A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing –...
Transcript of A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing –...
![Page 1: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/1.jpg)
Page 1
A less attack-prone, Internet deployment
of iLanga
Researcher: Courage Radu
Email: [email protected]
Supervisor : M. Tsietsi
Co-Supervisor : A. Terzoli
![Page 2: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/2.jpg)
Page 2
Outline
1) Background
2) Motivation
3) Threats
4) Approach
5) Asterisk security
6) Conclusion
7) Possible extensions
8) Questions and answers
![Page 3: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/3.jpg)
Page 3
Background
iLanga is an open computer based telecommunication system
Objective of project is to have a securely deployed iLanga
A guide with best security practices
Developed a web based UI to easy up security administration
![Page 4: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/4.jpg)
Page 4
Background
server
cellphone
Analog
phone
Telkom
Softphone
installed
on laptop
InternetISDN
Ethernet
Ethernet
IP Phone
Ethernet
gsm
Analog
line
![Page 5: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/5.jpg)
Page 5
Background
Ubuntu Linux – operating system
Asterisk – software implementation of a PBX
Kamailio – proxy server for authentication
MySQL – database to store user information
![Page 6: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/6.jpg)
Page 6
Motivation
The system uses open source software
The system can be deployed at tertiary institutions, small business
enterprises, etc
Affordable hardware extensions
Security is not inherently enabled and configured by default
![Page 7: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/7.jpg)
Page 7
Threats
Brute force attack – password guessing
– Session Initiation Protocol (SIP) brute force
– Root account brute force
![Page 8: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/8.jpg)
Page 8
Threats
Toll fraud
– unauthorised long distance calls
Dos
– service disruption
![Page 9: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/9.jpg)
Page 9
Approach
![Page 10: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/10.jpg)
Page 10
Preliminary phases
Current state-of-art of the system
– documenting versions for each component
Replicated the system
Learning the system
– how asterisk handles phone calls
– how the components are integrated
![Page 11: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/11.jpg)
Page 11
Asterisk security
Install Asterisk PBX as non-root
– a remote security compromise should not be used to take over the entire
machine
Set the variable alwaysauthreject = yes
– prevent attacker from scanning for valid usernames
Change Session Initiation Protocol (SIP) default port 5060
– change default port to any unused random port number
![Page 12: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/12.jpg)
Page 12
Asterisk security (Cont.)
Use public key authentication for SSH login
– disable password authentication
Secure dialplan
– properly designed diaplan prevent tool fraud
– well programmed dialplan will prevent dialplan injection
– a secured default context will not cost the organisation
![Page 13: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/13.jpg)
Page 13
Asterisk security (Cont.)
Perl script
– ban IP address with more than 6 wrong passwords
![Page 14: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/14.jpg)
Page 14
Asterisk security (Cont.)
Perl script monitors DoS and password strength for legitimate users
![Page 15: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/15.jpg)
Page 15
Asterisk security (Cont.)
Perl script
Asterisk.log
Firewall
(iptables)
Block
Blocked.txt
Scan
Outgoing
traffic
Incoming
traffic
Internet
Administrator
Read
Send Blocked IP
Username +
Password
![Page 16: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/16.jpg)
Page 16
Video Demonstration
Scenario – an intruder want to enumerate usernames and crack
passwords on iLanga
– perl script is running in background
– the administrator should view the blocked IP address via the browser
Step 2:
Enumerate
usernames
Step 3:
Cracking the
password
Step 1:
Ping the Server
![Page 17: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/17.jpg)
Page 17
Results
Intrusion prevention script effectively quarantines offending IP addresses
Sipvicious tool can generate an average of 170 password attempts per
second on Intel(R) Core(TM) i7 CPU @ 2.93GHz
![Page 18: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/18.jpg)
Page 18
Conclusion
Open source software empower institutions and small organisations to
deploy communication systems like iLanga
iLanga brings different components together but we have to configure and
enhance security features in it
Create an image with necessary security features pre-enabled and
distribute it to other institutions (UFH and NMMU)
![Page 19: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/19.jpg)
Page 19
Possible extensions
Extension of the UI so that the administrator can view all security
information.
The security information is scattered everywhere within the system.
The interface should be able to lighten the burden for non-linux experts.
![Page 20: A less attack-prone, Internet deployment of iLanga · Brute force attack – password guessing – Session Initiation Protocol (SIP) brute force – Root account brute force . Page](https://reader035.fdocuments.us/reader035/viewer/2022070912/5fb3e3ed503f545b016e806a/html5/thumbnails/20.jpg)
Page 20
Questions and Answers