This document discusses securing Asterisk PBX systems and outlines typical threats such as call stealing and server intrusion. It describes how attackers can scan for PBX servers, find extensions, and crack passwords to steal calls via SIP/IAX2. The document then provides recommendations for protecting PBX servers, including using SSH key authentication, separating voice and data networks, restricting HTTP access, and using strong unique passwords. It also recommends fail2ban and Snort for intrusion detection and prevention.
In this presentation, you'll learn how to get started with bandwidth monitoring tool, NetFlow Analyzer.
Topics covered:
1. Configuring flow export from network devices
2. Traffic group
3. Application mapping
4. In-depth traffic visibility
5. Threshold-based alerting
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
In this presentation, we will discuss how branch controllers work and run through different deployments examples in 6.x and 8.x.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Manage-Devices-at-Branch/td-p/351983
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Talk given at ClueCon 2016 that discusses FreeSWITCH and its place in a microservices architecture. Covers a specific deployment case using Docker and Adhearsion, along with certain features that make FreeSWITCH a model use-case for such a technology stack.
Kamailio combined with Asterisk creates and incredibly robust and durable VoIP framework. With scalability and security, adding Kamailio to an asterisk deployment makes sense and saves money.
In this presentation, you'll learn how to get started with bandwidth monitoring tool, NetFlow Analyzer.
Topics covered:
1. Configuring flow export from network devices
2. Traffic group
3. Application mapping
4. In-depth traffic visibility
5. Threshold-based alerting
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
In this presentation, we will discuss how branch controllers work and run through different deployments examples in 6.x and 8.x.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Manage-Devices-at-Branch/td-p/351983
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Talk given at ClueCon 2016 that discusses FreeSWITCH and its place in a microservices architecture. Covers a specific deployment case using Docker and Adhearsion, along with certain features that make FreeSWITCH a model use-case for such a technology stack.
Kamailio combined with Asterisk creates and incredibly robust and durable VoIP framework. With scalability and security, adding Kamailio to an asterisk deployment makes sense and saves money.
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
BGP Multihoming Techniques, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Multihoming Techniques (Part 1 and 2) sessions on 24 February 2016.
Scaling FreeSWITCH to high cps and number of concurrent calls.
You'll learn about how the FreeSWITCH internals work and how to tweak them to improve different call scenarios. You'll learn about OS and environment changes that can help to remove bottlenecks and ensure audio quality.
This presentation illustrates a number of techniques to smuggle and reshape HTTP requests using features such as HTTP Pipelining that are not normally used by testers. The strange behaviour of web servers with different technologies will be reviewed using HTTP versions 1.1, 1.0, and 0.9 before HTTP v2 becomes too popular! Some of these techniques might come in handy when dealing with a dumb WAF or load balancer that blocks your attacks.
Presented @ BSides Manchester 2017 & SteelCon 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
Homer is an Open Source tool for real-time analysis and monitoring of VoIP and RTC platforms. It supports all the major OSS voice platforms, it's modular, easy to install and scales to carrier-grade infrastructures. Homer goes beyond collecting and correlating signalling and logs, and can also capture RTCP reports, QoS reports, and other events. Through an ElasticSearch endpoint, Homer supports BigData analysis of traffic.
This workshop focuses on the deployment of a multi-node Homer framework with various approaches: bash installers, Docker containers, Puppet.
We'll see how to configure Kamailio, FreeSWITCH (including the ESL interface), RTPEngine, Janus gateway (Events API), to collect signalling, RTCP reports, app-specific events and have them correlated and presented in a user-friendly GUI.
For advanced users, we'll present the installation of captagent, the standalone capture agent, hepgen.js to generate test traffic, and a Wireshark dissector to have full visibility of data flows.
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
Mike Herbert, Principal Engineer INSBU, at Cisco Connect Toronto focused on the integration and interoperation of existing nexus networks into an ACI architecture.
https://2018.zeronights.ru/en/reports/reverse-proxies-inconsistency/
Modern websites are growing more complex with different reverse proxies and balancers covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a cybersecurity point of view. I have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, I will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.
Departed Communications: Learn the ways to smash them!Fatih Ozavci
Unified Communications (UC) is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. These services also have key roles in the IP Multimedia Subsystem (IMS) implementations of next generation mobile networks. As a result of these, customers require unified collaboration; and the telecommunications industry offers managed communications services and infrastructure using UC and IMS technologies. These offerings also come with design issues, well-known security vulnerabilities and legacy services.
Security testing of communication networks, however, is underestimated, and mostly under-scoped. Due to the lack of time and resources, the results of the security tests are only providing a security illusion. On the other hand, the advanced VoIP and UC attacks can be much faster and efficient with a proper methodology used. Therefore, this talk aims to improve the testing skills of the assurance teams for better penetration testing results. The theme of the talk is on transferring the VoIP and UC knowledge from a phreak to penetration testers. This will be performed through practical attack demonstrations, testing tips and automated actions.
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
In this presentation, we will cover an overview of ArubaOS 8.x Licensing from Supported/ Unsupported Topology to Server Failover behaviour and license generation and transfer.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-How-Licensing-works-in/td-p/306162
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
BGP Multihoming Techniques, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Multihoming Techniques (Part 1 and 2) sessions on 24 February 2016.
Scaling FreeSWITCH to high cps and number of concurrent calls.
You'll learn about how the FreeSWITCH internals work and how to tweak them to improve different call scenarios. You'll learn about OS and environment changes that can help to remove bottlenecks and ensure audio quality.
This presentation illustrates a number of techniques to smuggle and reshape HTTP requests using features such as HTTP Pipelining that are not normally used by testers. The strange behaviour of web servers with different technologies will be reviewed using HTTP versions 1.1, 1.0, and 0.9 before HTTP v2 becomes too popular! Some of these techniques might come in handy when dealing with a dumb WAF or load balancer that blocks your attacks.
Presented @ BSides Manchester 2017 & SteelCon 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
Homer is an Open Source tool for real-time analysis and monitoring of VoIP and RTC platforms. It supports all the major OSS voice platforms, it's modular, easy to install and scales to carrier-grade infrastructures. Homer goes beyond collecting and correlating signalling and logs, and can also capture RTCP reports, QoS reports, and other events. Through an ElasticSearch endpoint, Homer supports BigData analysis of traffic.
This workshop focuses on the deployment of a multi-node Homer framework with various approaches: bash installers, Docker containers, Puppet.
We'll see how to configure Kamailio, FreeSWITCH (including the ESL interface), RTPEngine, Janus gateway (Events API), to collect signalling, RTCP reports, app-specific events and have them correlated and presented in a user-friendly GUI.
For advanced users, we'll present the installation of captagent, the standalone capture agent, hepgen.js to generate test traffic, and a Wireshark dissector to have full visibility of data flows.
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
Mike Herbert, Principal Engineer INSBU, at Cisco Connect Toronto focused on the integration and interoperation of existing nexus networks into an ACI architecture.
https://2018.zeronights.ru/en/reports/reverse-proxies-inconsistency/
Modern websites are growing more complex with different reverse proxies and balancers covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a cybersecurity point of view. I have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, I will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.
Departed Communications: Learn the ways to smash them!Fatih Ozavci
Unified Communications (UC) is widely used by larger organisations for video conferences, office collaboration, cloud services and mobile communications. These services also have key roles in the IP Multimedia Subsystem (IMS) implementations of next generation mobile networks. As a result of these, customers require unified collaboration; and the telecommunications industry offers managed communications services and infrastructure using UC and IMS technologies. These offerings also come with design issues, well-known security vulnerabilities and legacy services.
Security testing of communication networks, however, is underestimated, and mostly under-scoped. Due to the lack of time and resources, the results of the security tests are only providing a security illusion. On the other hand, the advanced VoIP and UC attacks can be much faster and efficient with a proper methodology used. Therefore, this talk aims to improve the testing skills of the assurance teams for better penetration testing results. The theme of the talk is on transferring the VoIP and UC knowledge from a phreak to penetration testers. This will be performed through practical attack demonstrations, testing tips and automated actions.
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
In this presentation, we will cover an overview of ArubaOS 8.x Licensing from Supported/ Unsupported Topology to Server Failover behaviour and license generation and transfer.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-How-Licensing-works-in/td-p/306162
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
As presented at LinuxCon/CloudOpen 2015 Seattle Washington, August 19th 2015. Sagi Brody & Logan Best
This session will focus on real world deployments of DDoS mitigation strategies in every layer of the network. It will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. The session will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically can be done to offer protection at every layer. The session will offer insight and examples from both a business and technical perspective.
We present findings in addition to the work in the following analyses.Worm Backdoors and Secures QNAP Network Storage Devices. https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Shellshock Worm Exploiting Unpatched QNAP NAS Devices https://threatpost.com/shellshock-worm-exploiting-unpatched-qnap-nas-devices/109870
A little ShellShock fun http://jrnerqbbzrq.blogspot.com/2014/12/a-little-shellshock-fun.html
This is what we found, missing pieces from previous researches.
Most research and publications talk about layer 2 issues when it comes to VoIP. Over here we talk about VoIP security flaws that can be exploited without having physical access to the target network, i.e. attacks that can be, and are being launched through the Internet.
This is my presentation from Denver Startup Week 2016 on security for applications and servers. This presentation covers everything you need to know about securing a Linux server and your application.
Similar to Securing Asterisk: A practical approach (20)
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1. SECURING ASTERISK;A PRACTICAL APPROACH
SUMAN
KUMAR
SAHA
Manager,
System
Administra6on
Dhakacom
Limited
suman@dhakacom.com
2. AGENDA
§ Typical Threats Overview
§ Call stealing
§ Compromising the server
§ How to Protect the PBX
§ SSH communication
§ Separating data & voice
§ HTTP communication
§ Passwords
§ etc.
3. TYPICAL THREATS
§ Stealing of calls via:
§ telephony
§ VoIP trunks
§ SIP
§ IAX2
§ Compromising the Linux server via SSH/HTTP
4. STEALING CALLS VIA TELEPHONY OR VOIP TRUNKS
§ Disable the option of uncontrolled trunk-to-
trunk calls
§ DISA (Direct Inward System Access)
§ use long passwords
5. STEALING CALLS VIA SIP / IAX2: STAGE 1
§ Find PBX IP address and port number
§ Suggested tools:
§ nmap (http://nmap.org/)
§ svmap (http://code.google.com/p/sipvicious)
$ ./svmap.py 192.168.0.1/24
| SIP Device | User Agent | Fingerprint |
--------------------------------------------------------------------------
| 192.168.0.61:5060 | Asterisk PBX 1.6.2.| Asterisk / Linksys/PAP2T-3.1.|
| 192.168.0.185:5060 | Yealink SIP-T28P 2.| AVM or Speedport |
| 192.168.0.124:5060 | Grandstream GXP2000| Grandstream phone |
| 192.168.2.4:5060 | Yealink SIP-T26P 6.| AVM or Speedport |
| 192.168.0.184:5060 | Yealink SIP-T22P 7.| AVM or Speedport |
| 192.168.0.134:5060 | YATE/2.2.0 | AVM or Speedport |
7. STEALING CALLS VIA SIP / IAX2: STAGE 2
§ Find a PBX extension
§ svwar (http://code.google.com/p/sipvicious)
§ Attacker tries to differentiate between
existing/non-existent extensions
§ SIP response to a REGISTER/INVITE/OPTION
request analysis could be used for it
9. STEALING CALLS VIA SIP / IAX2: STAGE 3
§ Find the password
§ svcrak (http://code.google.com/p/sipvicious)
§ When PBX is attacked there are many warning
messages in the Asterisk log:
[Jun..
for
] NOTICE[30940]
'192.168.0.192'
chan_sip.c: Registration
- Wrong
password
from '"308" failed
[Jun..
for
] NOTICE[30940]
'192.168.0.192'
chan_sip.c: Registration
- Wrong
password
from '"308" failed
[Jun..
for
] NOTICE[30940]
'192.168.0.192'
chan_sip.c: Registration
- Wrong
password
from '"308" failed
[Jun.. ] NOTICE[30940] chan_sip.c: Registration from '"308" failed
for '192.168.0.192' - Wrong password
10. STEALING CALLS VIA SIP / IAX2: STAGE 3
./svcrack.py -u1001 9.9.9.9
WARNING:ASipOfRedWine:could not bind to :5060 - some
process might already be listening on this port. Listening on
port 5061 instead
| Extension | Password |
------------------------
| 1001 | 1001 |
11. STEALING CALLS VIA SIP / IAX2: STAGE 4
§ The PBX has been conquered
§ A malicious user has registered an extension
and makes calls for free
§ In many cases this will be discovered only
when the next telephone bill is received
12. COMPROMISING THE LINUX SERVER
§ An Asterisk server is a regular Linux machine
that can also be compromised
§ Malware (viruses, trojan horses etc) may
infiltrate via different Linux networking
services such as SSH or HTTP
13. HOW TO PROTECT THE PBX
§ There are countless methods to “harden” a
server against attack
§ Each method has its price
§ 99% of attacks are “simple” attacks, and
there are simple means to prevent them
14. SSH COMMUNICATION
§ Use public/private key authentication instead of
password authentication
§ Create a user account and disable log in as 'root':
§ /etc/ssh/sshd_config
§ Then it will be possible to connect to the PBX as a
non-'root' user, and then become a “super-user”:
§ ssh john@my-pbx-ip -p 4245
§ su -
§PermitRootLogin no
§ or
§
PermitRootLogin without-password
15. SSH COMMUNICATION CONT’D
§ Restrict the source IP addresses that are
allowed to access the server
§ Don't use the default SSH port (22/tcp)
a. arrange port forwarding on the NAT router
or
b. change the listening port in the PBX SSH
server configuration:
• /etc/ssh/sshd_config
• #Port 22
• Port 4245
16. SEPARATING DATA & VOIP NETWORKS
§ Some customers with higher security
requirements separate the VoIP network
from the data network
§ Dedicated cabling network not required;
VLAN technology may be used instead
§ Helps prevent company data servers from
direct access from potentially vulnerable
VoIP devices
17. HTTP COMMUNICATION
§ Don't expose the PBX Web server to the
Internet
§ Use SSH tunneling for the PBX Web-based
management interface
§ Windows users can create SSH tunnels very
easily using PuTTY
19. SECURE VOIP COMMUNICATION
§ Don't expose SIP and IAX2 ports unless
absolutely necessary
§ Use IP restriction for internal VoIP extensions
§ Allows use of weak passwords or no passwords
for the internal extensions
§ Use strong passwords for remote extensions
20. LAN-ONLY REGISTRATION FOR EXTENSION
#
vim
/etc/asterisk/sip.conf
Deny=0.0.0.0/0.0.0.0
Allow=192.168.0.0/24
21. INTRUSION DETECTION OPTIONS
§ It is possible to use a network intrusion
detection system
§ Fail2Ban (http://www.fail2ban.org)
§ Scans the log files and updates firewall rules
to reject the IP address
§ Snort (http://www.snort.org)
§ Powerful network intrusion prevention and
detection system (IDS/IPS)
22. FAIL2BAN FEATURES
§ Log-based brute force blocker
§ Runs as daemon
§ unlike cron-based tools, no delay before taking action
§ can use iptables or TCP Wrappers (/etc/
hosts.deny)
§ can handle more than one service: sshd, apache,
SIP traffic etc.
§ can send e-mail notifications
§ can ban IPs either for a limited amount of time or
permanently
23. FAIL2BAN USAGE
[asterisk-iptables]
# if more than 4 attempts are made within 6 hours, ban for 24
hours
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=suman@dhakacom.com,
sender=fail2ban@dhakacom.com]
logpath = /var/log/asterisk/messages
maxretry = 4
findtime = 21600
bantime = 86400
25. SNORT FEATURES
§ Sniffer mode
§ Logger mode
§ NIDS mode
§ Can capture and analyze traffic for several
servers
§ Intrusion prevention mode
§ Extremely mature system; actively developed
since 1998
26. SNORT USAGE
Packet sniffer: Snort reads IP packets and
displays them on the console.
#./snort -vd
Packet Logger: Snort logs IP packets.
#./snort -dev -l /var/log/snort
Intrusion Detection System: Snort uses rule sets
to inspect IP packets. When an IP packet
matches the characteristics of a given rule,
Snort may take one or more actions.
27. SNORT NIDS MODE
To run Snort for intrusion detection and log all
packets relative to the 192.168.10.0 network,
use the command:
snort -d -h 192.168.10.0 -l -c snort.conf
28. SUMMARY
§ Types of threats
§ Call stealing
§ Intrusion
§ Best practices
§ Protecting the PBX
§ Detecting attacks quickly