Who is trying to get into your IP Office? 1

[MikeTheSpike]

I have just setup a test IP Office 9.1.400 VM using eth0 connecting internally and eth1 for public internet.

This is so I can use the mobile client and desktop Communicator features of this platform properly out in the public.

I have been watching my IP Office System Status and have noticed several failed registration attempts in the Service Configuration alarms.

One one occasion I also noticed someone had used IP Office Manager from outside the network to try access my IP Office. I have his IP address now.

Anyone else have any similar security issues?

I am an IP Office newbie and by no means a dictator of security in any way and usually try building as per default working spec, but I am interested to find if anyone if anyone else has an easy possible solution to the security issues associated. Or are there features in IP Office I am missing?

I know IP Office eth1 will get hit from all sides since it is public, so I built a virtual transparent bridge in front of public IP Office to see who is trying to get in on what ports. Then I can do selective dropping and logging there before the bridge traversal into my IP Office.

So far this is working for me as I don't seem to get anymore login attempts and failures.

Peace

 

[amriddle01]

People are constantly scanning IPs across the web for specific system management and registration ports, if they get a response they target you for toll fraud, they make millions every month doing this.... so they will be all over that address for a while now if they think it's worth it

 

[amriddle01]

Collectively they make millions (system hackers)... not one specific group

 

[MikeTheSpike]

Thanks for your answer.

I agree, they come in all shapes and sizes.

Most will leave their solutions in a default state and I doubt they are even aware that the external parties are targeting them for a weakness unless they have studied the results themselves. As vendors and users I think security is an aspect very overlooked and understated to the end users.

Would it not be better to change the ports used from their default settings and also the apps that connect so that it is harder for the hacker to determine what you are running?

Is there a Dummies guide to Hardening IP Office for public use in the 2 x NIC formation? Do this, do that style and with explanations. I see very little information available and advice for setups like these.

Or, does it need to be hardened by an external device rather that will not cause any unnecessary loading on the IP Office instance?

As always thanks for the answers to my questions.



PS> I am thinking of implementing a solution like this for the Scopia video platform, I have seen far too many infrastructures being compromised without the necessary protection.

 

[IPGuru]

Avaya probvides a reasonable document for hardening the IPO but the best and simplest advice is

NEVER CONNECT THE IPO DIRECTLY TO THE INTERNET!

if possible have your users connect through a VPN

if you myst have external connection then only allow the absolutey necessary ports
under no circumstances allow the Manager, monitor, phonemanager or system status port

If you need external handsest use an SBC is possible

Ensure all passwords have been changed from defaults (That includes all user passwords) & disable any unnecessary services

keep monitorring the system closely for anthhing that may have sneaked through.

Addition - The above goes for pretty much any other PBX/appliance as well



Do things on the cheap & it will cost you dear

 

[MikeTheSpike]

Thanks for the tips!

 

[hairlessupportmonkey]

http://www.shodanhq.com

be afraid. be very afraid.

ACSS - SME
General Geek