Vous êtes sur la page 1sur 4

Security for Asterisk

Use SecAst™ to protect any Asterisk® based phone systems against
fraud and hacking. SecAst uses a variety of techniques to detect
intrusion attempts, halt ongoing attacks, and prevent future
attacks. SecAst uses advanced techniques to detect valid
credentials that have been disclosed / compromised and are being
abused, fraudulent activity based on known attack patterns,
unusual call and dialing patterns, etc. SecAst also offers detailed IP
address based geographic allow/deny rules (geofencing) down to
the city level allowing administrators to limit PBX access to regions
where legitimate clients actually reside.

Overview SecAst is a firewall and intrusion detection and prevention system designed specifically to protect Asterisk based phone systems against attack and fraud. or indefinitely. and risk from. SecAst works with Asterisk versions 1. etc. SecAst can detect these attacks even if spread across many days (attackers are now performing "thin" attacks to bypass simplistic detection programs like fail2ban). In addition. Features Asterisk Compatibility SecAst is compatible with a broad range of Asterisk versions and distributions. shutdown interfaces. SecAst uses a variety of techniques to detect intrusion attempts. This includes monitoring the number of calls in progress. to FreePBX and PBX in a Flash and TrixBox. and alert the administrator with details of each attack. SecAst is a 100% software solution. utilities. days. The data from these sources allows SecAst to monitor connection and dial attempts with invalid credentials. external firewalls. etc. commonly used extensions. both 32-bit and 64-bit. SecAst can respond to these attacks by blocking them at the network level. communicating with Asterisk primarily through the Asterisk Management Interface (AMI). SecAst uses advanced techniques to detect valid credentials that have been disclosed / compromised and are being abused. the rate at which users/peers are dialing. to Thirdlane and more. and also communicating with the Linux network interfaces. the source IP of remote users/peers. billing systems. preventing any further attempts. how quickly the calls are setup. SecAst can respond to these attacks by blocking them at the network level. Unlike other products.4 through 13. or indefinitely. SecAst is also compatible with a wide range of Asterisk distributions. from Digium's plain old Asterisk. attacks. halt ongoing attacks. These blocks can last for hours. These blocks can last for hours. days. change firewall rules. preventing any further attempts. . commonly used passwords. changes in Threat Level can trigger scripts which alert administrators. even the rate at which the user is dialing digits. and prevent future attacks. SecAst offers detailed geographic allow/deny rules (geofencing) down to the city level without large or complex firewall rules (all geofencing rules remain within SecAst). etc). allowing administrators to quickly eliminate continents/countries/regions/cities where their users would never be located. etc. but also monitoring Asterisk message/security logs for relevant information. Upon detection SecAst blocks the current attacker from the Asterisk host at the network level. Use of geofencing dramatically reduces the number of. By combining this data SecAst can effectively stop attacks/fraud in its tracks. Breached Credential Use Detection SecAst can detect unusual traffic and usage patterns indicative of credentials that have been breached (leaked or somehow discovered by an attacker). For example. SecAst also uses heuristic algorithms to detect fraudulent activity based on known attack patterns. SecAst offers extensive interfaces to interact with other programs. Brute Force Attack Detection SecAst can detect brute force attacks (attempts to gain access by trying various combinations of usernames/passwords. allowing for considerable customization. the number of channels in use by user/peer across all protocols.

call volumes. whether from a PC. or a cell phone. or a cell phone. The interface includes blocking / unblocking IP's. etc. This allows administrators to grant particular users access regardless of location. and other system based features. Trunk and Endpoint Trust SecAst can be instructed to trust particular trunks. These blocks can last for hours. or indefinitely. Telnet Interface Administrators will be immediately comfortable with the simple and powerful telnet interface to SecAst. days. notifications. The security system can be managed and controlled from a telnet interface. and user friendly rich terminal output. If an attacker or user attempts to use the Asterisk server from a denied location. including a PC. and then block the attacker at the network level. Browser Interface Seasoned administrators and novices alike will be comfortable with the simple and powerful browser (web) interface to SecAst. checking threat levels. The heuristic scanner monitors a variety of Asterisk and network traffic patterns to detect suspicious activity. SecAst can be configured to allow or deny access to any combination of these geographic attributes (as well as a default allow / deny behavior). endpoints (users or phones). a tablet. including the continent / country / region / city of each IP. etc. etc). Changes in threat levels can trigger custom scripts. Threat Level Management SecAst monitors the number and rate of attacks against the Asterisk server. This also allows administrators to designate certain trunks / routes as trusted and others as untrusted. Socket & REST Interfaces Developers will appreciate the socket and REST (Representational State Transfer) interfaces to SecAst. preventing any further attempts. correlate them with rules which indicate likely attacker activity. and IP addresses so that they are exempt from security screening. SecAst includes sample PHP code to show how to extract data and control SecAst via a web service and via the socket interface. the user is immediately disconnected. and based on administrator defined thresholds will set the threat level of the system. . Geographic Allow / Deny SecAst incorporates a database of IPv4 and IPv6 address across the world. (which may be necessary for traveling sales staff. This creates a geographic fence (or geofence) which keeps good guys in and bay guys out. The security system can be managed and controlled from any browser.Heuristic Attack Detection SecAst can learn new attack patterns and adjust its detection accordingly. viewing attack history. as the power and control of SecAst can be easily expanded and integrated with other system administration and monitoring tools. a tablet. The interface includes online help.

correlate them with network data. and compare them with responses expected by Asterisk. Equally as important. This unique approach allows SecAst to look deep into the specific actions performed by users. the state of Asterisk. telium P.telium.Technology SecAst runs as a service on Linux.ca . N2T 0A2. and activities performed by VoIP users (or attackers).O. Box 33032 Ira Needles. running SecAst on the same server as Asterisk avoids introducing a single point of failure on the critical VoIP traffic path in front of Asterisk. normally running on the same server as Asterisk. SecAst interfaces with a variety of subsystems to gather information about the state of the network. Canada www. On.ca (519) 266-4357 info@telium. Waterloo. This design allows SecAst immediate access to security events on the server as well as access to the network interface for monitoring.