I forgot to mention sipvicious, a tool which is also used by hackers to find open machines. svmap - this is a sip scanner. Lists SIP devices found on an IP range svwar - identifies active extensions on a PBX svcrack - an online password cracker for SIP PBX svreport - manages sessions and exports reports to various formats svcrash - attempts to stop unauthorized svwar and svcrack scans https://code.google.com/p/sipvicious/
not to be confused with http://en.wikipedia.org/wiki/Sid_Vicious On Apr 4, 2013, at 6:55 PM, Carlos Ruiz Díaz wrote: > SIP Server: > > - Don't put your Asterisk server in the same host as your web portal. > - Enforce strong password policies for users. > - If you accept INVITES for unauthenticated users, make sure you properly > configure its host IP and prefix. > - Put a Kamailio/openSIPS in front of both Asterisk and FS to better handle > security and attacks attempts (pike module) > > Web Portal: > > - Update to the latest Apache and PHP. > - If you're using an CMS, update to the latest stable version. > - If it's your own development. Check for sql injection/XSS, etc. This is > specially difficult because it depends on the developer programming skills. > > Database: > > - Your database shouldn't be publicly accessible, unless is strictly > necessary (I shouldn't be). > > > On Thu, Apr 4, 2013 at 12:46 PM, Matthew J. Roth <[email protected]> wrote: > Gerrit Jacobsen wrote: > > > > You misunderstood. The idea is to put a honey-trap into the wild which > > cannot > > make charged calls. Of course you must isolate it from the rest of your > > network. > > > > Eventually he will anyway put the system into the wild, so better do it when > > there is no risk of damage. > > I'm not opposed to the idea of a honeypot as an additional layer of security, > but it's not what I would suggest as the first line of defense to someone > looking for a consultant to secure their Asterisk deployment. Locking it down > properly would require the same knowledge as securing the production setup and > the risk is high if they make a mistake. > > Regards, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > > > > -- > Carlos > http://caruizdiaz.com > +595981146623 > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
