The document discusses common cybersecurity mistakes and attacks, emphasizing vulnerabilities related to VoIP systems such as eavesdropping, DoS attacks, and identity spoofing. Security measures like strong password policies, proper firewall configuration, and VPN usage are recommended to mitigate risks. The importance of regular updates, limited access rights, and having a backup plan is also highlighted.

2. Your Hosts
Markus Ehlers Raiko Schulz

3. Agenda
•Common mistakes
•Common forms of attack
•Counter measures

4. •Unsafe passwords
•Missing firewall
•Public IP address
•Port forwarding instead of VPN
•Unencrypted telephony
•No strict call rights and limitations
•Access rights not limited
•Unused IP services and devices still being connected
•No backups
•Missing plan B
10 Common Mistakes

5. Common Cyber Attacks
Denial of
Service
Eavesdropping
SPIT
Toll Fraud
Man-in-the-
Middle Attack
Flooding
Infrastructure
Hijacking
Infrastructure
Highjacking
High Phone BillIdentity Highjacking
Brute Force
Attack
ARP Poisining
Bot Net
IP-Spoofing

6. •Much easier with VoIP
•No separate phone lines
•Aiming for log-in data and internal information
•Man-in-the-middle Attack
•ARP-Poisoning targeting Address Resolution Protocol
•Hijacking standard gateways and DHCP-Spoofing
•Infrastructure Hijacking
Common Cyber Attacks
Eavesdropping

7. •Port-scan followed by Brute-Force Attack
•Man-in-the-Middle Attack and Identity Spoofing
•Attacker faking identity to gain internal information or for fraud
•Expensive oversea calls, hotline and service numbers
Common Cyber Attacks
Fraud

8. •Spam-over-Internet
•IP PBX gets hijacked to act as a bot
•Forged RTP Packets
•Very difficult to back-trace and to oppose
•Identity Spoofing and Bot networks
•Content filter acts too late
•May only help in time for voicemail messages
Common Cyber Attacks
SPIT

9. •(D)DoS Attacks
•Aiming for malfunction of a system
•IP Spoofing to keep attacker hidden or to
•Overload victims with response packages
Common Cyber Attacks
Denial-of-Service

10. •Company guideline for network safety
•Regular review and update
•PBX and network security
•All network devices need to be secured!
Security Measures

11. •Letters, digits, special characters
•At least 8 characters
•No words nor name
Security Measures
Secure Password
admin
password
0000
1234
4321
askozia
aizoksa
8C+inL6B}4_k
Qu3F6b?!1Q_c
t!88_u7V.dLN
1@i+yY{L97Km

12. •Protection against DDoS and Brute Force attacks
•Blocking ports for the internet, intranet or LAN
•Packet filter
•Network Address Translation (NAT)
•Avoid port forwarding
Security Measures
Network Firewall

13. •IPtables, application-based
•Blocking ports for the internet, intranet or LAN
•Additional protection for your PBX
•Fail2Ban
Security Measures
Askozia Firewall

14. Security Measures
Fail2Ban
•Featured by Askozia firewall
•Further protection against Brute Force attacks.
•Blocking IPs that repeatedly use incorrect log-in data
•Preventing attackers from guessing an internal number
•alwaysauthreject = yes.
•Responses are always the same for both correct and incorrect user data

15. •Blocking or accepting certain numbers
•For example:
•Blocking certain numbers from calling through a provider
•Adding certain numbers as exceptions to Fail2Ban
Security Measures
Blacklist / Whitelist

16. •Instead of port forwarding!
•To prevent Bots, DDOS, Brute Force and Man-in-the-Middle attacks
•A poorly configured firewall is as good as no firewall
•Same subnet ensures better audio transmission
•Calls are encrypted
Security Measures
VPN Tunnelling

17. •NGN ports (New Generation networks)
•Virtual Local Networks (VLAN)
•Divides physical networks into logical subnets
•Within a switch or a network
•VLAN-capable switches keep data within the subnet
Security Measures
Separate Telephony and Data

18. •Man-in the-middle
•Receives requests and establishes connection
•No direct communication between two parties
•Costly
Security Measures
SIP Proxy

19. •Secure web server (HTTPS)
•Secure SIP (SIPS) and Secure RTP (SRTP)
•Protection against eavesdropping
•Certificates can be created or uploaded in AskoziaPBX
Security Measures
Encryption

20. •Restrictive dial patterns
•Prevent calls to other countries and national numbers with high charges
•Limit number of calls to other countries
•Limit call duration
•Block calls if thresholds are exceeded and attack seems likely
•VoIP prepaid credit
Security Measures
Call Rights

21. •Access to the network should be a privilege
•Only required and actually used IP devices
•Access rights limited to actual requirements
•In Askozia: Statistic Users, Client User Interface, etc.
•Not every user needs administration rights!
Security Measures
Access Privileges

22. •Enforce your security guidelines
•Regular review and updates
•Keep all IP devices and services up-to-date
•Don’t miss firmware and security updates
Security Measures
System Hardening

23. •There is no absolute safety
•What if a system still fails?
•Regular backups
•Premium Replacement or
•High Availability
Security Measures
Have a Plan B

24. Discover more
Have a look at our white papers and previous webinars!
askozia.com/casestudies
youtube.com/askozia

25. Questions?
Time to wake up!
markus.ehlers@askozia.com