Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Protect asterisk from hack ???

Posted on 2010-09-10
4
Medium Priority
?
788 Views
Last Modified: 2013-11-12
Dear all

iam using elastix 2.0 and iam asking about the best ways to protect my machine from hacking , really my server many times has been hacked . i made fall2ban and also tls my server now works with the two is these enough to protect my elastix or you have any other more things that can help me against hack
0
Comment
Question by:tahasip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:luc_roy
ID: 33651977
this should be good enough.  Are you protecting it from inside hackers or outside hackers.  If it's from outside hackers make sure you also have the SIP ports closed on your firewall.
0
 
LVL 32

Accepted Solution

by:
DrDamnit earned 2000 total points
ID: 33652271
Read my article: Hacker's Guide to Being Hacked: http://www.experts-exchange.com/Networking/Security/A_3582-Hackers-Guide-to-Being-Hacked-How-Bad-Guys-Take-Control-and-How-to-Take-it-Back.html

Also, your SIP passwords for accounts should be good, strong passwords. Personally, I use pwgen to generate them, and then populate the sip.conf file with those passwords. For more information on choosing good passwords, see my other article:

http://www.experts-exchange.com/Networking/Security/A_3640-What-s-the-Password-How-to-Create-Easy-to-Use-Strong-Passwords-to-Protect-Your-Important-Stuff.html

fail2ban is an important measure, but you need to make sure you have implemented all the steps in that article as well.

How were your boxes hacked before?
0
 

Author Comment

by:tahasip
ID: 33655324
i donot know how but suddenly i found all my charge in my trunk are gone and found many calls to too much cost country at about i minute equal 1 doler and no one before call this country the calls semed to done or generated by program and sequence this mean that he was registered by extension and used that trunk .
0
 
LVL 32

Expert Comment

by:DrDamnit
ID: 33655446
Your hack attack sounds like the normal attack. Follow the instructions in those articles I gave you, and it should adequately protect you from a future attack. Additionally, you need to watch the asterisk bugs list (lists.digium.com) for vulnerabilities, and update your software frequently to each stable branch or trunk version.

In addition to the article above, make sure that everyone has good voicemail passwords. There was a bug at one point, which has since been fixed, that allowed an attacker to call into a voicemail number, get to the voicemail application, and then start making calls. But, as long as you don't have a direct dial to your voicemail for external callers to get to voicemail, then you should be ok.

If you need people to be able to get their voicemails from outside the office, then give it a full extension, not just # during a menu.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How To Create Custom / Distinctive Ring Tones on Polycom Phones Purpose and Overview When creating a custom ring tone, you have simple aspirations: to make your phone cooler than everyone else's. Perhaps you need a louder ringer. Perhaps you w…
Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question