[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber

Steve Totaro stotaro at totarotechnologies.com
Thu Jun 12 05:40:28 CDT 2008


What services do you need exposed to the internet and on what machines?

Does the fiber just terminate into your "switch" then?  What type of
switch?  Can you get access to the switch?  If so you can probably
create access control lists.

You could put your own router in front to act as a firewall or/and NAT
and add your own ACLs.

As already suggested, turn off all unused services.  Do not use some
all in one rolled up ISO such as Trixbox.  Change your ssh port.

If at all possible, use OpenVPN (or whatever VPN) to connect all the
machines together, as well as trusted clients then block all traffic
in your ACLs (or firewall) except VPN, NTP, DNS, HTTP, and whatever I
am missing.

BTW I am no security expert.  I had a box compromised exactly as you
described but the IRC junk was pegging the CPU, not Asterisk.

Thanks,
Steve

On Thu, Jun 12, 2008 at 4:23 AM, Mark Adams
<admin at infinity-marketing.com> wrote:
> I appreciate the responses thus far but I am looking to find out what type
> of security I should implement for the future. Being new to linux, not to
> mention asterisk I didn't realize that someone could brute force into the
> box and upload crap. With that in mind it seems that I would want to get a
> hardware firewall such as a hotbrick or a sonicwall firewall.
>
> My situation seems unique because I am not using a router even at this
> point. I was given a sheet of ip addresses and was told just to provision by
> devices with the given ip's and they would handle the rest. My devices are
> hooked directly to their switch in my location.
>
> This hasn't been an issue up until now because I only had analog (mediatrix
> and audiocodes 24 port gateways x 4) connected to the switch. Now I am going
> to a software based dialer (i.e. asterisk/ vicidial) and have run into these
> problems.
>
> Thanks again,
>
> Mark
>
>
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Steve Edwards
> Sent: Wednesday, June 11, 2008 11:25 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
>
> On Wed, 11 Jun 2008, Mark Adams wrote:
>
>> (I know there are security issues as they have been additional users
>> created on my server and irc junk was put in the home folder)
>
> If the box has been compromised, the only recourse is to erase the drives
> and start over. You can't trust anything on the box.
>
> Off the top of my head, this is how I would approach the problem.
>
> 1) Identify how the box was compromised. (A client box was recently (last
> 30 days) hacked. It was an old AAH installed by the client. The hacker
> used the default password on the admin account to exploit a buffer
> overflow in crond to gain root.)
>
> 2) Save any essential data -- and only the data, no executables.
>
> 3) Take the box off the Internet.
>
> 4) Boot DBAN and let it do it's thing.
>
> 5) Install a minimal OS from CD/DVD.
>
> 6) Clean up after the install -- turn off services, delete users, delete
> packages, add packages, etc.
>
> 7) Bring up to current patch level from your private repository.
>
> 8) Expose the box to the Internet.
>
> 9) Cross your fingers and actively monitor the box.
>
> Thanks in advance,
> ------------------------------------------------------------------------
> Steve Edwards      sedwards at sedwards.com      Voice: +1-760-468-3867 PST
> Newline                                             Fax: +1-760-731-3000
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list