Asterisk Security Tips

 

It is your responsibility to ensure your Asterisk or other VoIP software is secure.  
This article provides some hints and tips on how you can do so.
 
 
 
 
Articles and software
 
It's recommended that you make use of the following articles and software:
 
 
                http://www.fail2ban.org/wiki/index.php/Main_Page
                http://www.ossec.net/main/
                http://www.configserver.com/cp/csf.html
 
Please make sure if you use any of the above programs you evaluate them properly and check that they are suitable for your needs.
 
 
 
Disable international calling
 
You can set dialling restrictions on your accounts in VoIP Commander.  If a server doesn't need to be able to dial internationally or call mobiles, disable it!
 
 
 
 
Firewall and Passwords
You should make sure to only allow traffic to and from Neural's CTS servers on your firewall and make sure all passwords are 'strong' passwords with random numbers and letters, using mixed case and special characters. The list of Neural's CTS servers is located here: https://neural.zendesk.com/hc/en-us/articles/200599265-SIP-Server-Addresses
 
You may also elect to block international traffic to your SIP servers if you don't need it.
 
 
 
Disable or Obscure SSH Login
We strongly recommend disabling root login via SSH and changing the SSH port number.  You should ensure your SSH configuration is secure to prevent an attacker from compromising your SIP server through remote login.
 
 
 
Don't install it if you don't need it
Often a server can be compromised through a bug in software running on it.  For example, if you run Asterisk on the same server as your website and attacker compromises the web server software, they may also be able to gain access to the Asterisk server through this attack.  Where possible, only run asterisk on your asterisk server.
 
 
 
Asterisk Configuration
You can also add this into your sip.conf in the [General] section:
  • alwaysauthreject=yes
which will give a 404 instead of a 403 when the incorrect password is given.
 
 
 
-----
 
 
These pointers should get you started on securing your Asterisk system.  For more help we recommend having a Google around - there are many articles out there and many things you can do.
 
Those extra few minutes spent securing your server now could save you hundreds of dollars in fraudulent calls later on.
 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk