VOIP security: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
Brian Wilson (talk | contribs)
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
Keep your PBX behind a firewall.
Keep your PBX behind a firewall.


Read and follow the advice in the Asterisk source code on best practices.  
Regularly review your dial plan and tune and test it.
 
Read and follow the advice in the Asterisk source code on best practices.
 
Remove unneeded modules
 
Limit services running on the PBX server
 
Use ACLs
 
Use VPNs between sites
 
Back up log files
 
Config files should not be world readable.


== Tools ==
== Tools ==
Line 26: Line 40:
sipsak
sipsak


sipp
[[SIPp]]


vomit
vomit

Latest revision as of 19:12, 19 June 2016

Best practices

Keep your PBX behind a firewall.

Regularly review your dial plan and tune and test it.

Read and follow the advice in the Asterisk source code on best practices.

Remove unneeded modules

Limit services running on the PBX server

Use ACLs

Use VPNs between sites

Back up log files

Config files should not be world readable.

Tools

http://voipsa.org/Resources/tools.php

http://hackingvoip.com/sec_tools.html

SIPVicious http://sipvicious.org/

  • svmap - scanner
  • svwar - identify extensions
  • svcrack - exploit weak passwords
  • svreport - reporting tool

VOIPPack for Canvas

IaxPingPoker

Wireshark

sipsak

SIPp

vomit

Books and docs

Hacking VOIP Exposed

Hacking VOIP, No Starch Press, 2008

NIST SP800-58 "Secuiryt consideratoins for VOIP Systems"

Contacts

From Digium sponsored "Asterisk VOIP Security" 2009 webinar

VOIPSA = VOIP Security Alliance http://voipsa.org



Special agent Michael T McAndrews
FBI - Oklahoma City Division
[email protected]
405-290-7770