VoipSwitch Security Audit



Similar documents
SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Setting Up Scan to SMB on TaskALFA series MFP s.

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

VERSION 9.02 INSTALLATION GUIDE.

Windows Remote Access

SECURING YOUR REMOTE DESKTOP CONNECTION

EZblue BusinessServer The All - In - One Server For Your Home And Business

IIS, FTP Server and Windows

Application Note: FTP Server Setup on computers running Windows-7 For use with 2500P-ACP1

Plesk 11 Manual. Fasthosts Customer Support

Server Installation, Administration and Integration Guide

EZblue BusinessServer The All - In - One Server For Your Home And Business

Nixu SNS Security White Paper May 2007 Version 1.2

Securing Remote Desktop for Windows XP

Service & Support. How do you create a communication of RDP with an Industrial Thin Client SIMATIC ITC? Thin Client.

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Locking down a Hitachi ID Suite server

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Virtual Code Authentication User s Guide. June 25, 2015

RemotelyAnywhere. Security Considerations

Manual Password Depot Server 8

Grandstream Networks, Inc. UCM6100 Security Manual

Global TAC Secure FTP Site Customer User Guide

Remote Administration

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Security Advice for Instances in the HP Cloud

Summer Webinar Series

First Steps after Installation Guide

Network Configuration Settings

Livezilla How to Install on Shared Hosting By: Jon Manning

A Decision Maker s Guide to Securing an IT Infrastructure

M2M Series Routers. Port Forwarding / DMZ Setup

Accessing the Media General SSL VPN

Immotec Systems, Inc. SQL Server 2005 Installation Document

Running the Tor client on Mac OS X

Release Notes for Websense Security v7.2

Parallels. for your Linux or Windows Server. Small Business Panel. Getting Started Guide. Parallels Small Business Panel // Linux & Windows Server

5. At the Windows Component panel, select the Internet Information Services (IIS) checkbox, and then hit Next.

Getting Started With Your Virtual Dedicated Server. Getting Started Guide

Using Internet or Windows Explorer to Upload Your Site

FIREWALL POLICY November 2006 TNS POL - 008

1 Accessing accounts on the Axxess Mail Server

Spector 360 Deployment Guide. Version 7

How to Access UF Health Jacksonville VPN services

EIOBoard Intranet Installer Guide

Contents Minimum Requirements... 2 Instructions... 2 Troubleshooting... 7

FileCloud Security FAQ

Activity 1: Scanning with Windows Defender

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

University of Wisconsin System Shared Financial System (SFS) PeopleTools 8.53 Client Setup Guide

Customer Control Panel Manual

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

User Guide - escan for Linux File Server

Security White Paper The Goverlan Solution

Site Monitor. Version 5.3

Safety and Health Grant Program Database Remote Access Installation Guide

CONTENTS. PCI DSS Compliance Guide

VPS Hosting. The Guide to Bet Angel VPS. Getting started with Bet Angel VPS. Revised August Page 1

Cyber Security: An Introduction

MS Terminal Server Cracking

How to install phpbb forum on NTU student club web server

F-SECURE MESSAGING SECURITY GATEWAY

1. Installation Overview

Remote Administration

Windows 7 Hula POS Server Installation Guide

Common Cyber Threats. Common cyber threats include:

Pearl Echo Installation Checklist

Security. TestOut Modules

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Using TS-ACCESS for Remote Desktop Access

Scan to SMB(PC) Set up Guide

Installation Instructions

Using Remote Desktop with No-IP

Penetration testing. A step beyond missing patches and weak passwords

A D M I N I S T R A T O R V 1. 0

SingTel PowerON Desktop Backup

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Setting Up Your FTP Server

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Sophos Computer Security Scan startup guide

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

McAfee.com Personal Firewall

LifeCyclePlus Version 1

TAO Installation Guide v0.1. September 2012

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

SchoolBooking SSO Integration Guide

Lab 1: Windows Azure Virtual Machines

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Five Steps to Improve Internal Network Security. Chattanooga ISSA

HOW TO USE THE File Transfer Protocol SERVER ftp.architekturaibiznes.com.pl

Introduction. Just So You Know... PCI Can Be Difficult

Simple. Control Panel. for your Linux Server. Getting Started Guide. Simple Control Panel // Linux Server

Novell Open Workgroup Suite

ManageEngine IT360. Professional Edition Installation Guide.

Transcription:

VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has also assigned second IP address : 22.22.22.22 1. Firewall Checking firewall status and rules regularity. Customer claimed that there is no external firewall before server. Windows Server Firewall was turned on and configured with standard VoipSwitch rules (there were rules added for proper running Voipswitch modules). One rule named Rule allows all incoming TCP traffic which is serious risk for server's safety. 2. Access Policy Checking all access ways to the server. Checking users/passwords policy. Server had two access ways : Remote Desktop Radmin software

Remote desktop : on standard port open in Windows Firewall for all IP addresses password was strong Radmin software on standard port not limited for IP in Radmin software open in Windows Firewall for all IP addresses password was weak (6 letters without numbers and special chars) Users policy: Only Administrator user had access with administrator's privileges and there weren't any other users with access privileges.

3. Backdoor check Checking most common backdoor on Windows based system. Image File Execution Options in Registry was clear. Sethc.exe file was original. There wasn't backdoor set. 4. Antivirus Scan Microsoft Security Essentials full scaning. Microsoft Security Essentials full scan didn't point any suspicious files.

5. Processes Checking all unsigned processes which may affect on server's safety. Processes checked with Micrososft Process Explorer tool. There weren't any suspicious processes running. 6. Services Checking all running services which may affect on server's safety. Except Voipswitch and Radmin Server services there were no additional services added. 7. Installed applications Checking all unwanted applications which may affect on server's safety. There werent any unwanted applications installed. 8. Task Scheduler Checking all scheduled tasks which may affect on server's safety. There was task which starts unauthorized powershell script at system's startup. Script was in d:\install directory. Named as hack.ps1

9. Autostart Checking all autostart entries. There were two applications which start with system: Microsoft Security Essentials client Cobian application These applications were authorized by customer.

10. Shared Files Checking all shared spaces available from external networks. On www server space there was zipped vsportal folder. It contained config files with database credentials. Listing directory was turned off, but anyone who guessed name of file, could download it.

There wasn't any FTP similar service. There were no other shared/public folders. 11.Database Checking databases users privileges, database port. MySQL server database was running on 3306 port. Port was closed in Windows Firewall. There is only root user available on localhost.

12. Access logs Checking availability of all access logs. List of all logged IP addresses (on request). RDP : Logs are available since 1 st Dec 2012 due size of log file. All connections were only from confirmed by client IP address. Radmin : Events log was turned off. There wasn't possibility of checking logs. 13.Security of VoipSwitch modules Checking versions, settings of VoipSwitch modules. Checking passwords strength of clients. Access password to VSC3 was weak (only 5 letters, without special characters). All other clients passwords are strong. All web modules versions was the latest and stable.

14. Open ports External TCP port scan of server. IP: 11.11.11.11 Open ports : 80,110,135,143,403,443,1720,1800,1801,1804,1935,5060,7070,9090 IP: 22.22.22.22 Open ports : 80,110,135,143,403,443,1720,1800,1801,1804,1935,5060,7070,9090 15. Hacking incident (if exists) Investigation based on customer's informations/suspiscions. Client didn't provide any information about hacking incidents 16. Changes on server after audit (on request) Rule named 'Rule' was deleted in Windows Firewall. Radmin access password was changed Task named 'Hack' was deleted in Task Scheduler Zipped VSPortal was removed in wwwroot2 Quota for security logs was increased Radmin access logs was turned on VSC3 password was changed

Security Advices 1. Access Access port should be other than default. Default ports for example access services: Remote Desktop Services (3389) Radmin (4899) VNC (5900, 5800, 5500) Access should be limited to few IP addresses All remote support connections will be established from our VPN IP 5.133.9.236 / 94.23.43.130. Remote access should be limited on your firewall only to 5.133.9.236 / 94.23.43.130 and the switch owner IP address. 2. Users policy The best if after system installation (before VoipSwitch installation) you will create separate user account than Administrator. It helps fight with any scan attack or brute-force attack, because every server has Administrator account. You may use very strong password for Administrator account and create other account with administrator's privileges for all works on server (like installations, support works, etc.). Only you should know Administrator account password and no one else. Once for month you should check users list for any not authorized changes. 3. Passwords policy Make sure that your password is strong.

Strong means: has at least seven letters doesn't contain a name or dictionary wordis different from other/previous passwords contains characters from each of four groups: uppercase letters, lowercase letters, numbers, symbols on the keyboard except letters and numbers Password can't be longer than 127 characters. Password should be changed at least once for month. Do not provide logins or passwords in Tickets Comments and e-mails. Change your access username/password once Voipswitch Support have completed their work and the ticket has been closed. 4. Updates Every system need to be updated, due new features or fixing old. Also in security, there are many updates which improve server's safety. All the latest updates should be installed. You should schedule restars of server if needed. 5. Firewall As your server has public IP address, everyone can check it on the Internet. Everyone can send ports scan or any brute force (to break your passwords) or flood attack (to block your network). Nowadays it's unacceptable to not use a firewall on the server. 6. Antivirus Application Every Windows based server has Internet Explorer browser. If you don't have installed the latest updates, browsing the Internet on server is pretty dangerous. Antivirus application will help check if any unauthorized software is on server (even by mistake). We recommend Microsoft Security Essentials application. Don't install any 3rd party applications if you are not sure that are safe.

7. Few advices for VPS modules. After fresh VoipSwitch installation process, change Admin password into VSM/VSC. Don't create users with passwords shorter than 6 characters. Remember that Wholesale Clients may be authorized not only by IP address and set strong password for them too. Check Logs window on VoipSwitch application - you will notice any unauthorized register or call attempts there.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information