Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Transformation-Nahil Mahmood-Lecture 105

    Uploaded by

    فیضان راجپوت
    3 views11 pages

    Original Title

    Information Security Transformation-nahil Mahmood-lecture 105

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    3 views11 pages

    Information Security Transformation-Nahil Mahmood-Lecture 105

    Uploaded by

    فیضان راجپوت

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 11

    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    • http://
    www.ipcomms.net/aster
    iskblog/1-11-steps-to-secu
    re-your-asterisk-pbx

    1
    CASE STUDY – PERL APPLICATIONS SECURITY HARDENING

    1. Identify critical 6. Validation of 7. Change


    assets (& asset control management
    owner) implementation process for PROD

    2. Research on 5. Implement
    8. Implement on
    applicable controls on test
    PROD & monitor
    security controls setup

    3. Checklist of
    4. Document
    applicable
    controls into SOP
    controls

    2
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    1. Physically secure your IP


    PBX and network
    hardware
    • The first step to security
    of your system

    3
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    2. Never, Never, Never use


    the default passwords on
    any system. (Use Strong
    Passwords)
    • This will stop most of
    the attacks as hackers
    use weak passwords to
    break in

    4
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    3. Never use the same


    Username and password
    on your extensions
    • “This is another VERY
    common issue,
    especially within the
    Asterisk community.
    Using password 101 for
    extension 101 is asking
    for big trouble. DON’T
    DO IT!”

    5
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    3. Never use the same


    Username and password
    on your extensions
    • “This is another VERY
    common issue,
    especially within the
    Asterisk community.
    Using password 101 for
    extension 101 is asking
    for big trouble. DON’T
    DO IT!”

    6
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    4. Place your PBX behind a


    Firewall
    • Use VPNs for remote
    access and limit to
    specific IP addresses
    • Allow access on ports
    which are absolutely
    necessary
    • Disable anonymous
    WAN requests (ICMP or
    PING) access to your IP
    PBX
    7
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    5. Use the “permit=” and


    “deny=” lines in sip.conf
    • “Use the “permit=” and
    “deny=” lines in sip.conf
    to only allow a small
    range of IP addresses
    access to extension/user
    in your sip.conf file. This
    is true even if you decide
    to allow inbound calls
    from “anywhere”
    (default),
    8
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    5. …it won't let those


    users reach any
    authenticated elements!”

    9
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    6. Keep inbound and


    outbound routing separate
    (asterisk)
    • This is probably the
    biggest cause and
    source of toll fraud. By
    keeping your inbound
    call routing in a different
    context than your
    outbound routing, if an
    intruder does happen
    to…
    10
    CASE STUDY – ASTERISK VOIP SECURITY HARDENING

    6. …make it into your


    system, he can’t get back
    out again.

    END

    11

    You might also like