VOIP security: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) m →Tools |
||
| Line 40: | Line 40: | ||
sipsak | sipsak | ||
[[SIPp]] | |||
vomit | vomit | ||
Latest revision as of 19:12, 19 June 2016
Best practices
Keep your PBX behind a firewall.
Regularly review your dial plan and tune and test it.
Read and follow the advice in the Asterisk source code on best practices.
Remove unneeded modules
Limit services running on the PBX server
Use ACLs
Use VPNs between sites
Back up log files
Config files should not be world readable.
Tools
http://voipsa.org/Resources/tools.php
http://hackingvoip.com/sec_tools.html
SIPVicious http://sipvicious.org/
- svmap - scanner
- svwar - identify extensions
- svcrack - exploit weak passwords
- svreport - reporting tool
VOIPPack for Canvas
IaxPingPoker
Wireshark
sipsak
vomit
Books and docs
Hacking VOIP Exposed
Hacking VOIP, No Starch Press, 2008
NIST SP800-58 "Secuiryt consideratoins for VOIP Systems"
Contacts
From Digium sponsored "Asterisk VOIP Security" 2009 webinar
VOIPSA = VOIP Security Alliance http://voipsa.org
Special agent Michael T McAndrews
FBI - Oklahoma City Division
[email protected]
405-290-7770
