Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Security recommendation
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

We have been recently informed about a new kind of VoIP attack, so I would like to remind all Kerio Operator administrators about paying attention to security.

The scenario that has become the inspiration for this post included a basic security mistake - the Operator server was accessible from the Internet and one of the extensions had an empty password. That's an equivalent of leaving the door open with the sign "Please help yourself" next to it, you would say.

However, it was just a single extension out of many in the system, and it was none of the usual numbers the hackers try first (100, 101, etc.). The scanning botnet actually needed several days to discover the single unprotected extension number. The scanning machines were blocked several times by Operator's anti-guessing feature but they returned after one day, when the default block on the given IP address expired. Luckily for the user, his outgoing calls constrains kicked in quite early, thus reducing the loss (significantly reducing, one can guess).

The conclusion? The black-hat guys are getting smarter. Please consider the following steps if your Operator is accessible from the Internet (and maybe even if it is not):

* Check that all your extensions have a password. Make sure your passwords are strong.

* Consider decreasing the number of unsuccessful SIP logins and increasing the blocking time in Operator's Security screen.

* Review your Outgoing calls constraints. Will your setup really mitigate your loss if a password is stolen (by a virus/trojan)? Are there international prefixes your users will never call?

* Visit Operator's administration GUI more often to see what's going on, check the list of blocked IP addresses etc. Alternatively, set up e-mail notifications about blocked machines.

Thank you for paying attention,
Vladimir

[Updated on: Thu, 30 January 2014 10:07]

Previous Topic: Hot Standby
Next Topic: DISA in KO
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 03:30:23 CEST 2017

Total time taken to generate the page: 0.00313 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.