Category: Security

Security Articles

Posted on

Protect your Asterisk server against brute forcing

As Internet accessible corporate Voice over IP servers continue to grow in number, so does the risk of rogue individuals gaining access to SIP extensions due to weak or poorly managed Asterisk passwords.

You can protect your Asterisk server using Fail2Ban. Fail2ban scans log files like /var/log/asterisk/full or /var/log/secure and bans IP addresses with to any password failures. It then updates firewall rules to reject the IP address permenantly or for a administrator defined period of time.

This article does NOT negate the need to set strong SIP extension passwords or change system default passwords, this is purely aimed at countering the most common way to hack SIP servers: Brute-forcing SIP passwords.

To install Fail2Ban for Asterisk –

SSH to your VoIP server and login as root , then type the following commands:

yum -y install jwhois
cd /usr/src/
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2/download
tar -jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
cd /etc/fail2ban/filter.d
touch asterisk.conf

Copy these the following into a new configuration file: /etc/fail2ban/filter.d/asterisk.conf: Continue reading “Protect your Asterisk server against brute forcing”

Posted on

Install Fail2Ban on CentOS 5.5

The installation process for Fail2Ban (a brute force protection application) on CentOS 5.5. is as follows –

Login to your server as root, then:

wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact

tar -xf fail2ban-0.8.4.tar.bz2

cd fail2ban-0.8.4

python setup.py install

cp files/redhat-initd /etc/init.d/fail2ban

chkconfig --add fail2ban

chkconfig fail2ban on

Once the installation is complete open the jail.conf configuration:

nano -w /etc/fail2ban/jail.conf

Continue reading “Install Fail2Ban on CentOS 5.5”

Posted on

Is my email address secure?

Secure email transfers rely not only on the security of the connection between the email client and the email server but also on secure connections between servers. Many popular and often free email services offer secure end user interfaces (e.g. GMAIL), but neglect to secure back end communication. That means that emails sent to or from the service’s mail servers are transmitted in plain text. While this probably doesn’t matter to most people, it is the equivalent of keeping your mailbox at home secured with a double-lock, but sending and receiving postcards that everyone along the way would be able to read.

To secure the server to server transfer of emails, the provider needs to enable a technology called Transport Layer Security (TLS). Using this requires more processing power and bandwidth than plain text emails, which is why many email providers try to reduce operating costs by not enabling this feature.

To check if your email address or the email address of a contact is secure, go to: www.ismymailsecure.com, enter your address then click “Submit Query”.

An example of a secure address is: [email protected], an example of an insecure address is [email protected].

NOTE: As this is a 3rd party service, we recommend against entering your full address. If your address is ‘[email protected]‘ you should enter a random address before the @ sign, for example: [email protected].

Posted on

How to add a virtual keyboard to Kayako SupportSuite / eSupport

If you are using Kayako SupportSuite as your ticket system and help desk platform, I recommend providing a virtual keyboard in order for your staff and administrators to enter their passwords securely. An example implementation can be seen here.

A virtual keyboard is a software application which allows a user to enter characters via an onscreen keyboard. Unlike typing a password using a hardware keyboard, a virtual keyboard cannot be logged using a keystroke logger.

The follow instructions outline the process of adding a virtual keyboard to the Kayako staff and admin login pages.

Note: These instructions have been tested on Kayako build 3.70.02

1. Download my Virtual Keyboard build from: http://www.md3v.com/dl/Virtual_Keyboard.zip.

2.  Upload the “keyboard.css”, “keyboard.js” and “keyboard.png” to the /support/staff and /support/admin folders of the Kayako Support Suite.

3. Make a backup of the login form:

cp /support/themes/admin_default/loginform.tpl /support/themes/admin_default/loginform.tpl~

4. Edit /support/themes/admin_default/loginform.tpl and after: Continue reading “How to add a virtual keyboard to Kayako SupportSuite / eSupport”

Posted on

How to add a virtual keyboard to Horde Webmail in Plesk 9.x

If you operate a web hosting provider and provide Horde based webmail access, I recommend providing a virtual keyboard in order for your users to enter their passwords securely.

A virtual keyboard is a software application which allows a user to enter characters via an onscreen keyboard. Unlike typing a password using a hardware keyboard, a virtual keyboard cannot be logged using a keystroke logger.

The follow instructions outline the process of adding a virtual keyboard to the webmail login interface. A example of this can be found at: http://webmail.md3v.com.

Note: These instructions have been tested on Plesk 9.5.2 with Horde 3.3.6.

1. Download my Virtual Keyboard build from: http://www.md3v.com/dl/Virtual_Keyboard.zip.

2.  Upload the “keyboard.css”, “keyboard.js” and “keyboard.png” files to your Plesk server.

3. Copy “keyboard.css”, “keyboard.js” and “keyboard.png” to:

/usr/share/psa-horde/imp

4. Make a backup of the original Horde login template: Continue reading “How to add a virtual keyboard to Horde Webmail in Plesk 9.x”