Interesting posting on the Digium blog (i know its old), but it covers some important points, and even has a video showing what SIP users are up against from the dark side.
An important one that many of my associates may not have seen is the alwaysauthreject=yes, this gives hackers the same result if they try hitting an invalid extension, or a valid one, where as normally it would say "you have entered an invalid extension", or "you have entered an invalid password for this extension" - allowing a hacker to "harvest" your extensions and focus on them with further attacks.
I notice they also mention fail2ban which Smpl-PBX has also been using for quite some time, however unlike some of the "other distros" ours is actually secure with no backdoor holes in the fail2ban config. Besides this it is extremely important to keep up with Asterisk (or whatever your SIP server may be) security patches, which is why we do a regular audit of our systems.
Its interesting when a new customer says "I dont know, its just been running in the closet there for the last couple of years, then it all of a sudden stopped taking calls, and our PBX tech changed his phone number".
No comments:
Post a Comment