Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Kerio Operator Security
  •  
chrism

Messages: 31
Karma: 0
Send a private message to this user
Hi,

We are looking at Kerio Operator, but concerned over risks of the system being hacked and ££££'s of unwanted calls to premium rate numbers. We have had this in the past with another PBX system.

1 . I am happy with using strong SIP passwords, even keeping behind firewall and keeping SIP ports shut inbound, to stop SIP hacking attempts. Testing so far, the IP blocking seems to do a good job.

2 . Whats concerns me, is exploits through extension voicemail or Auto attendant. And settings being changed in the PBX.
Is this an issue with Kerio Operator? If so, can it be prevented?

Thanks
  •  
chrism

Messages: 31
Karma: 0
Send a private message to this user
Anyone comment on this?
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Hi Chris,

I don't quite understand what your question is about. Could you please explain it in more detail?

Thank you,
Filip
  •  
chrism

Messages: 31
Karma: 0
Send a private message to this user
Hi Filip,

It is pretty simple, assuming strong SIP passwords are used, and IP's are blocked after xx number of failed attempts, how secure is Kerio Operator against hacking?
Are there other vulnerabilities, like other PBX systems where hackers can infiltrate through voicemail or Auto Attendant and make unauthorised calls through the Kerio Operator?

Thanks

[Updated on: Tue, 25 February 2014 08:58]

  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Nothing I know of. Btw if I knew, fixing would be my top priority.
  •  
chrism

Messages: 31
Karma: 0
Send a private message to this user
Hi Thanks,


I read in another forum post that Kerio Operator has been designed to stop things like this happening, as it will not call a Mobile number from the Auto Attendant for example, as this can be exploited.
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

We invest a lot of effort to ensure that features in Operator are designed in a secure way. For example, the option that lets an external caller enter an extension number in auto attendant checks that the entered number is really an existing local extension (special extensions, like PBX services, are blocked).

Vladimir
  •  
chrism

Messages: 31
Karma: 0
Send a private message to this user
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Given that this is a security discussion, small details matter. I wouldn't restrict yourself to only strong SIP passwords. There are several passwords used in Operator (account, admin, etc.). Those should all be strong. And, not only strong, but with regularly rotation.

I would advise some investigation into the MyPhone functionality. This is a web-based interface to the voicemail system based on user account. It also allows you to dial phone numbers from a controlled phone. This isn't quite as powerful as an AA or phone voicemail attack, but is something you need to know about. Again, strong password management should prevent abuse. You can also restrict its use to internal use only.
Previous Topic: iOS7 & Microphone Security with Softphone App
Next Topic: Connect & Operator integration issues
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 22:18:42 CEST 2017

Total time taken to generate the page: 0.00505 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.