VOIP security: Difference between revisions

Latest revision as of 19:12, 19 June 2016

Keep your PBX behind a firewall.

Regularly review your dial plan and tune and test it.

Read and follow the advice in the Asterisk source code on best practices.

Remove unneeded modules

Limit services running on the PBX server

Use ACLs

Use VPNs between sites

Back up log files

Config files should not be world readable.

VOIPPack for Canvas

IaxPingPoker

Wireshark

sipsak

vomit

Hacking VOIP Exposed

Hacking VOIP, No Starch Press, 2008

NIST SP800-58 "Secuiryt consideratoins for VOIP Systems"

From Digium sponsored "Asterisk VOIP Security" 2009 webinar

VOIPSA = VOIP Security Alliance http://voipsa.org

Special agent Michael T McAndrews
FBI - Oklahoma City Division
[email protected]
405-290-7770

@@ Line 3: / Line 3: @@
 Keep your PBX behind a firewall.
-Read and follow the advice in the Asterisk source code on best practices.
+Regularly review your dial plan and tune and test it.
+Read and follow the advice in the Asterisk source code on best practices.
+Remove unneeded modules
+Limit services running on the PBX server
+Use ACLs
+Use VPNs between sites
+Back up log files
+Config files should not be world readable.
 == Tools ==
@@ Line 9: / Line 23: @@
 http://voipsa.org/Resources/tools.php
+http://hackingvoip.com/sec_tools.html
 SIPVicious http://sipvicious.org/
@@ Line 25: / Line 40: @@
 sipsak
-sipp
+[[SIPp]]
 vomit
-== Books ==
+== Books and docs ==
 Hacking VOIP Exposed
 Hacking VOIP, No Starch Press, 2008
+NIST SP800-58 "Secuiryt consideratoins for VOIP Systems"
 == Contacts ==