SlideShare a Scribd company logo

VoIP Security 101 what you need to know

Download as PPTX, PDF
E
Eric Klein

As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup. Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.

Technology
1 of 41
VoIP Security 101 - What You Need to Know ERIC KLEIN, VP OPERATIONS http://www.greenfieldtech.net
My name is Eric Klein 2 VoIP Fraud Prevention evangelist Startup advisor and enthusiast Author, blogger for Technology and travel • Security chapter out this week • 1st novel in edit A Little about myself… Relatively new grandfather (photos upon request)
3 Passionate about delivering the right telecom solutions Greenfield provides creative high-end solutions and services for telecom operators, enterprises, and start-ups. We enjoy making tech dreams a reality – by developing and delivering simple, feasible, affordable and reliable solutions to challenges that seem ‘impossible’. We believe that in order to help you achieve your goals, we must fully immerse ourselves in your business and see ourselves as a part of your organization. We sometimes speak out when other consultants would not, with your best interests in mind.
Who is Attacking 4
5 – low risk, high return crime Organized Crime – use the funds to fund more terror Terrorists - for fun and bragging rights (think Steve Jobs) Kids - As a fully outsourced service for criminal or terrorist organizations Hackers for hire Who is out there looking for your phone? Who is Attacking
How Much Are They Attacking Source: www.cfca.org/fraudlosssurvey/ Next report should come out in November 2017 6
7 Key Findings • 2015 Global Fraud Loss: $38.1 Billion (USD) annually • 89% of operators surveyed said fraud losses had increased or stayed the same as previous year • Top 5 Fraud Methods: • $3.93 B – PBX Hacking • $3.53 B – IP PBX Hacking • $3.53 B – Subscription Fraud (Application) • $3.14 B – Dealer Fraud • $2.55 B – Subscription Fraud (Identity) Source: www.cfca.org/fraudlosssurvey/ This means you or your customers can be hit.
Where do they call? Source: www.cfca.org/fraudlosssurvey/ 8 Do you need to allow traffic to these destinations?
9 What They Get From Attacking Easy cash from: Free phone calls at your expense Reselling phone services Cash from Premium calls (1- 900) where they get revenue share In very rare cases – Bragging rights (but now that is mostly history)
1 0 Fast and Furious They were Fast and He was Furious: Story was told by audience member at Security Panel on the last day of Astricon 2011 in Denver A customer called and asked for default password as they wanted to configure their PBX and connect to the internet He gave them the password and then connected to the PB himself to watch what would happen In under 10 min. the PBX was found and hacked, with new extensions created and outbound calls being made So how did they find this PBX?
How they find you? 11
Internet Census  50 GB of data Collected and published  Collected by using bots on unsecure internet devices (default username/password)  If one client scans ten IP addresses per second, it requires approximately 4000 clients to scan one port on all 3.6 billion IP addresses of the Internet in one day  They used ~420K Clients Botnet distribution shown Source: http://internetcensus2012.bitbucket.org/paper.html 12
Be Careful in What You Advertise Which is scarier: Exposing that you are accessible via Port 22 or port 80? 13
Shodan Found: 11,192,438 for SIP devices By using a simple Google Like search 14
Be Careful in What You Advertise Why make it easy for them to not only find you, but to know what you are running? Do you want to let them exploit known security holes or default passwords? 15
• SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools: • svmap This is a sip scanner. When launched against ranges of IP address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. • svwar Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users • svcrack This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords. • svreport Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text. (Lists SIP devices found on an IP range) (Identifies active extensions on a PBX) (An online password cracker for SIP PBX) 16
What can you do? 17
1 8 Hardening your system Basic methodologies and best practices for configuring Asterisk PBXs. What have we learned from monitoring and auditing Asterisk PBXs and how can you avoid the common mistakes?
Lets start with the Corporate level 19
2 0 Common Policy Problems Incomplete, Non-existent, Unenforced Password Policies Server / PBX Passwords Multiple PBXs using the same password Root access and web client interface using the same password (if any) Phones and Extension Passwords Default Password on the PBX (or GUI) Identical or default SIP passwords for all phones Identical or default Voicemail passwords for all extensions No Update Policy PBX Software Phone Firmware No Mailbox Polices Who/what extensions get voicemail When to close them No Allowed / Denied Destines Policies Do all employees need to call all countries? Who does / does not? No Policy To Monitor Phone Usage / Activity
2 1 Internal Fraud the Worst Do you need a courtesy phone? Does it really need long distance dialing? Does it really need international dialing? Does it really need a voice- mailbox? What about break room, copy, or conference rooms? Do you need these 24 x 7?
2 2 Be aware of the problem Harden your system Set proper policies Does everyone need it (international calls, call via PBX, etc.)? Who needs it? Why and is there a better solution or security option? Lock things down if they are not needed Don’t allow pass through dialing (unless needed, and then limit it) Use multi-layer solutions Use audit and monitoring solutions
2 3 Don’t Use Default Passwords Why make it easier for them? Look to use harder to hack passwords/phrases Longer is better (they now have a bot that can crack a 4 digit cell phone screen lock automatically, similar things work for electronic passwords Consider using Fail2BAN as one of the layers in your security as it will lock out repeat attempts to hack a password Make sure that only a few people have access to the system – humans are one of the weakest links in security via phishing or internal attacks
2 4 Check Your Contracts (Liability) Find out what your contract includes in terms of text about fraudulent calls and your liability Learn how to activate these if needed Find out if your carrier offers Monitoring or limiting amounts me countries Which are automatic? Can you set the limits? Do they notify you or cut you off? Blocking premium numbers or calls to international destinations Can they be configured by extension (let President’s Assistant call anywhere but not lobby phone)? Can they be configured by day of week/time of day?
Lets look at the operating system level 25
2 6 Common Server Policy Problems Incomplete, non-existent, unenforced Password policies: Many had identical default SIP passwords for all phones that were never changed Many had identical default Voicemail passwords for all extensions that were never changed Server / PBX Passwords Multiple PBXs using the same password Root access and web client interface using the same password (if any) No update policy Server OS Apache Server software
Audit Results: Server and OS level problems found 18.6 117 8.75 54 8.8 32 0 20 40 60 80 100 120 140 Average Most High Medium Low Conclusion: You need to have an update policy with regular security updates for the server, not just the Asterisk software. 27
Examples of OS and Server Level http (80/tcp) High (CVSS: 7.8) NVT: Apache httpd Web Server Range Header Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.901203) general/tcp High (CVSS: 10.0) NVT: Kerberos5 Multiple Integer Underflow Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.800433) general/tcp High (CVSS: 10.0) NVT: CentOS Update for kernel CESA-2010:0610 centos5 i386 (OID: 1.3.6.1.4.1.25623.1.0.880569) general/tcp High (CVSS: 10.0) NVT: mpg123 Player Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900538) To Fix: perform a full system update, type this command: Eg: su -c 'yum update' 28
Lets Consider The Asterisk pbx 29
3 0 Common Configuration Problems Not protecting from common attacks Context for SIP trunks to external destinations set as if they were internal extensions Old PBXs, extensions, SIP trunks still configured even though they are not in use Voice and Data configured in a flat configuration (both on the same subnet) Misconfiguration of Dial Commands
3 1 Block Simple Enumeration Attacks Systems like SIPVicious use Enumeration Attacks to identify target SIP devices In Asterisk, you can enable this protection by setting the following in your sip.conf: alwaysauthreject=yes This can be configured in FreePBX Recent versions via the SIP Settings option under the Settings tab (use the Other SIP Settings options at the bottom of the page). Older versions will require that you change it in the sip.conf manually.
3 2 Prevent Basic Hack Attempts Don’t be on the public Internet (have SBC, Firewall, NAT in front of the PBX) Don’t keep the default passwords on Server or PBX Use Fail2BAN to help block repeated attempts to login to the server Change the advertised name of the PBX (so sites like Shodan will not display it)
3 3 Incorrect Contexts Using the from-internal context means All calls on that route or trunk are treated as if they came from an internal phone – with all the rights and privileges that includes: Make outbound calls Set call forwarding Combining the 2 makes it possible to use your PBX as a free long distance phone company Be generous use as many contexts as you have different dialing authority or use cases: from =Sip-provider from=IAX2 from=Sales-employees from=courtesy-phone
3 4 Be Careful With Dial Commands In order to enable call transfers, you have to utilize either the “t” or “T” parameters of the Dial command Due to lack of understanding by many admins – here is a common configuration mistake: Doing this opened a way for anyone who dials in to forward their call to any PBX function – including call forwarding, voicemail, etc.
Lets Finish at the Physical level 35
Who has access • To server room • To the office in off hours (nights/weekends/holidays) 36
Keep up with current events 37
Watch the news and follow events • 2 years ago the European courts killed the Safe Harbor provided the legal ability for US companies to serve European customers. • A new law went into effect last July. More than 1,500 companies including Apple, Google and Microsoft had agreed to abide by the Privacy Shield agreement, which requires the US Department of Commerce to ensure that American companies are operating in compliance with EU privacy laws. • It is now in very real danger of unravelling. And it's all thanks to an Executive Order that Trump signed against refugees. Specifically, it's Section 14, which reads: • Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information. 38 Full text: https://www.whitehouse.gov/the-press-office/2017/01/25/presidential- executive-order-enhancing-public-safety-interior-united
Shameless plug 3 9
More about this topic is in Peerlyst eBook 2 - Essentials of Cybersecurity • Chapter 9 is Telecom 101 You can download it for free here (requires signup): http://tiny.cc/Cybersecurity 4 0 More details in free book
41 Thank You Contact Me at: Eric@greenfieldtech.net Skype: EricLKlein www.greenfieldtech.net US +1 805 410 1010 UK +44 291 100 8888 Il +972 73 255 7799

Recommended

Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
Defcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillDefcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillPriyanka Aash
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 

Recommended

Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
Defcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillDefcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillPriyanka Aash
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPROIDEA
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504Dan Drumm
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
VOIP
VOIPVOIP
VOIPAugusto Seixas
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
V3I6-0108
V3I6-0108V3I6-0108
V3I6-0108Bhavana Sahni
 
SIP Security Best Practices
SIP Security Best PracticesSIP Security Best Practices
SIP Security Best PracticesIntelePeer
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptographyVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsPriyanka Aash
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 

More Related Content

What's hot

PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPROIDEA
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504Dan Drumm
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
SIP Security Best Practices
SIP Security Best PracticesSIP Security Best Practices
SIP Security Best PracticesIntelePeer
 
Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsPriyanka Aash
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 

What's hot (20)

Voip security
Voip securityVoip security
Voip security
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problems
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
VOIP security
VOIP securityVOIP security
VOIP security
 
VOIP
VOIPVOIP
VOIP
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
V3I6-0108
V3I6-0108V3I6-0108
V3I6-0108
 
SIP Security Best Practices
SIP Security Best PracticesSIP Security Best Practices
SIP Security Best Practices
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systems
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 

Similar to VoIP Security 101 what you need to know

Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 
Leverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsLeverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsCisco Canada
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Barry Greene
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Lenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnLenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnTony DeGonia (LION)
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC SecurityAlex Hunte
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTCQuobis
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 

Similar to VoIP Security 101 what you need to know (20)

Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
 
voip_en
voip_envoip_en
voip_en
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Leverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage ThreatsLeverage the Network to Detect and Manage Threats
Leverage the Network to Detect and Manage Threats
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Lenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnLenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and Learn
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

VoIP Security 101 what you need to know

  • 1. VoIP Security 101 - What You Need to Know ERIC KLEIN, VP OPERATIONS http://www.greenfieldtech.net
  • 2. My name is Eric Klein 2 VoIP Fraud Prevention evangelist Startup advisor and enthusiast Author, blogger for Technology and travel • Security chapter out this week • 1st novel in edit A Little about myself… Relatively new grandfather (photos upon request)
  • 3. 3 Passionate about delivering the right telecom solutions Greenfield provides creative high-end solutions and services for telecom operators, enterprises, and start-ups. We enjoy making tech dreams a reality – by developing and delivering simple, feasible, affordable and reliable solutions to challenges that seem ‘impossible’. We believe that in order to help you achieve your goals, we must fully immerse ourselves in your business and see ourselves as a part of your organization. We sometimes speak out when other consultants would not, with your best interests in mind.
  • 5. 5 – low risk, high return crime Organized Crime – use the funds to fund more terror Terrorists - for fun and bragging rights (think Steve Jobs) Kids - As a fully outsourced service for criminal or terrorist organizations Hackers for hire Who is out there looking for your phone? Who is Attacking
  • 6. How Much Are They Attacking Source: www.cfca.org/fraudlosssurvey/ Next report should come out in November 2017 6
  • 7. 7 Key Findings • 2015 Global Fraud Loss: $38.1 Billion (USD) annually • 89% of operators surveyed said fraud losses had increased or stayed the same as previous year • Top 5 Fraud Methods: • $3.93 B – PBX Hacking • $3.53 B – IP PBX Hacking • $3.53 B – Subscription Fraud (Application) • $3.14 B – Dealer Fraud • $2.55 B – Subscription Fraud (Identity) Source: www.cfca.org/fraudlosssurvey/ This means you or your customers can be hit.
  • 8. Where do they call? Source: www.cfca.org/fraudlosssurvey/ 8 Do you need to allow traffic to these destinations?
  • 9. 9 What They Get From Attacking Easy cash from: Free phone calls at your expense Reselling phone services Cash from Premium calls (1- 900) where they get revenue share In very rare cases – Bragging rights (but now that is mostly history)
  • 10. 1 0 Fast and Furious They were Fast and He was Furious: Story was told by audience member at Security Panel on the last day of Astricon 2011 in Denver A customer called and asked for default password as they wanted to configure their PBX and connect to the internet He gave them the password and then connected to the PB himself to watch what would happen In under 10 min. the PBX was found and hacked, with new extensions created and outbound calls being made So how did they find this PBX?
  • 11. How they find you? 11
  • 12. Internet Census  50 GB of data Collected and published  Collected by using bots on unsecure internet devices (default username/password)  If one client scans ten IP addresses per second, it requires approximately 4000 clients to scan one port on all 3.6 billion IP addresses of the Internet in one day  They used ~420K Clients Botnet distribution shown Source: http://internetcensus2012.bitbucket.org/paper.html 12
  • 13. Be Careful in What You Advertise Which is scarier: Exposing that you are accessible via Port 22 or port 80? 13
  • 14. Shodan Found: 11,192,438 for SIP devices By using a simple Google Like search 14
  • 15. Be Careful in What You Advertise Why make it easy for them to not only find you, but to know what you are running? Do you want to let them exploit known security holes or default passwords? 15
  • 16. • SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools: • svmap This is a sip scanner. When launched against ranges of IP address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. • svwar Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users • svcrack This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords. • svreport Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text. (Lists SIP devices found on an IP range) (Identifies active extensions on a PBX) (An online password cracker for SIP PBX) 16
  • 17. What can you do? 17
  • 18. 1 8 Hardening your system Basic methodologies and best practices for configuring Asterisk PBXs. What have we learned from monitoring and auditing Asterisk PBXs and how can you avoid the common mistakes?
  • 19. Lets start with the Corporate level 19
  • 20. 2 0 Common Policy Problems Incomplete, Non-existent, Unenforced Password Policies Server / PBX Passwords Multiple PBXs using the same password Root access and web client interface using the same password (if any) Phones and Extension Passwords Default Password on the PBX (or GUI) Identical or default SIP passwords for all phones Identical or default Voicemail passwords for all extensions No Update Policy PBX Software Phone Firmware No Mailbox Polices Who/what extensions get voicemail When to close them No Allowed / Denied Destines Policies Do all employees need to call all countries? Who does / does not? No Policy To Monitor Phone Usage / Activity
  • 21. 2 1 Internal Fraud the Worst Do you need a courtesy phone? Does it really need long distance dialing? Does it really need international dialing? Does it really need a voice- mailbox? What about break room, copy, or conference rooms? Do you need these 24 x 7?
  • 22. 2 2 Be aware of the problem Harden your system Set proper policies Does everyone need it (international calls, call via PBX, etc.)? Who needs it? Why and is there a better solution or security option? Lock things down if they are not needed Don’t allow pass through dialing (unless needed, and then limit it) Use multi-layer solutions Use audit and monitoring solutions
  • 23. 2 3 Don’t Use Default Passwords Why make it easier for them? Look to use harder to hack passwords/phrases Longer is better (they now have a bot that can crack a 4 digit cell phone screen lock automatically, similar things work for electronic passwords Consider using Fail2BAN as one of the layers in your security as it will lock out repeat attempts to hack a password Make sure that only a few people have access to the system – humans are one of the weakest links in security via phishing or internal attacks
  • 24. 2 4 Check Your Contracts (Liability) Find out what your contract includes in terms of text about fraudulent calls and your liability Learn how to activate these if needed Find out if your carrier offers Monitoring or limiting amounts me countries Which are automatic? Can you set the limits? Do they notify you or cut you off? Blocking premium numbers or calls to international destinations Can they be configured by extension (let President’s Assistant call anywhere but not lobby phone)? Can they be configured by day of week/time of day?
  • 25. Lets look at the operating system level 25
  • 26. 2 6 Common Server Policy Problems Incomplete, non-existent, unenforced Password policies: Many had identical default SIP passwords for all phones that were never changed Many had identical default Voicemail passwords for all extensions that were never changed Server / PBX Passwords Multiple PBXs using the same password Root access and web client interface using the same password (if any) No update policy Server OS Apache Server software
  • 27. Audit Results: Server and OS level problems found 18.6 117 8.75 54 8.8 32 0 20 40 60 80 100 120 140 Average Most High Medium Low Conclusion: You need to have an update policy with regular security updates for the server, not just the Asterisk software. 27
  • 28. Examples of OS and Server Level http (80/tcp) High (CVSS: 7.8) NVT: Apache httpd Web Server Range Header Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.901203) general/tcp High (CVSS: 10.0) NVT: Kerberos5 Multiple Integer Underflow Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.800433) general/tcp High (CVSS: 10.0) NVT: CentOS Update for kernel CESA-2010:0610 centos5 i386 (OID: 1.3.6.1.4.1.25623.1.0.880569) general/tcp High (CVSS: 10.0) NVT: mpg123 Player Denial of Service Vulnerability (Linux) (OID: 1.3.6.1.4.1.25623.1.0.900538) To Fix: perform a full system update, type this command: Eg: su -c 'yum update' 28
  • 30. 3 0 Common Configuration Problems Not protecting from common attacks Context for SIP trunks to external destinations set as if they were internal extensions Old PBXs, extensions, SIP trunks still configured even though they are not in use Voice and Data configured in a flat configuration (both on the same subnet) Misconfiguration of Dial Commands
  • 31. 3 1 Block Simple Enumeration Attacks Systems like SIPVicious use Enumeration Attacks to identify target SIP devices In Asterisk, you can enable this protection by setting the following in your sip.conf: alwaysauthreject=yes This can be configured in FreePBX Recent versions via the SIP Settings option under the Settings tab (use the Other SIP Settings options at the bottom of the page). Older versions will require that you change it in the sip.conf manually.
  • 32. 3 2 Prevent Basic Hack Attempts Don’t be on the public Internet (have SBC, Firewall, NAT in front of the PBX) Don’t keep the default passwords on Server or PBX Use Fail2BAN to help block repeated attempts to login to the server Change the advertised name of the PBX (so sites like Shodan will not display it)
  • 33. 3 3 Incorrect Contexts Using the from-internal context means All calls on that route or trunk are treated as if they came from an internal phone – with all the rights and privileges that includes: Make outbound calls Set call forwarding Combining the 2 makes it possible to use your PBX as a free long distance phone company Be generous use as many contexts as you have different dialing authority or use cases: from =Sip-provider from=IAX2 from=Sales-employees from=courtesy-phone
  • 34. 3 4 Be Careful With Dial Commands In order to enable call transfers, you have to utilize either the “t” or “T” parameters of the Dial command Due to lack of understanding by many admins – here is a common configuration mistake: Doing this opened a way for anyone who dials in to forward their call to any PBX function – including call forwarding, voicemail, etc.
  • 35. Lets Finish at the Physical level 35
  • 36. Who has access • To server room • To the office in off hours (nights/weekends/holidays) 36
  • 37. Keep up with current events 37
  • 38. Watch the news and follow events • 2 years ago the European courts killed the Safe Harbor provided the legal ability for US companies to serve European customers. • A new law went into effect last July. More than 1,500 companies including Apple, Google and Microsoft had agreed to abide by the Privacy Shield agreement, which requires the US Department of Commerce to ensure that American companies are operating in compliance with EU privacy laws. • It is now in very real danger of unravelling. And it's all thanks to an Executive Order that Trump signed against refugees. Specifically, it's Section 14, which reads: • Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information. 38 Full text: https://www.whitehouse.gov/the-press-office/2017/01/25/presidential- executive-order-enhancing-public-safety-interior-united
  • 40. More about this topic is in Peerlyst eBook 2 - Essentials of Cybersecurity • Chapter 9 is Telecom 101 You can download it for free here (requires signup): http://tiny.cc/Cybersecurity 4 0 More details in free book
  • 41. 41 Thank You Contact Me at: Eric@greenfieldtech.net Skype: EricLKlein www.greenfieldtech.net US +1 805 410 1010 UK +44 291 100 8888 Il +972 73 255 7799

Editor's Notes

  1. They had changed admins and providers and wanted to reconfigure the system to connect to the public internet. He logged in as he suspected that they would not follow his advice to change the password – they did not
  2. Shodan is like Google for devices rather than web pages. It has sample searches for thinks like: default password - Finds results with "default password" in the banner; the named defaults might work! Router w/ Default Info - Routers that give their default username/ password as admin/1234 in their banner. cisco-ios last-modified - Finds Cisco-IOS results that do not require any authentication ;-) Snom VOIP phones with no authentication - A list of Snom phone management interface without authentication IPads - IPads. Think different. Think no security. D-Link Internet Camera - D-Link Internet Camera DCS-5300 series, without authentication. [g00gle 5c0u7] Anonymous access granted - title says it all, mostly FTP servers would be visible Routers that provide admin password - Routers that give the default admin / password in their banner