall is separate from the product you are protecting. Have a think about it,
wouldn’t you prefer that you have some distance on the product that someone is trying to
hack (in this case the firewall) and the product you are protecting. It adds that extra layer.
5. • Authentication
Very simple, but often very little thought goes into it. The number of systems I see in place
where the implementer has used simple passwords, in many cases, the password is the
same as the extension number. The use of a numerical password is also just as bad. It
doesn’t take long for a “Script Kiddie” to run a “password guesser” on your system,
especially where the password is all numbers.
Authentication also comes down to the encryption of the password if it is possible.
• Obfuscation
Big term for nothing much, but it aptly describes what we are trying to do. Basically it means
“to make things not clear”.
This has a very successful application in the security world. Why make it clear to possible
intruders by giving them a roadmap. If a possible intruder finds everything is laid out before
them, they will use it, and it’s the same as these “Script Kiddies”, they expect everything to
be as they expected, which is why these scripts have reasonable success.
Changing the system from defaults won’t stop the good intrusion attacks, but it will
definitely make it harder for all the others to attack your system. Unless they have a vested
interest in the intended target, they will normally turn away from your system and look for
an easier target, especially if the system is an automated script.
• Monitoring
No Firewall is 100% foolproof, no network is 100% static (never changed), and attackers are
trying new measures every day. You cannot setup a firewall and forget. Constant monitoring
of your Firewall or Intrusion logs is necessary.
In this guide you will find that many of the techniques and ideas implement these either all together
or across a range of implementations.
As I mentioned before, just implementing these ideas will not all of a sudden make things secure. It
is also a case of monitoring your system on a regular basis, investigating what you see. Many
systems that are “hacked” are generally not monitored, and if they had monitored on a constant
basis, they would have caught the issue before it moved to a full blown attack.
Script Kiddies (I refer to them as Kiddie Scripts)
Silly name – in fact the name belies the costly possibility of what can occur to your system.
Generally these are wannabe hackers, but it extends far more than this. Quite often their
information they gain is distributed around their groups, sometimes using the IRC channel,
so that others can either use the information or use it to gain further access to your system.
But these scripts are generally generic in nature, running over hundreds of systems looking
for a way in.
6. Security – A big beat up??
You might be wondering if this is all a big beat up, not worth the time. You might be having troubles
wondering if these scripts and hacks are real. Have a look at this video on
http://enablesecurity.com/products/enablesecurity-voippack-sipautohack-demo/ .
This is a GUI tool they are using but it clearly shows how simple these tools are and how quickly they
can determine a simple password setup.
Now you are probably thinking, fine, I can trace the address it has come from and prosecute them
and get my money back.
Whilst we are looking at a GUI tool in the video from a company that makes tools that you can use to
secure your system, the rest of the hacking world has written their own tools. These tools are faster
and probably even more cunning than what this company has written, which include Random word
generators, number generators, using common defaults, and include looking for known exploits.
These guys are even smarter than this, they don’t run these tools from their own systems, they use
other hacked systems to perform the scans, in other words they have found systems that are less
secure than yours, implemented their Hacking toolkit on it, and let it run. The same when they use
your accounts to make calls, they use other systems to route the calls through your system.
You might be thinking that they can’t make that many calls on your system, but what is actually
occurring is that they are selling your calls (basically known as Toll Fraud). This can be done by calling
cards that people legitimately buy (particular in countries that are not effective to removing this
type of issue), and when they ring the special number before making a call, it is ringing a hacked
VoIP PBX that might connect to up to 40 other hacked PBX systems, and it tries each one until it has
a trunk that works (for instance one or two might be no longer available as their owners had found
them attacked). To the calling card customer, they just notice a longer than normal delay, which is
not uncommon with international calls.
Still don’t believe Elastix systems are on the radar, look at the list of features in the VoIPPack on this
page http://enablesecurity.com/products/voippack/
Pointing this out is not to purposely take a swipe at Enable Security, they just produce products that
allow you as a system owner to check how good your security is. However it does show that this is a
real threat.
Just for the record, I have no association with Enable Security or their affiliates, nor do I own any of
their products. I use them as an example as they have a very good video on how these sort of attacks
can occur.
7. The Basics
Before we move any further forward...lets cover a few basic mistakes that many users make (I’ve
made them as well). These are items that can immediately improve the security of your system, and
should be the first items that you tackle.
Passwords or Secrets
Passwords or secrets as they are called in the VoIP world, is one of the biggest improvements you
can make. One of the biggest issues is that many users make is putting simple passwords on the
system while they are testing, but the system ends up moving from testing to production without a
security review. It’s partly due to the nature of the product, where testing needs to be done on the
real carrier lines, and once this testing is complete, many would rather move forward due to
pressure from the business to get it in.
The first thing to put into place, and this can even done if the system is in production, is reasonable
passwords/secrets on each SIP extension you have implemented. At a guess, more than 70% of
systems implemented need SIP communication with the outside world, so it is absolutely necessary
to implement this measure as it is one of the simplest ways that intruders can hack your system.
These passwords need to be of a reasonable quality, as a guide the following should be used
Passwords Suitability
201 < basically useless – one of the first passwords that they try
94932 < still poor – Script Kiddies will use a rolling number generator and try again
holiday2 < poor – Script Kiddies use a database of common words and add numbers
H883ksd3 <good - a mixture of upper and lower characters and numbers
h17kdi2993FDl29p23e2<great - probably this and the one before would be suitable
It might be painful using these passwords, especially the last one, but use a spreadsheet or there are
a few random password applications out there which are also a database holding these passwords
for you and allow you to add a comment on what they were for.
Believe me, it is far better than having to explain to the boss why $5000 worth of calls have been
made by your system over the weekend. And this is not just a possible, it does happen, I have
witnessed it on several occasions when asked to look at other peoples systems.
I talk about these Script Kiddies and probing your system for an opening. It is possible for them to
send to your system over 40 authentication requests per second, possibly a lot more with multiple
machines, so just a simple number or common word is not that hard to crack and the majority of the
time, you are totally unaware, so the attack can last for days before you might get wind of it. If you
take time to think about it, over a week, they can try 400,000 combinations. It’s not impossible for
them to make a correct guess, especially if you have used weak passwords or passwords based on
English words.
8. It is not the just the possibility of being hacked, but also the possible impact on your Elastix system
and your network. I have seen routers that have not been able to handle the voraciousness of the
attack and to the Network manager, it looks like either his/her Internet or Router has failed. He
reboots his/her router, it works for 20 minutes and it happens all again. Likewise, it almost makes
VoIP trunks useless as the communications is so broken up, or the packet loss makes it sound like
static is on the line.
So far have been speaking about passwords, and in most cases they apply to the extension
passwords/secrets, however, this same rule needs to apply to your Trunks either to your Voice
Provider (VSP) or even other SIP devices such as ATA’s or GSM Gateways. Whilst in Elastix they
appear to be treated as different devices, but to Asterisk they are just another SIP device, and
likewise to the intruder, it is another SIP channel in which they may gain access to your system.
Your VSP may only provide you with a number as a login name, and a number as a password, and to
be honest, this is a little more secure than a simple three digit easily guessable extension number
and a short number as a password, but like anything, see if your VSP has a way of changing the
password to something a little more substantial. Don’t panic if you can’t, we have other measures
we can put in place, but as I mentioned before, the more layers, the harder it is.
Turn off Allow Anonymous SIP
Turn it off!!!!!
Unless you need ENUM functionality, which most do not, you do not need ALLOW ANONYMOUS SIP
turned on. Most businesses have never heard of ENUM (which generally means that there is no
demand for it), at least until it becomes simple to register and even then DUNDI appears to have a
better way of implementing this sort of service, lessening the security implications.
Anonymous SIP is not a huge hole in your system, but if you can think of it, it is basically a Sand Pit
that someone can plug away looking for or trying out vulnerabilities. Why would you want to do
that??? In fact for any client, I ask a client to sign a document stating that they understand the
security implications of this option, before I turn it on.
What’s worse is that users turn this on believing it’s a magical fix for their VSP connection which was
failing up until they did. It didn’t fix anything except open up the front door to allow anyone to walk
in which also included their VSP. It’s especially annoying when you see users (not just Elastix users)
proclaiming it as the fix for many issues, especially connecting to either VSP’s or devices that they
wish to connect to their system.
To be fair, some the device manuals for products that users wish to connect, have very simple
configurations as examples. The issue is that many people follow these examples (which generally
are pure Asterisk configuration file examples), and find that turning on ALLOW ANONYMOUS SIP is
the only way to get it working. The goes for some of the VSP Setups as well. They don’t employ any
authentication (or even simple host IP authentication), and as such, the only way to get the
9. connection working is again turning it on. A quick rule is that not all VSP’s are created equal. I
personally refuse to use any VSP that does not support a basic layer of authentication.
The same goes for devices, if it doesn’t support a strong authentication method I will not use it.
However that said, most VSP’s and devices can employ a strong authentication method, but you may
have to learn how to utilise this method and write a suitable SIP configuration. It may mean that you
have to perform some SIP debugging to see what the device is sending so that you can provide the
correct responses, especially as you implement the authentication. This may sound like hard work,
and for the beginner it is, but truly understanding the security implications of your system will hold
you in good stead.
Now having said this, be careful, especially on production systems with just turning this option back
off, especially if you were not the person who implemented this Elastix system in the first place.
Many have just turned this option off and found that several hours later, they couldn’t make mobile
calls or worse still weren’t getting phone calls coming in because they didn’t realise a VSP or device
was not authenticating properly and was using this ALLOW ANNONYMOUS SIP to work around the
issue. It is best to make this change after normal hours, reboot the system and perform a full range
of tests, including restarting other SIP devices.
Don’t install additional products on your Elastix system unless you really have to
One of the biggest issues I see with Elastix systems is the disregard for security by implementing
products on the Elastix system that compromise security, or even if it is not the product itself, then
the product allows the user to compromise security without knowing it.
I have come across an Elastix system where the system owner had decided to use the Elastix Server
as an FTP Server as well. Someone installed FTP and configured it. What they did was someone used
a well known exploit of that FTP Server to give themselves root access to the entire system. Not only
did they get root access, but they installed a hackers toolkit onto the system. Naturally this spent
many months searching for other PBX systems to hack, reporting back to an IRC channel with any
system that it hacked with all the details. In the meantime, the reliability of their PBX suffered and as
did their internet connection (and they got charged for excess Internet). Their IT Providers response
was to disconnect the IP PBX system for 5 minutes and reconnect. It gave them a reprieve for a few
hours, maybe a day or so, but off it went again. These toolkits are not stupid they also have a sleep
function, which activates on a regular basis, which can also include when it recognises the
environment changes (e.g. reboot or cable disconnection)
Installing Webmin is another issue. It is such a powerful package that requires rights to the system.
The Internet is covered with issues relating to hacks taking place on Webmin, and to Webmin’s
credit many of them do not appear clearly successful, however the product itself allows the
inexperienced user to make changes to the system without considering the ongoing security
implications or understanding them. Some say they install it to get the mail working, or to
implement IPTable firewalling. If you need this product to perform these tasks, then I strongly
recommend that you take the time to learn how to perform this at the configuration level.
10. Use the Permit/Deny options in FreePBX/Unembedded FreePBX.
As you can see, you have the ability to add the range of IP addresses that you will allow the phones
to connect from. The DENY line as it is set above disallows all addresses (classic deny all then allow
specific). The permit line is set to allow only a SIP device the local network to connect to this
extension.
The same goes for access to the Asterisk Management Interface (AMI) which is set by the Asterisk
API manager in FreePBX (tools). Only allow the addresses that you need to access the AMI interface,
using the same Permit/Deny options.
That covers some of the basics that you can implement almost immediately and will provide a
greater level of security than you had previously. They don’t involve a high level of skill to
implement, they don’t involve you having to install any additional software, and realistically they
should take very little time to implement.
We will now move onto some of the more advance ways of increasing your security
11. Advanced Security Measures
Perimeter Firewall / Router
First of all, let me be very clear, not all routers/firewalls are created equal. The number of people
who have good intentions of setting up a Firewalled Elastix system, but ending up opening their
router/firewall to get their Elastix system working reliably. And it happens this way because their
“tested” system went into production, and a day or so later (sometimes the same day), started
dropping calls or worse still not receiving calls at certain times of the day. This is generally attributed
to being forced to setup of Port Forwarding (Static NAT). If you are not sure what I mean, can I
recommend you read the section at the end of this document titled “A simple guide to SIP and
interaction with Firewall/Routers”
What this means however, to make your system reliable, is that you are opening up the ports for
basically anyone to try and connect to your system. Especially as SIP is generally defined as a single
port number (5060), all these Script Kiddies need to do is probe away at your Router, find the port
5060 open, and they probe for the next few days, generally without your knowledge.
Generally for your Elastix system, when you are having problems with NAT, on the forums, they
recommend to forward 5060-5084(SIP - UDP) and 10000-20000(RTP - UDP). However, you only need
to forward 5060 for SIP if you are using an Elastix system (even for multiple conversations). The RTP
ports 10000-20000 are needed as these are used as standard by Asterisk based distributions. These
can be limited based on how many concurrent calls you expect, and you can make changes to one of
the Asterisk configuration files for RTP, but seriously, you have to open at least some, so why not
leave it at the standard expected by Asterisk, and concentrate on other security measures.
These other security measures are by utilising your Firewall function of your Router/Firewall. NAT by
itself is not a true firewall but it can end up performing many of the same functions. Generally NAT
by itself has no packet filtering, it checks the header to see what port it requires, and if a NAT rule is
in place, it forwards it to whatever address you provided in the rule. Most good router/firewalls
provide port forwarding (NAT) and also a Firewall as well. A good firewall will allow you to block or
pass packets based on port number, destination address, source address and what IP type
(TCP/UDP), and generally both ways (in and out)
With a Firewall/Router that provides proper firewall capability, means that even though we have
opened up the ports needed for SIP and RTP, we can restrict them to what addresses they
communicate with. Now this requires a bit of research on your VSP’s website,or possibly an email to
your VSP to find out the public addresses that your VSP uses for their SIP Servers. Don’t just assume
that the one you are connected to is the SIP Server address that you need. Some good VSP’s use
multiple servers for redundancy, and may be using a round robin DNS to balance out the load.
With these addresses, you can now use your firewall to only allow SIP and RTP to come from those
addresses on those particular ports. To anyone else trying to access these ports, they will see the
ports closed, which is exactly what we want.
So take the time with your router/firewall and learn how to use the firewall function. If your
router/firewall does not have this firewall ability, then look to invest in a better router/firewall.
12. I thoroughly recommend using a perimeter firewall. It makes plain sense not to even allow the
attacker inside your network to give them any opportunities. Furthermore, with good change
practices in place, you can do what you like inside your network knowing that the perimeter firewall
is in place and unchanged, protecting you at all times.
Alternatively if you cannot implement a perimeter firewall, wait for Elastix 2.04 which has a GUI
Based firewall based on IPTABLES built in, which is covered briefly in the next section.
Elastix Firewall (This is in Elastix 2.04 which is currently Beta at the time of writing)
As of Elastix 2.04, Elastix has a GUI Based IP Tables Firewall. Many commercial Firewall products rely
on IP Tables as the basis of their firewall, and the developers have done a great job of implementing
an IP Tables firewall with a very nice looking Web Based GUI.
Personally, I prefer to use a perimeter based dedicated Firewall as the first line of defence, but if you
haven’t got this capability, then the built in Elastix firewall in 2.04 is the next best thing. Or if you
want, use a perimeter based firewall as well as the Elastix firewall, it adds that extra layer of security
which I always recommend.
Below is a screenshot of the Firewall GUI that is in Elastix 2.04. The Elastix developers have made it
easy by implementing a default set of rules which activate when you activate the firewall. It covers
all of the communications rules needed for the products currently included in Elastix. Just be aware
that it has a few GUI bugs and there is a rule missing to allow YUM and Freepbx updates, but that’s
why it is in Beta. But when it is released as stable, it is a fantastic tool to use.
13. Adding a new rule is simple as per the screen shot below, and for anyone that knows how to
implement IPTABLE rules, they will find this extremely easy to follow.
If you can’t wait for the Elastix Firewall product, then you can implement this same security by using
IPTABLES at the Linux command prompt and manually configuring the configuration files. To try and
turn this guide into an IPTables implementation guide is beyond the scope of this document, but on
the Elastix forums, you will find numerous posts on how to implement IPTables manually, as well as
hundreds of guides on how to best implement IPTables rules.
Fail2ban
Fail2ban is a very unique tool in that it attempts to identify Brute Force and Script Kiddie break-in
attempts and then implement rules automatically to block these attempts. This all occurs
automatically and is without your intervention.
It actually fulfils a role of both active blocking and monitoring of these attack attempts.
With Fail2Ban, it monitors the number of failed authentications from a particular IP address. If failed
authentication attempts matches the number set as part of the Fail2Ban configuration, then it blocks
that IP address for a preset time. This generally causes these Script Kiddies to look for another
system to attempt to break into. Likewise these dictionary attacks mean that they only manage to
try three login/passwords every 10 minutes, instead of 40-50 per second on a system without
Fail2ban. The chances of someone successfully guessing your login and passwords on your system
are greatly diminished.
Fail2ban works in conjunction with IPTables, so you need to setup your IPTables first. Elastix is also
introducing a Web Based GUI for Fail2Ban very shortly to complement their IPTables GUI, but as yet
is not in beta, but I suspect it won’t be too long. Again the forums have info on implementing this
manually if you can’t wait.
14. Other Security Measures
Changing the default port for SSH
One of the most common areas targeted for attack is Elastix systems with Port 22 exposed to the
world. Some will sit back and ask why you would do such a thing, others feel that they can’t do
without it, for remote access. Personally I wouldn’t leave it open, but if you really have to, then
change the standard port number.
This is a relatively simple thing to do and in the example below I am changing the SSH port to 6222
Add a line in the file /etc/ssh/sshd_config:
Port 6222
Reload sshd by
service sshd reload
This will has now changed the port to 6222 for SSH, and while this is not foolproof, it implements
one of the layers I spoke about called Obfuscation, by not providing the attackers with a roadmap.
Change the landscape that they are expecting, and reduce the chances of being attacked.
Utilising VPN’s where possible especially for remote Phones
More and more Firewall/Routers have the capability to act as a VPN Endpoints. What this means is
that you can implement a secure VPN between your Network (where PBX is situated) and the
Network at the other end (where the Remote Phone is located).
Alternatively, you could implement OPENVPN on your Elastix system, and select Yeastar T28 phones
as your remote phones which have a OPENVPN Client built into them. What this means is that you
can select any port on your Router/Firewall for the VPN to come through on. This has the benefit in
that you have to worry little about the infrastructure at the remote end, knowing that you can pre-
configure a phone and let them install it.
It might sound like a bit of work, but it comes down to how serious you are about protecting your
Elastix system from attack.
15. Monitoring
For many Elastix users, once they have implemented their firewall or other security measures, they
sit back believing everything is covered. They might have spent a day monitoring it to make sure no
mistakes have been done, but after that, it does not get a thought until something goes wrong, or
appears to be going wrong, or they had a lazy afternoon and decided to have a look.
Like backup systems, you can’t just assume that the backup is working, only to find out when you
need it most, that the backups haven’t been working for several weeks. The monitoring of your
Elastix PBX is just as important
You need to set a regular procedure to check the logs to monitor for these possible attacks. It won’t
take long, but you need to do it regularly.
One of the log files that you need to review on a regular basis is found at
/var/log/secure
The above example shows someone attempting to break into the system via SSH. You can see the
users names that they are trying, and this case they are trying common user names using on
Unix/Linux systems.
You will find the archived logs named secure.1, secure.2 and so on. If your system is under heavy
attack from one of these Script Kiddies, then you may find that these archived files may contain
attack attempts just from the one day.
Another file to check regularly is
/var/log/audit/audit.log
This shows the login successes and failures. This is basically the Linux audit system. You mainly are
looking for unusual login failures which will give you an idea that your system is under attack.
16. Appendix 1 - A simple guide to SIP and interaction with Firewall/Routers
For many users, their first need to fully understand Network Address Translation (NAT) on their
Firewall/router has been forced by the use of SIP by their Elastix system. The reason why they need
to understand it is because it is probably the first application where, in most cases, the standard
dynamically created NAT doesn’t always work. Dynamically created NAT is where your router
understands that you have initiated a conversation from within your own network, and the router,
for a predetermined time opens up the port to the outside, to allow the traffic back in from that
address that you commenced the conversation with.
The reason why SIP via Network Address Translation (NAT) fails is due to the fact that IP telephony
(utilising SIP) does not just use a single port like many applications. It is actually a two way
negotiation, where within that negotiation (SIP Protocol), they decide what ports they are going to
stream the audio conversation (RTP) on. For the vast majority of routers/firewalls, they do not
inspect the SIP packets and therefore do not open up the ports dynamically.
The other major reason for failure of SIP utilising NAT is due to the NAT Sessions collapsing due to
the lack of SIP Traffic when a conversation is taking place. This predetermined time can vary from
router to router, it can vary whether your router is hard set with this timeout, or you have a setting
on how long the NAT session lasts after the traffic has ceased (e.g. Cisco Routers) . How many
forums have you read where someone says their call drops after 3 minutes, or their call drops after
10 minutes. This normally comes down to the router having collapsed the dynamically created NAT
session. Why does it close this session?? Generally it’s because no further traffic was received either
way on the SIP Port, which can happen, as now all the traffic is on the RTP Port and only very
occasionally a SIP packet might be generated from the either system (Elastix or your VSP). Most
connections use a PING/PONG Keepalive, which generates SIP traffic which keeps the NAT Session
alive, but not all.
It is generally (but not always) these combination of conditions that cause these dropouts. So for
these modems, we need to implement Port Forwarding (Static NAT) to tell the router where to
redirect these conversations to.