Está en la página 1de 4

Security for Asterisk

Use SecAst™ to protect any Asterisk® based phone systems against
fraud and hacking. SecAst uses a variety of techniques to detect
intrusion attempts, halt ongoing attacks, and prevent future
attacks. SecAst uses advanced techniques to detect valid
credentials that have been disclosed / compromised and are being
abused, fraudulent activity based on known attack patterns,
unusual call and dialing patterns, etc. SecAst also offers detailed IP
address based geographic allow/deny rules (geofencing) down to
the city level allowing administrators to limit PBX access to regions
where legitimate clients actually reside.

allowing administrators to quickly eliminate continents/countries/regions/cities where their users would never be located. SecAst works with Asterisk versions 1. the source IP of remote users/peers. etc. etc). days. both 32-bit and 64-bit. utilities. SecAst can detect these attacks even if spread across many days (attackers are now performing "thin" attacks to bypass simplistic detection programs like fail2ban). Upon detection SecAst blocks the current attacker from the Asterisk host at the network level. commonly used passwords. and alert the administrator with details of each attack. to FreePBX and PBX in a Flash and TrixBox. allowing for considerable customization. SecAst offers detailed geographic allow/deny rules (geofencing) down to the city level without large or complex firewall rules (all geofencing rules remain within SecAst). and risk from. change firewall rules. communicating with Asterisk primarily through the Asterisk Management Interface (AMI). and also communicating with the Linux network interfaces. The data from these sources allows SecAst to monitor connection and dial attempts with invalid credentials. This includes monitoring the number of calls in progress. shutdown interfaces. preventing any further attempts. how quickly the calls are setup. SecAst can respond to these attacks by blocking them at the network level. Features Asterisk Compatibility SecAst is compatible with a broad range of Asterisk versions and distributions. By combining this data SecAst can effectively stop attacks/fraud in its tracks. days. SecAst can respond to these attacks by blocking them at the network level. SecAst is also compatible with a wide range of Asterisk distributions. billing systems. . halt ongoing attacks. preventing any further attempts. to Thirdlane and more.4 through 13.Overview SecAst is a firewall and intrusion detection and prevention system designed specifically to protect Asterisk based phone systems against attack and fraud. or indefinitely. Unlike other products. and prevent future attacks. SecAst offers extensive interfaces to interact with other programs. For example. SecAst also uses heuristic algorithms to detect fraudulent activity based on known attack patterns. changes in Threat Level can trigger scripts which alert administrators. These blocks can last for hours. Use of geofencing dramatically reduces the number of. the number of channels in use by user/peer across all protocols. In addition. SecAst uses a variety of techniques to detect intrusion attempts. external firewalls. Brute Force Attack Detection SecAst can detect brute force attacks (attempts to gain access by trying various combinations of usernames/passwords. Breached Credential Use Detection SecAst can detect unusual traffic and usage patterns indicative of credentials that have been breached (leaked or somehow discovered by an attacker). but also monitoring Asterisk message/security logs for relevant information. SecAst is a 100% software solution. the rate at which users/peers are dialing. etc. These blocks can last for hours. attacks. etc. from Digium's plain old Asterisk. or indefinitely. commonly used extensions. SecAst uses advanced techniques to detect valid credentials that have been disclosed / compromised and are being abused. even the rate at which the user is dialing digits.

etc. and IP addresses so that they are exempt from security screening. or indefinitely. Trunk and Endpoint Trust SecAst can be instructed to trust particular trunks. as the power and control of SecAst can be easily expanded and integrated with other system administration and monitoring tools. This creates a geographic fence (or geofence) which keeps good guys in and bay guys out.Heuristic Attack Detection SecAst can learn new attack patterns and adjust its detection accordingly. These blocks can last for hours. Telnet Interface Administrators will be immediately comfortable with the simple and powerful telnet interface to SecAst. . the user is immediately disconnected. If an attacker or user attempts to use the Asterisk server from a denied location. and based on administrator defined thresholds will set the threat level of the system. The heuristic scanner monitors a variety of Asterisk and network traffic patterns to detect suspicious activity. (which may be necessary for traveling sales staff. This allows administrators to grant particular users access regardless of location. a tablet. etc). Threat Level Management SecAst monitors the number and rate of attacks against the Asterisk server. preventing any further attempts. This also allows administrators to designate certain trunks / routes as trusted and others as untrusted. The interface includes blocking / unblocking IP's. Socket & REST Interfaces Developers will appreciate the socket and REST (Representational State Transfer) interfaces to SecAst. endpoints (users or phones). or a cell phone. days. or a cell phone. and user friendly rich terminal output. Changes in threat levels can trigger custom scripts. etc. including a PC. a tablet. SecAst can be configured to allow or deny access to any combination of these geographic attributes (as well as a default allow / deny behavior). SecAst includes sample PHP code to show how to extract data and control SecAst via a web service and via the socket interface. The security system can be managed and controlled from any browser. Browser Interface Seasoned administrators and novices alike will be comfortable with the simple and powerful browser (web) interface to SecAst. viewing attack history. and other system based features. call volumes. The security system can be managed and controlled from a telnet interface. correlate them with rules which indicate likely attacker activity. The interface includes online help. including the continent / country / region / city of each IP. checking threat levels. and then block the attacker at the network level. Geographic Allow / Deny SecAst incorporates a database of IPv4 and IPv6 address across the world. whether from a PC. notifications.

Box 33032 Ira Needles. Equally as . running SecAst on the same server as Asterisk avoids introducing a single point of failure on the critical VoIP traffic path in front of Asterisk. and compare them with responses expected by Asterisk. On. and activities performed by VoIP users (or attackers). telium P.O.telium.Technology SecAst runs as a service on Linux. normally running on the same server as Asterisk. Waterloo. This unique approach allows SecAst to look deep into the specific actions performed by users. the state of Asterisk. Canada www. correlate them with network data. N2T 0A2. This design allows SecAst immediate access to security events on the server as well as access to the network interface for monitoring. SecAst interfaces with a variety of subsystems to gather information about the state of the (519) 266-4357 info@telium.