Mark Adams
2008-Jun-12 01:47 UTC
[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
Hello everyone, As I am new to the asterisk community (although have been on the list reading for about 6 months) I wanted to see what users would recommend for security to protect several asterisk/ vicidial servers over a fiber connection. Currently I have a managed switch (Tellabs 8813-310) from time warner but I am having intrusion issues on my linux server which I think are contributing to the asterisk process getting pegged at 100% cpu usage and causing us to manually reboot. (I know there are security issues as they have been additional users created on my server and irc junk was put in the home folder) Thanks in advance Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080611/5735e63c/attachment.htm
Alexander Lopez
2008-Jun-12 02:33 UTC
[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
In the VERT least shut down un-needed services, use iptables to block traffic to/from untrusted sources, and if at all possible hire a consultant that can help you. Alex ________________________________ From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Mark Adams Sent: Wednesday, June 11, 2008 9:48 PM To: asterisk-users at lists.digium.com Subject: [asterisk-users] aSTERISK / Vicidial systems over 4MB fiber Hello everyone, As I am new to the asterisk community (although have been on the list reading for about 6 months) I wanted to see what users would recommend for security to protect several asterisk/ vicidial servers over a fiber connection. Currently I have a managed switch (Tellabs 8813-310) from time warner but I am having intrusion issues on my linux server which I think are contributing to the asterisk process getting pegged at 100% cpu usage and causing us to manually reboot. (I know there are security issues as they have been additional users created on my server and irc junk was put in the home folder) Thanks in advance Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080611/c1651ee5/attachment.htm
Steve Edwards
2008-Jun-12 03:24 UTC
[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
On Wed, 11 Jun 2008, Mark Adams wrote:> (I know there are security issues as they have been additional users > created on my server and irc junk was put in the home folder)If the box has been compromised, the only recourse is to erase the drives and start over. You can't trust anything on the box. Off the top of my head, this is how I would approach the problem. 1) Identify how the box was compromised. (A client box was recently (last 30 days) hacked. It was an old AAH installed by the client. The hacker used the default password on the admin account to exploit a buffer overflow in crond to gain root.) 2) Save any essential data -- and only the data, no executables. 3) Take the box off the Internet. 4) Boot DBAN and let it do it's thing. 5) Install a minimal OS from CD/DVD. 6) Clean up after the install -- turn off services, delete users, delete packages, add packages, etc. 7) Bring up to current patch level from your private repository. 8) Expose the box to the Internet. 9) Cross your fingers and actively monitor the box. Thanks in advance, ------------------------------------------------------------------------ Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000