VOIP security: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
Brian Wilson (talk | contribs)
 
Line 40: Line 40:
sipsak
sipsak


sipp
[[SIPp]]


vomit
vomit

Latest revision as of 19:12, 19 June 2016

Best practices

Keep your PBX behind a firewall.

Regularly review your dial plan and tune and test it.

Read and follow the advice in the Asterisk source code on best practices.

Remove unneeded modules

Limit services running on the PBX server

Use ACLs

Use VPNs between sites

Back up log files

Config files should not be world readable.

Tools

http://voipsa.org/Resources/tools.php

http://hackingvoip.com/sec_tools.html

SIPVicious http://sipvicious.org/

  • svmap - scanner
  • svwar - identify extensions
  • svcrack - exploit weak passwords
  • svreport - reporting tool

VOIPPack for Canvas

IaxPingPoker

Wireshark

sipsak

SIPp

vomit

Books and docs

Hacking VOIP Exposed

Hacking VOIP, No Starch Press, 2008

NIST SP800-58 "Secuiryt consideratoins for VOIP Systems"

Contacts

From Digium sponsored "Asterisk VOIP Security" 2009 webinar

VOIPSA = VOIP Security Alliance http://voipsa.org



Special agent Michael T McAndrews
FBI - Oklahoma City Division
[email protected]
405-290-7770