Security Considerations

From Integrics Wiki
Revision as of 22:46, 14 September 2018 by Dcunningham (talk | contribs)
Jump to: navigation, search

Technical:

  • Disallow routes to countries that customers don't need, especially high fraud countries.
  • Set a daily spending limit and maximum concurrent calls limit for all customers.
  • Requiring long password lengths for phones and people.
  • Change the SSH port from 22 to something non standard.
  • Use iptables to lock out countries where you do not have customers.
  • Set Asterisk servers to use non default ports for SIP like 5065 instead of 5060.
  • Make sure all handsets have a username and password which are not the devices default.
  • Monitor servers with a tool like Zabbix, Nagios, or Cacti to alert if there are more calls than expected.

Some systems have tools like SIPSentry to automatically block brute-force SIP attacks.

Secure provisioning with a solution such as:

  • Use the source IP setting in Enswitch telephones.
  • Restrict access by user-agent.
  • Restrict access to a privately used (almost secret) domain.
  • Use HTTP basic authentication.

Non-technical:

  • Educate customers on choosing good passwords.
  • Have contracts to make sure the right person pays if they are hacked and run up a huge bill.
Retrieved from ‘http://wiki.integrics.com/index.php?title=Security_Considerations&oldid=198