Your Hosts

Markus Ehlers Raiko Schulz

Agenda

•Common mistakes

•Common forms of attack

•Counter measures

•Unsafe passwords

•Missing firewall

•Public IP address

•Port forwarding instead of VPN

•Unencrypted telephony

•No strict call rights and limitations

•Access rights not limited

•Unused IP services and devices still being connected

•No backups

•Missing plan B

10 Common Mistakes

Common Cyber Attacks Denial of ServiceEavesdropping

SPIT

Toll Fraud

Man-in-the- Middle Attack

Flooding

Infrastructure Hijacking

Infrastructure Highjacking

High Phone BillIdentity Highjacking

Brute Force Attack

ARP Poisining

Bot Net

IP-Spoofing

•Much easier with VoIP

•No separate phone lines

•Aiming for log-in data and internal information

•Man-in-the-middle Attack

•ARP-Poisoning targeting Address Resolution Protocol

•Hijacking standard gateways and DHCP-Spoofing

• Infrastructure Hijacking

Common Cyber Attacks Eavesdropping

•Port-scan followed by Brute-Force Attack

•Man-in-the-Middle Attack and Identity Spoofing

•Attacker faking identity to gain internal information or for fraud

•Expensive oversea calls, hotline and service numbers

Common Cyber Attacks Fraud

•Spam-over-Internet

• IP PBX gets hijacked to act as a bot

•Forged RTP Packets

•Very difficult to back-trace and to oppose

• Identity Spoofing and Bot networks

•Content filter acts too late

•May only help in time for voicemail messages

Common Cyber Attacks SPIT

• (D)DoS Attacks

•Aiming for malfunction of a system

• IP Spoofing to keep attacker hidden or to

•Overload victims with response packages

Common Cyber Attacks Denial-of-Service

•Company guideline for network safety

•Regular review and update

•PBX and network security

•All network devices need to be secured!

Security Measures

•Letters, digits, special characters

•At least 8 characters

•No words nor name

Security Measures Secure Password

adminpassword000012344321askoziaaizoksa

8C+inL6B}4_kQu3F6b?!1Q_ct!88_u7V.dLN1@i+yY{L97Km

•Protection against DDoS and Brute Force attacks

•Blocking ports for the internet, intranet or LAN

•Packet filter

•Network Address Translation (NAT)

•Avoid port forwarding

Security Measures Network Firewall

• IPtables, application-based

•Blocking ports for the internet, intranet or LAN

•Additional protection for your PBX

•Fail2Ban

Security Measures Askozia Firewall

Security Measures Fail2Ban

•Featured by Askozia firewall

•Further protection against Brute Force attacks.

•Blocking IPs that repeatedly use incorrect log-in data

•Preventing attackers from guessing an internal number

•alwaysauthreject = yes.

•Responses are always the same for both correct and incorrect user data

•Blocking or accepting certain numbers

•For example:

•Blocking certain numbers from calling through a provider

•Adding certain numbers as exceptions to Fail2Ban

Security Measures Blacklist / Whitelist

• Instead of port forwarding!

•To prevent Bots, DDOS, Brute Force and Man-in-the-Middle attacks

•A poorly configured firewall is as good as no firewall

•Same subnet ensures better audio transmission

•Calls are encrypted

Security Measures VPN Tunnelling

•NGN ports (New Generation networks)

•Virtual Local Networks (VLAN)

•Divides physical networks into logical subnets

•Within a switch or a network

•VLAN-capable switches keep data within the subnet

Security Measures Separate Telephony and Data

•Man-in the-middle

•Receives requests and establishes connection

•No direct communication between two parties

•Costly

Security Measures SIP Proxy

•Secure web server (HTTPS)

•Secure SIP (SIPS) and Secure RTP (SRTP)

•Protection against eavesdropping

•Certificates can be created or uploaded in AskoziaPBX

Security Measures Encryption

•Restrictive dial patterns

•Prevent calls to other countries and national numbers with high charges

•Limit number of calls to other countries

•Limit call duration

•Block calls if thresholds are exceeded and attack seems likely

•VoIP prepaid credit

Security Measures Call Rights

•Access to the network should be a privilege

•Only required and actually used IP devices

•Access rights limited to actual requirements

• In Askozia: Statistic Users, Client User Interface, etc.

•Not every user needs administration rights!

Security Measures Access Privileges

•Enforce your security guidelines

•Regular review and updates

•Keep all IP devices and services up-to-date

•Don’t miss firmware and security updates

Security Measures System Hardening

•There is no absolute safety

•What if a system still fails?

•Regular backups

•Premium Replacement or

•High Availability

Security Measures Have a Plan B

Discover more

Have a look at our white papers and previous webinars!

askozia.com/casestudies youtube.com/askozia

Questions? Time to wake up!

markus.ehlers@askozia.com