![Page 1: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/1.jpg)
Page 1
A less attack-prone, Internet deployment
of iLanga
Researcher: Courage Radu
Email: [email protected]
Supervisor : M. Tsietsi
Co-Supervisor : A. Terzoli
![Page 2: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/2.jpg)
Page 2
Outline
1) Introduction
2) System Architecture
3) Threats
4) Preliminary Phases
5) Asterisk Security
6) AsteriskNOW
7) Way Forward
8) Questions
![Page 3: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/3.jpg)
Page 3
Introduction
Objective of project is to have a securely deployed telecommunication
system using iLanga as case study.
A guide with best security practices
Develop a web based tool that easy up security administration
Iterative approach
![Page 4: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/4.jpg)
Page 4
System Components
iLanga is an open computer based telecommunication system
Ubuntu Linux – Operating System
Asterisk – software implementation of a PBX
Kamailio – proxy server for authentication
MySQL – database to store user information
![Page 5: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/5.jpg)
Page 5
High Level System Architecture
+27 44444 5555
072 111 2222
PSTN
Asterisk/
Kamailio/
MySQL
146.231.124.5
146.231.124.6
![Page 6: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/6.jpg)
Page 6
Threats
Brute force attack – password guessing
Session Initiation Protocol (SIP) brute force
[Nov 6 02:57:48] NOTICE[18681]: chan_sip.c:21687 handle_request_register:
Registration from '"9964"<sip:[email protected]>' failed for
'85.14.178.21' - No matching peer found
[Nov 6 02:57:48] NOTICE[18681]: chan_sip.c:21687 handle_request_register:
Registration from '"9965"<sip:[email protected]>' failed for
'85.14.178.21' - No matching peer found
Root brute force
June 16 12:16
Failed password for root from 95.141.193.46 about 40 attempts
Failed password for invalid user test from 95.141.193.46 3 attempts
Failed password for invalid user nagios 2 attempts
Failed password for invalid user postgres 2 attempts
Failed password for invalid user oracle 1 attempt
![Page 7: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/7.jpg)
Page 7
Threats
Toll fraud – unauthorised long distance calls
DoS – service disruption
![Page 8: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/8.jpg)
Page 8
Preliminary Phases
Current state-of-art of the system
-Documenting versions for each component
Replicated the system
Learning the system
- How asterisk handles phone calls
- How the components are integrated
![Page 9: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/9.jpg)
Page 9
Asterisk Security
Fail2ban
- ban IP address with more than 5 wrong passwords
![Page 10: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/10.jpg)
Page 10
Asterisk Security (Cont.)
Using Secure Shell (SSH) – terminal connection security
- Disable password authentication
- SSH - uses public and private keys for authentication.
- SSH - uses RSA algorithm whose security lies in the
factorisation problem.
A well designed dialplan will prevent toll fraud
Kamailio has inbuilt anti-flood functionality
![Page 11: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/11.jpg)
Page 11
Asterisk Security (Cont.)
Good practice
Running Asterisk as User
A B
![Page 12: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/12.jpg)
Page 12
Asterisk Security (Cont.)
Unusual for Ubuntu
- (Shift + ! + Enter)
![Page 13: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/13.jpg)
Page 13
Asterisk Security (Cont.)
Unusual for CentOS
- (Alt + F9)
- (Shift + ! + Enter)
![Page 14: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/14.jpg)
Page 14
Administrator Interface for AsteriskNOW
![Page 15: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/15.jpg)
Page 15
Way Forward…
Creating a simple web based tool that monitors the system internal
security files and give feedback to the administrator.
Combines information from /var/log/auth.log.1log file e.g From the /var/log/auth.log.1log file
June 12 13:17
Failed password for root from 109.237.214. 6 attempts
June 12 22:59
Failed password for root from 122.225.96.156 6 attempts
June 16 12:16
Failed password for root from 95.141.193.46 about 40 attempts
![Page 16: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/16.jpg)
Page 16
Way Forward… (Cont.)
![Page 17: A less attack-prone, Internet deployment of iLanga · 2011. 11. 9. · Asterisk Security Fail2ban - ban IP address with more than 5 wrong passwords . Page 10 Asterisk Security (Cont.)](https://reader033.vdocuments.net/reader033/viewer/2022060911/60a5b095cb21923a32723fb3/html5/thumbnails/17.jpg)
Page 17
Questions and Answers