Elastix Security Guide Version 2 -2014

Embed Size (px)

Citation preview

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    1/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    !lasti" #uide: 

    !lasti" $ecurity #uide %&.' (&')+

    Title !lasti" $ecurity #uide %&.' (&')+

    Author ob -ryer

    Date Written / Last Modified &//&')

    Revision &.'

    Replaces Document !lasti" $ecurity #uide %).' (&'))+

    Tested on Elastix Version &.&0

    Bac!ard "ompati#le 1eleased on !lasti" &.& 2 $ome applies to earlier versions

    Elastix Level eginner to !"periencedLinux Level eginner

    $et!or Level ntermediate to !"perienced

    Latest Document %ource availa#le from www.elasti"connection.com

    "redits 3/4

    Licence #35 -6L

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    2/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Contentsntroduction ............................................................................................................................................

    $ecurity 2 4 big beat up77 ...................................................................................................................... 8

    nternal vs !"ternal 4ttacks .................................................................................................................... 9

    he asics ............................................................................................................................................... ;

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    3/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Introduction

    $ecurity is a very broad subject and rightly so. t is a very subjective topic as well, and to a certain degree it is

    a subject that will never have a definitive end. hatBs why generally dismiss any book that claims to be a

    6efinitive #uide to $ecurity. t is a constant living subject, with improvements, changes, retractions and evenchanges in thinking and direction every year.

    here is also no subject like security that stirs up the emotions, especially when statements are made, as

    everyone has their own views and ideas. he ideas in this guide are from my own personal e"perience mi"ed

    with many years of research. can tell you that am active in this area, work in this area on a constant basis

    and backed by over ' years of e"perience in the industry, not just the telephony industry.

    $ecurity is also not going to be fi"ed by one device that fi"es everything. t is a set of tools, backed up by

    procedures, and ultimately followed up by diligent, constant reviewing and monitoring. $ecurity is only as

    good as the weakest link in the chain.

    Likewise, following this document from start to finish is not going to full protect your system, as there is no

    one document that can do this as every system and design is different. !very environment is different. 4ll

    this document can do is to provide you with a basic understanding of the tools that you can use and how

    they are used.

    3o topic presented in this document should be relied on as complete protection for your !lasti" system.

    ypically this document will raise a method and you should do your own research into the methodology to

    confirm that it will work for you and as to what confidence you can place on its implementation.

    Likewise, $ecurity is e"ponentially as you want to make it. You may be able to secure your system to cover9'G of your system using tools/products that you have and no further hardware, you may be able to cover

    =?G of your system with a few hundred dollars, but to get to that ==G0, it could cost you thousands of

    dollars, and you may still have that )G chance that someone gets through.

    his guide will provide you with an introduction on tools and techniHues you can implement to cover that

    9'G to =?G. his guide will describe some of the common techniHues that these intruders use as well as tips

    and tricks to lessen the possibility of an intruder will make a successful intrusion into your system.

    his document you are reading now is a second revision of this document. @ver three years since the original

    was written, new vulnerabilities have been found, new techniHues are available and definitely more ways to

    monitor are available. 4s stated at the start, it is a subject that will never have a definitive end.

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    4/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    When implementing security personally work on the basis of four layers which generally come down to the

    basics which consist of

    •  &ire!all

    Aost people know what mean here, and the prime security measure needs to e"ist on the

    perimeter of your network. have no issue with it e"isting on your !lasti" system, especially as a

    properly implemented Linu"

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    5/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    n this guide you will find that many of the techniHues and ideas implement these either all together or

    across a range of implementations. 4s mentioned before, just implementing these ideas will not all of a

    sudden make things secure. t is also a case of monitoring your system on a regular basis, investigating what

    you see. Aany systems that are IhackedJ are generally not monitored, and if they had monitored on a

    constant basis, they would have caught the issue before it moved to a full blown attack, especially as many

    of these attacks normally have an investigation stage before they take control of your system.

    @ne final thing, there are other measures that can be implemented and are discussed on the nternet,

    particularly for pure 4sterisk systems. his document is mainly written around the !lasti" system which, with

    a combination of -ree and !lasti" defaults have already implemented some of these measures which

    they feel are important.

    4s an e"ample, you mind find a document on using the from)sip)external conte"t as a default conte"t. his is

    already implemented by -ree and you can confirm this yourself by e"ecuting %*+ %,'W %ETT*$-% under

    the 4sterisk CL. his shows you most of the default settings for $

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    6/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Security – A big beat up?? 

    You might be wondering if this is all a big beat up, not worth the time. You might be having troubles

    wondering if these scripts and hacks are real. Dave a look at this video on

    http://enablesecurity.com/products/enablesecurityKvoippackKsipautohackKdemo/ .

    his is a #5 tool they are using but it clearly shows how simple these tools are and how Huickly they can

    determine a simple password setup.

    3ow you are probably thinking, fine, can trace the address it has come from and prosecute them and get

    my money back. hink again. Aany of these addresses that these attacks come from are from overseas, and

    most of them have no formal legal processes in place that can be initiated. Aany of these attacks appear to

    be coming from China, but what has really happened is that the hackers have compromised a server in China

    and they are in a totally different country. hey know that the chance of you obtaining information from

    Chinese authorities is just about nil.

    Whilst we are looking at a #5 tool in the video from a company that makes tools that you can use to secure

    your system, the rest of the hacking world has written their own tools. hese tools are faster and probably

    even more cunning than what this company has written, which include 1andom word generators, number

    generators, using common defaults, and includes looking for known e"ploits.

    You might be thinking that they canBt make that many calls on your system, but what is actually occurring is

    that they are selling your calls (basically known as oll -raud+. his can be done by calling cards that people

    legitimately buy (particular in countries that are not effective to removing this type of issue+, and when they

    ring the special number before making a call, it is ringing a hacked %o< that might connect to up to 'other hacked systems, and it tries each one until it has a trunk that works (for instance one or two might

    be no longer available as their owners had found them attacked+. o the calling card customer, they just

    notice a longer than normal delay, which is not uncommon with international calls.

    $till donBt believe !lasti" systems are on the radar, look at the list of features in the %o

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    7/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Internal vs External Attacks

    @ne of the most common mistakes that many people make is concentrating on e"ternal attacks to the

    system (in other words direct attacks from the nternet to their !lasti" system. $ure this is the most common

    and in all probability, this is where you should concentrate your resources on.

    Dowever there is the possibility that the attack may come from internally. 3ow youBre probably thinking

    most people in the company are not capable of such acts as no one has the technical ability and you could

    be right, however two scenarios are possible, maybe more.

    he first scenario is the possibility that someone downloads a rojan that they install on their workstation

    which came with dodgy copy of a soft phone or even a soft phone app for a $martphone (which are

    becoming a dime a doMen nowadays+. t could even be one of your level ) technicians trying to do the right

    thing and use their initiative. 5nbeknownst to them, it installed a rojan that reports back the e"tension and

    password that he entered into the soft phone. he hackers have their first entry point into your system.$eparate to this, it now has the < address of the !lasti" and commences a dictionary attack on the .

    -urther in this document, talk about 46$L allowing 'K?' registrations a second, but with a )#b connection

    to the , they are now reaching &''K'' registrations a second, it means that they can really move

    through hundreds of thousands of passwords in a hour. he chances are high that this rojan can guess

    some of your simple passwords.

    his may sound like tinKfoil hat type of scenario, but it is possible, in fact wrote a windows application with

    no visible #5 that e"ecuted and performed a dictionary attack to show proof of concept. did not continue

    with it, as it was meant for a presentation, but run short on time to present it.

    he second scenario is a lot more possible and is a common way to attack systems particularly for the more

    sophisticated hacker. 4s mentioned before, the security on your system is only as good as your weakest

    link. 3ow the attack on your system could come from another server in your organisation. magine this

    scenario, you have just had another server installed in your network that has access to the outside world.

    his server may have been installed by another third party company that has specific reHuirements, which

    includes their access remotely to up keep the server. his server is important to the business as it is a major

    part of their business (e.g. this might be a new

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    8/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    The Basics

    efore we move any further forward...letBs cover a few basic mistakes that many users make (Bve made

    them as well+. hese are items that can immediately improve the security of your system, and should be the

    first items that you tackle.

    Passords or Secrets

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    9/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    t is not the just the possibility of being hacked, but also the possible impact on your !lasti" system and your

    network. have seen routers that have not been able to handle the voraciousness of the attack and to the

    3etwork manager, it looks like either his/her nternet or 1outer has failed. De reboots his/her router, it

    works for &' minutes and it happens all again. Likewise, it almost makes %o< trunks useless as the

    communications is so broken up, or the packet loss makes it sound like static is on the line.

    $o far have been speaking about passwords, and in most cases they apply to the e"tension

    passwords/secrets, however, this same rule needs to apply to your runks either to your %oice

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    10/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    configuration file e"amples+, and find that turning on 4LL@W 43@3YA@5$ $< is the only way to get it

    working. he goes for some of the %$< $etups as well. hey donBt employ any authentication (or even simple

    host < authentication+, and as such, the only way to get the connection working is again turning it on. 4

    Huick rule is that not all %$

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    11/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    #i"it installing additional products on your Elastix syste"

    @ne of the biggest issues see with !lasti" systems is the disregard for security by implementing products on

    the !lasti" system that compromise security, or even if it is not the product itself, then the product allows

    the user to compromise security without knowing it.

    have come across an !lasti" system where the system owner had decided to use the !lasti" $erver as an

    -< $erver as well. $omeone installed -< and configured it. What occurred was someone used a well known

    e"ploit of that -< $erver to give themselves root access to the entire system. 3ot only did they get root

    access, but they installed a hackers toolkit onto the system. 5nbeknownst to the !lasti" owner, their system

    spent many months searching for other systems to hack, reporting back to an 1C channel with any

    system that it hacked with all the details. n the meantime, the reliability of their suffered and as did

    their internet connection (and they got charged for e"cess nternet+. heir

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    12/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    $se the Per"it%&eny options in 'reePB(%$ne"bedded 'reePB()

    5nder the e"tensions configuration in !lasti" you will see this screen.

    4s you can see, you have the ability to add the range of < addresses that you will allow the phones to

    connect from. he 6!3Y line as it is set above disallows all addresses (classic deny all then allow specific+.

    he permit line is set to allow only a $< device the local network to connect to this e"tension.

    he same goes for access to the 4sterisk Aanagement nterface (4A+ which is set by the 4sterisk 4

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    13/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Peri"eter 'ireall % *outer

    !lasti" has an inbuilt -irewall based on Linu" (

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    14/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    he number of people who have good intentions of setting up a -irewalled !lasti" system, but ending up

    opening their router/firewall to get their !lasti" system working reliably. 4nd it happens this way because

    their ItestedJ system went into production, and a day or so later (sometimes the same day+, started

    dropping calls or worse still not receiving calls at certain times of the day. his is generally attributed to

    being forced to setup of

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    15/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    can do what you like inside your network knowing that the perimeter firewall is in place and unchanged,

    protecting you at all times.

    4lternatively if you cannot implement a perimeter firewall, wait for !lasti" &.' which has a #5 ased

    firewall based on

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    16/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    http://blog.sipvicious.org/&'';/'&/detectingKsipKattacksKwithKsnort.html . his one is a bit old now and may

    actually be in the standard rules, but it gives you an idea on how e"tensible the $nort 6$ system is.

    Elastix 'ireall

    4s of !lasti" &.', !lasti" has a #5 ased < ables -irewall. Aany commercial -irewall products rely on <

    ables as the basis of their firewall, and the developers have done a great job of implementing an < ables

    firewall with a very nice looking Web ased #5.

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    17/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    f you canBt wait for the !lasti" -irewall product, then you can implement this same security by using

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    18/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    With -ail&an, it monitors the number of failed authentications from a particular < address. f the failed

    authentication attempts matches the number set as part of the -ail&an configuration, then it blocks that <

    address for a preset time. his generally causes these $cript Eiddies to look for another system to attempt to

    break into. Likewise these dictionary attacks mean that they only manage to try three login/passwords every

    )' minutes, instead of 'K?' per second on a system without -ail&ban. he chances of someone successfully

    guessing your login and passwords on your system are greatly diminished.

    -ail&ban works in conjunction with

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    19/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    .ther Security /easures

    $tilising 0P12s here possible especially !or re"ote Phones

    Aore and more -irewall/1outers have the capability to act as a %

    system from attack.

    Changing the de!ault port !or SS3

    @ne of the most common areas targeted for attack is !lasti" systems with

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    20/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    $tilising 0P12s here possible especially !or re"ote Phones

    Aore and more -irewall/1outers have the capability to act as a %

    system from attack.

     Adding a PI1 Code !or all outbound International Calls

    Fuite often, depending on the business type, you will find that the business will not make a lot of

    international calls.

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    21/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    Port 4nocking

    n !lasti" &. a

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    22/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    /onitoring

    0oice Provider Call 5uota2s

    Whilst this topic straddles the headings of $ecurity and Aonitoring, it actually is very important as it is one

    measure that could ultimately save you a large amount of money should your security measures let you

    down.

    @ne of the more recent changes, especially as %oice

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    23/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    /onitoring #ogs

    -or many !lasti" users, once they have implemented their firewall or other security measures, they sit back

    believing everything is covered. hey might have spent a day monitoring it to make sure no mistakes have

    been done, but after that, it does not get a thought until something goes wrong, or appears to be going

    wrong, or they had a laMy afternoon and decided to have a look.

    Like backup systems, you canBt just assume that the backup is working, only to find out when you need it

    most, that the backups havenBt been working for several weeks. he monitoring of your !lasti" is just as

    important

    You need to set a regular procedure to check the logs to monitor for these possible attacks. t wonBt take

    long, but you need to do it regularly.

    @ne of the log files that you need to review on a regular basis is found at

    /var/lo(/secure

    he above e"ample shows someone attempting to break into the system via $$D. You can see the users

    names that they are trying, and this case they are trying common user names using on 5ni"/Linu" systems.

    You will find the archived logs named secure.), secure.& and so on. f your system is under heavy attack from

    one of these $cript Eiddies, then you may find that these archived files may contain attack attempts just

    from the one day.

    4nother file to check regularly is

    /var/lo(/audit/auditlo(

    his shows the login successes and failures. his is basically the Linu" audit system. You mainly are looking

    for unusual login failures which will give you an idea that your system is under attack.

    /var/lo(/asteris/full

    his is the main asterisk log containing all the information about phone registrations, calls and call flows

    amongst much more information. t would be impossible to read these logs line by line, but using IlessJ as

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    24/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    your viewer, you can search for phrases such as IRegistration”, “Forbidden”, “failed”. You could write an

    automated script to look for these or just perform a check every few weeks. Doing this will provide an

    indication that someone is attempting to hack your system. Very rarely will an attacker be able to access your

    system immediately (unless your system is very insecure), so quite often a successful hack is usually

    perpetrated over several days or even weeks. When you start seeing these entries in your logs, you know you

    need to look at your security in general and commence security improvements to stop them even trying.  

    $tilising the ne Asterisk Security #ogging

    -rom 4sterisk ).;, there is a new feature which provides a new security feature (thank you for $andro #auci

    from !nable $ecurity for originally raising my interest in this new feature+.

    t can be enabled by editing the /etc/asterisk/logger.conf (@n !lasti" &. systems+

    full TS notice,warning,error,debug,verbose;securit5

    and adding the securit5 at the end

    or on !lasti" &.?, (-ree

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    25/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * You will not hold myself or any company am associated with responsible for any damages arising from these notes. t is up to you to verify this

    documents claims or comments and test in your environment to its suitability.  

    -ail&ban can make use of this security logging, in fact if you look at any guides on -ail&an, make sure that it

    mentions for asterisk ).; onwards as there are some major changes so that it reads these new logs.

    /onitoring So!tare

    have spoken previously about looking at a %oice $ervice

  • 8/9/2019 Elastix Security Guide Version 2 -2014

    26/26

     

    Disclaimer: Your use of this guide is subject to the following conditions:

    * Your application of these notes are entirely at your own risk.

    * While tested in a Lab environment, know nothing of your environment and may be totally unsuitable.

    * Y ill t h ld lf i t d ith ibl f d i i f th t t i t t if thi

    Trade"arks used in this docu"ent

    Elastix 2 !lasti" is a trademark of