Shoring up Asterisk Security

Found out today that an external host had been scanning my Asterisk server looking for valid SIP extensions. Turned out the IP belonged to some German hacking site that was probably using some brute force tools to scan my server (and lots of others) for valid SIP extensions. The ultimate goal was more than likely to try and exploit any live extensions for some free phone calls.

Fortunately, in anticipation of moving my in-house Asterisk server out to the cloud I had recently done some work to become better educated on Asterisk security and to shore up the security of the CentOS machine my Asterisk instance is running on. As a result, my intrusion detection system slammed the door to the external scans pretty quick, and I’ve since added the IP address to my iptables rule set to to drop any requests from the IP used for the scan.

It was a little unnerving to find out that my box was getting scanned, but I’m glad I took the time recently to get things working more securely. This incident reminds me that one can never be too careful about security, and that there is always more to learn about running Asterisk more securely. To underscore this last point, here are some great links I’ve come across lately for Asterisk and Linux security:

Some general Linux security reading:

Happy reading!

Advertisements

2 thoughts on “Shoring up Asterisk Security

  1. This was a topic of discussion as recently as last night as well, with a group of people at the Toronto Asterisk Users Group (TAUG) Most of the points were basic policy discussions (“How can you force people to choose better passwords?”) but I think there will be some internal methods shortly that allow Asterisk to be more easily integrated into a wider security system that actually actively blocks attacks instead of merely ignoring the attacker. If you’re not already on them, keep an eye on asterisk-dev and asterisk-users for more information, or discuss there as well. Ideas welcome!

    JT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s