IP Office VOIP was hacked 4

[borsen]

Hey guys,

Yesterday our IPO was hacked. They managed to get through one of the remote workers. And made some 300+ calls to various countries some of which I didn't know existed.

We really need the remote workers. Our employees use them natively on their android phones.


Currently we have the 5060 port disabled by firewall (Mikrotik router) which sits above the Avaya.

How can we secure the VOIP? I can't seem to find anything online?

 

[janni78]

You need a SBC.
Also upgrading to 10.1 will help as it will block IPs if the login fails several times. (10.0 might have that as well)

Best is to call a BP or consultant that knows how this should be setup.

"Trying is the first step to failure..." - Homer

 

[borsen]

I'm on 9.something. Need to pay them to get 10. Which is not happening, absolutely despise Avaya.

I called the company I bought it from and they said I was the first one to ever experience this (I highly doubt that) and they sent me some PDF about Security which doesn't explain how to do any of the stuff they mention.

Any suggestions on how I can secure the VOIP myself?

 

[amriddle01]

You despise Avaya because you were using a remote connection method and didn't secure it properly? Blame the folks who did it and those that should have checked how secure it was

 

[amriddle01]

Use VPN and secure the connection, if it's random IPs they connect from it's the only way really

 

[borsen]

No I despise Avaya because I've had horrible experiences with them with other things too, not just this.

Can I actually have some helpful suggestion as to what to do to improve the Remote Worker Security? Certificates? Something?

 

[borsen]

It's a fixed IP. We have experimented with VPN's before this. And the connection wasn't very good, additionally all internet traffic was sent over VPN too on the android phones.

Aren't there any security features that could be implemented to the Remote Worker/VOIP?

 

[janni78]

As I said earlier, upgrade, SBC and someone who know how to set it up securely.

You're not the first who experienced this, many with badly installed system have and it costs much more to get hacked than to pay someone who know what they're doing.

"Trying is the first step to failure..." - Homer

 

[janni78]

Also it seems you were using port 5060 which unencrypted, which indicates that the ones who installed it only cared about the function and did not consider the security impact.
I would never install this without certificates, and preferably you would use mutual TLS with an SBC.

"Trying is the first step to failure..." - Homer

 

[borsen]

Am I able to have UDP with TLS or do I have to switch to TCP?

Also, where do I install/generate the certificate for TLS? And where do I setup SBC?


5060 was directly exposed yeah. Now we are using a different port and natting it to 5060 inside. We also added DDOS protection on the external port within the Mikrotik router.
We cannot turn off the voip as people used it daily. But we are restricting access to the external port after work ends, again with Mikrotik.

Thats why we need a patch for this as it cannot go on like it was before.
And update is not an option because they are asking for a lot of money and I'd rather buy a new PBX. Never going back to this leech of a company.

 

[pmcook]

If you despise Avaya you should go to Cisco. Very easy to install and manage and cheap.

 

[janni78]

What is a lot of money?
The cost from Avaya isn't that high, the question is how much your BP wants to do the upgrade?

"Trying is the first step to failure..." - Homer

 

[borsen]

It's not about the BP or the cost of it. I simply refuse to give Avaya a cent.

I have no idea how Cisco compares. But they have some pretty amazing networking equipment I've worked with before, so might be worth to check them out.


Not to get off topic. How can I generate the TLS cert? Will it work over UDP or do I need to switch to TCP?
And how do I setup SBC? Is any of this even in the management software?

 

[pmcook]

Get back to us after your first Cisco install. Your opinion of Avaya will change. To quote General Armstrong Custer "That sure is a lot of Indians.

 

[Westi]

SBC is a different piece of hardware managed normally through web interface

certificate need to be bought from a proper source

UDP may work but use TLS instead and force it to do so

Cisco has some amazing stuff?
Good to hear but if you install it wrong it is just as wide open as your Avaya


Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[borsen]

certificate need to be bought from a proper source

UDP may work but use TLS instead and force it to do so

Okay, and how do I install the cert after I get it?

And how do I assign it to VOIP and force the Avaya to authenticate?

 

[Westi]

You want us to do all the work for you or tell you step by step what to do?
Start reading the manual or get some help from a BP.

Sorry mate but there is only so much good will in my bucket to help out.
Maybe someone else is willing to type up the novel it takes to explain it all.

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[janni78]

Why even mention that they want a lot of money if cost is not an issue? =)

But regarding the issue my concern is that you're trying to solve this issue yourself and based on your questions you really shouldn't.
Considering that you already got hacked I'm surprised you haven't called the one who installed it and demanded that they come back and install it properly or send someone who can.

At least start with blocking international calls on the IP Office, if not to all then to countries your employees have no business calling.

"Trying is the first step to failure..." - Homer

 

[borsen]

Thank you for the advice and the help.

 

[amriddle01]

I had the gauge of this guy at post 2, F Off