[asterisk-biz] PBX got Hacked

Stelios Koroneos skoroneos at digital-opsis.com
Sun Feb 8 08:22:13 CST 2009


On Sat, 2009-02-07 at 21:54 -0500, Alex Balashov wrote:
> Agreed strongly.
> 
> 1) For one, it sounds like you allowed remote root logins directly via 
> SSH via password.  Many people seem to do this for convenience.  This is 
> VERY BAD and should NEVER, EVER be allowed under any circumstances. 
> Only password access to user accounts should be permitted 100% of the time.
> 
> 2) Secondly, SSH should really not be open to the public at all.  With 
> some hosts, that just can't be helped (public access boxes).  For a PBX, 
> there is absolutely no reason why SSH should be open to anyone but you.
> 
> My SSH on all servers is firewalled to everyone in the world and I can 
> only get in through an OpenVPN management VPN.  If for some reason that 
> fails or I am on a host that doesn't have a client, there are a few IPs 
> that are allowed in as a back door.  That's it.
> 


Having the ssh server at the default port and accepting password
authentication its a security problem waiting to happen.
Looking at firewall logs you can see that the ssh port is scanned
routinely and brute force attacks happen all the time.
If you need to have ssh access open, move it a another port,disable
password auth and use only publickey auth.
Also as I see more and more companies implementing a strict "no incoming
ports open" policy (which is good), an option is to have a reverse ssh
tunnel.
http://skoroneos.blogspot.com/2009/01/doing-reverse-ssh-tunnel-embedded-way.html


I have implemented this in our embedded asterisk distro and now works
with the dialplan also.
i.e you trigger the connection from inside by dialing a number

-- 
Stelios S. Koroneos

Digital OPSiS - Embedded Intelligence

Tel +30 210 9858296 Ext 100
Fax +30 210 9858298
http://www.digital-opsis.com




More information about the asterisk-biz mailing list