[ILUG] Asterisk security

[Kevin Brennan]

Hello Iluggers,
   As many of you may be Asterisk owners or maintainers I think this 
mailing list is a good place to highlight the importance of making sure 
security has been considered.

   We have noticed an increase in compromised Asterisk systems lately 
(on the positive side this is in part to do with increased popularity). 
With installations on the 'up' it's expected that many less experienced 
users will be installing without thinking about security. Unlike most 
linux installs, a poorly installed Asterisk system can be an EXPENSIVE 
mistake.

The typical Asterisk attack is a port scan on 5060 followed by a brute 
force registration attempts on extensions from 1000 to 1999. Often new 
installers will test using 1000/test123, or similar, and forget all 
about it.

Once compromised the hijacker will start auto-dialing a series of 
international numbers which either generate revenue share (through the 
many international offshore premium rate number suppliers) or you will 
be helping a 'eastern' call shop get nice termination rates.

It's easy to run up a 5K bill over a weekend (I have seen it happen).

Here's a few tips to keeping your install safe

- change your sip port from default 5060 to something different, 5060 is 
constantly scanned
- make sure you have a correctly installed firewall/iptables
- don't use extensions that are easy to guess (like 1000 - scanners tend 
to count from 0 to 9999)
- don't leave passwords like test123 or use dictionary words - min 
random 8 letters is ok
- block all destinations, then open the ones you want to call
- monitor calls made on your asterisk system
- use completely separate dial-plans for incoming and outgoing trunks
- limit the channels your extension can call at once

If anyone wants to add some more ..please do.


Kevin Brennan