Topic: Sail system broken into - how to improve security?

[chris burnat]

I've also created a custom firewall template and have been blocking the ip addresses that come up in the logs as per http://wiki.contribs.org/Firewall

In my case, I noticed that "they" change IP address often, so do not rely on blocking them with individual rules...

[gippsweb]

In my case, I noticed that "they" change IP address often, so do not rely on blocking them with individual rules...

Yep, I had noticed the same, but I figure if I block enough of their ip range they'll give up and go somewhere easier.

I had one extension I had missed re-doing with the alpha/num password and acl's. They got it and blew the small amount of credit on that account. My mistake and I'll wear it. I've now made sure all extensions are hardened.

The only thing that threw me was that I thought having a mac address only let that device connect. But it only works for the auto configuration (silly me  ).

[chris burnat]

Posting a link to a useful article covering this topic:

http://sysadminman.net/blog/2009/hacking-and-securing-your-asterisk-server-592

I tested a new Sail 2.5 system and could not crack it.  This is not to say that someone will not achieve this sometime in the future , they are becoming smarter and more desperate...  I am now looking at using ISPs with limit on usage, meaning a pre-paid account.  The idea is to limit exposure to what is in the account.

Limiting SIP/IAX connections to Asterisk with IPTables sounds good also, not sure how to implement this on Sail - need to cover for multiple trunks.
http://sysadminman.net/blog/2010/limiting-sipiax-connections-to-asterisk-with-iptables-1082

Jeff, what do you reckon? Could something like this be included in Sark either via db commands or an editing panel?