<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I forgot to mention sipvicious, a tool which is also used by hackers to find open machines.<div><div><ul style="padding-left: 25px; max-width: 62em; color: rgb(0, 0, 0); font-family: arial, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"><li style="margin-bottom: 0.3em;">svmap - this is a sip scanner. Lists SIP devices found on an IP range</li><li style="margin-bottom: 0.3em;">svwar - identifies active extensions on a PBX</li><li style="margin-bottom: 0.3em;">svcrack - an online password cracker for SIP PBX</li><li style="margin-bottom: 0.3em;">svreport - manages sessions and exports reports to various formats</li><li style="margin-bottom: 0.3em;">svcrash - attempts to stop unauthorized svwar and svcrack scans</li></ul></div><div><a href="https://code.google.com/p/sipvicious/">https://code.google.com/p/sipvicious/</a></div><div><br></div><div>not to be confused with</div><div><a href="http://en.wikipedia.org/wiki/Sid_Vicious">http://en.wikipedia.org/wiki/Sid_Vicious</a></div><div><br></div><div><br></div><div><div><div>On Apr 4, 2013, at 6:55 PM, Carlos Ruiz Díaz wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div style="">SIP Server:</div><div style=""><br></div>- Don't put your Asterisk server in the same host as your web portal. <div>- Enforce strong password policies for users.</div><div>- If you accept INVITES for unauthenticated users, make sure you properly configure its host IP and prefix.</div>
<div>- Put a Kamailio/openSIPS in front of both Asterisk and FS to better handle security and attacks attempts (pike module)</div><div><br></div><div>Web Portal:</div><div><br></div><div>- Update to the latest Apache and PHP.</div>
<div>- If you're using an CMS, update to the latest stable version.</div><div>- If it's your own development. Check for sql injection/XSS, etc. This is specially difficult because it depends on the developer programming skills.<br>
<div><br></div><div style="">Database:</div><div style=""><br></div><div style="">- Your database shouldn't be publicly accessible, unless is strictly necessary (I shouldn't be).</div></div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Thu, Apr 4, 2013 at 12:46 PM, Matthew J. Roth <span dir="ltr"><<a href="mailto:mroth@imminc.com" target="_blank">mroth@imminc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">Gerrit Jacobsen wrote:<br>
><br>
> You misunderstood. The idea is to put a honey-trap into the wild which cannot<br>
> make charged calls. Of course you must isolate it from the rest of your<br>
> network.<br>
><br>
> Eventually he will anyway put the system into the wild, so better do it when<br>
> there is no risk of damage.<br>
<br>
</div>I'm not opposed to the idea of a honeypot as an additional layer of security,<br>
but it's not what I would suggest as the first line of defense to someone<br>
looking for a consultant to secure their Asterisk deployment. Locking it down<br>
properly would require the same knowledge as securing the production setup and<br>
the risk is high if they make a mistake.<br>
<br>
Regards,<br>
<br>
Matthew Roth<br>
InterMedia Marketing Solutions<br>
<div class="HOEnZb"><div class="h5">Software Engineer and Systems Developer<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-biz mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-biz" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-biz</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Carlos<div><a href="http://caruizdiaz.com/" target="_blank">http://caruizdiaz.com</a></div><div>+595981146623</div>
</div>
--<br>_____________________________________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --<br><br>asterisk-biz mailing list<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-biz">http://lists.digium.com/mailman/listinfo/asterisk-biz</a></blockquote></div><br></div></div></body></html>