Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Protect asterisk from hack ???

Posted on 2010-09-10
4
759 Views
Last Modified: 2013-11-12
Dear all

iam using elastix 2.0 and iam asking about the best ways to protect my machine from hacking , really my server many times has been hacked . i made fall2ban and also tls my server now works with the two is these enough to protect my elastix or you have any other more things that can help me against hack
0
Comment
Question by:tahasip
  • 2
4 Comments
 
LVL 13

Expert Comment

by:luc_roy
ID: 33651977
this should be good enough.  Are you protecting it from inside hackers or outside hackers.  If it's from outside hackers make sure you also have the SIP ports closed on your firewall.
0
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
ID: 33652271
Read my article: Hacker's Guide to Being Hacked: http://www.experts-exchange.com/Networking/Security/A_3582-Hackers-Guide-to-Being-Hacked-How-Bad-Guys-Take-Control-and-How-to-Take-it-Back.html

Also, your SIP passwords for accounts should be good, strong passwords. Personally, I use pwgen to generate them, and then populate the sip.conf file with those passwords. For more information on choosing good passwords, see my other article:

http://www.experts-exchange.com/Networking/Security/A_3640-What-s-the-Password-How-to-Create-Easy-to-Use-Strong-Passwords-to-Protect-Your-Important-Stuff.html

fail2ban is an important measure, but you need to make sure you have implemented all the steps in that article as well.

How were your boxes hacked before?
0
 

Author Comment

by:tahasip
ID: 33655324
i donot know how but suddenly i found all my charge in my trunk are gone and found many calls to too much cost country at about i minute equal 1 doler and no one before call this country the calls semed to done or generated by program and sequence this mean that he was registered by extension and used that trunk .
0
 
LVL 32

Expert Comment

by:DrDamnit
ID: 33655446
Your hack attack sounds like the normal attack. Follow the instructions in those articles I gave you, and it should adequately protect you from a future attack. Additionally, you need to watch the asterisk bugs list (lists.digium.com) for vulnerabilities, and update your software frequently to each stable branch or trunk version.

In addition to the article above, make sure that everyone has good voicemail passwords. There was a bug at one point, which has since been fixed, that allowed an attacker to call into a voicemail number, get to the voicemail application, and then start making calls. But, as long as you don't have a direct dial to your voicemail for external callers to get to voicemail, then you should be ok.

If you need people to be able to get their voicemails from outside the office, then give it a full extension, not just # during a menu.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question