HomeDownloadDocumentationScreenshotsDemoSupportNewsReviewsContact

Installing

Login

Update

Configuring

How To

User Features

Security Issues

Documentation bullet Security Issues regarding FreeSentral

Documentation.SecurityIssues History

Hide minor edits - Show changes to output

February 23, 2012, at 12:50 AM by monica -
Added lines 23-24:

To see the protections added in Freesentral for this issues and how you can protect your network continue reading the below points.
Restore
February 23, 2012, at 12:43 AM by monica -
Added lines 52-56:

[[#dos]]
!!Denial of service attacks

To cope with DOS attacks a global script: banbrutes.php was added that drops traffic from ip address that send to many requests. In order to use it you need to run yate as root and have iptables installed on the server.
Restore
February 23, 2012, at 12:31 AM by monica -
Changed lines 44-45 from:
In case an user account was breached, the majority of the theft of service attacks result in a high number of international/expensive calls being made from that account. Freesentral includes protection for this attacks. In case specified limits for international calls are passed international calls are disabled and all international calls are rejected until administrator enables them again. Read more about this [[http://freesentral.com/index.php/Documentation/Outbound#international_calls|here]]
to:
In case an user account was breached, the majority of the theft of service attacks result in a high number of international/expensive calls being made from that account. Freesentral includes protection for this attacks. In case specified limits for international calls are passed international calls are disabled and all international calls are rejected until administrator enables them again. Read more about this [[http://freesentral.com/index.php/Documentation/Outbound#international_calls|here]].
Added lines 50-51:

For better security, support for TLS connections between Freesentral and SIP gateways was added. To use it, set Transport to TLS when defining a gateway.
Restore
February 23, 2012, at 12:14 AM by monica -
Added lines 40-44:

[[#international_calls]]
!!International calls protection

In case an user account was breached, the majority of the theft of service attacks result in a high number of international/expensive calls being made from that account. Freesentral includes protection for this attacks. In case specified limits for international calls are passed international calls are disabled and all international calls are rejected until administrator enables them again. Read more about this [[http://freesentral.com/index.php/Documentation/Outbound#international_calls|here]]
Restore
April 22, 2010, at 05:36 PM by cristina -
Changed line 3 from:
(:order_number: 5:)
to:
(:order_number: 8:)
Restore
April 05, 2010, at 01:15 PM by 85.204.142.178 -
Changed lines 9-10 from:
[[#ip_pbx|IP PBX]]
to:
[[#ip_pbx]]
!!IP PBX
Restore
April 05, 2010, at 01:14 PM by 85.204.142.178 -
Changed line 7 from:
(:toc anchors=visible:)
to:
(:toc:)
Restore
April 05, 2010, at 01:13 PM by 85.204.142.178 -
Changed lines 9-10 from:
[[#ip_pbx]]
!!IP PBX
to:
[[#ip_pbx|IP PBX]]
Restore
April 05, 2010, at 01:05 PM by 85.204.142.178 -
Changed line 7 from:
(:#toc:)
to:
(:toc anchors=visible:)
Restore
April 05, 2010, at 01:02 PM by 85.204.142.178 -
Changed line 7 from:
(:toc:)
to:
(:#toc:)
Restore
April 05, 2010, at 12:59 PM by 85.204.142.178 -
Changed line 7 from:
(:tocportion TableOfContents:)
to:
(:toc:)
Restore
April 05, 2010, at 12:30 PM by 85.204.142.178 -
Changed lines 28-29 from:
to:
You can see the failed attempts in the Logs section.
Changed lines 37-40 from:
#Admin's password is very important when wanting to properly secure the system. If the admin's account is broken into, then the hacker can easily create new accounts and/or use Impersonate for existing accounts.

#Passwords for SIP calls are encrypted using the MD5 algorithm. This ensures that the users' passwords can not be deciphered by anyone. Of course, this advantage fades if the password is not strong enough and a determined hacker reviles its' value.
to:
#Admin's password is very important when wanting to properly secure the system. If the admin's account is broken into, then the hacker can easily create new accounts and/or use Impersonate for existing accounts. The first thing you should do it's to change the admin password.
Changed line 49 from:
to:
Changed line 82 from:
to:
Deleted lines 97-103:
Restore
April 05, 2010, at 12:23 PM by 85.204.142.178 -
Added lines 1-113:
Restore
March 10, 2010, at 04:39 PM by cristina -
Deleted lines 0-112:
Restore
March 10, 2010, at 04:22 PM by cristina -
Changed line 84 from:
to:
Restore
March 10, 2010, at 04:17 PM by cristina -
Changed line 12 from:
Problems such as those mentioned above have a great probability to occur in every IP PBX. These problems are severe security issues and their consequences affect the proper functioning of the IP PBX.
to:
Problems such as those mentioned above have a great probability to occur in every IP PBX. These problems are severe security issues and their consequences affect the functionality of the IP PBX.
Restore
March 10, 2010, at 04:16 PM by cristina -
Changed line 99 from:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/msec-f_command.jpg
to:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/msec_f_command.jpg
Restore
March 10, 2010, at 04:10 PM by cristina -
Added lines 89-90:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/msecgui_command.jpg
Changed lines 95-115 from:




















to:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/msecgui.jpg
Changed lines 99-113 from:














to:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/msec-f_command.jpg
Restore
March 10, 2010, at 04:02 PM by cristina -
Changed lines 37-41 from:
Admin's password is very important when wanting to properly secure the system. If the admin's account is broken into, then the hacker can easily create new accounts and/or use Impersonate for existing accounts.

Passwords for SIP calls are encrypted using the MD5 algorithm. This ensures that the users' passwords can not be deciphered by anyone. Of course, this advantage fades if the password is not strong enough and a determined hacker reviles its' value.

When exporting extensions the passwords are exported unencrypted. It is very important that the files containing these informations not to fall in the hackers' hands. This could break in a major security problem.
to:
#Admin's password is very important when wanting to properly secure the system. If the admin's account is broken into, then the hacker can easily create new accounts and/or use Impersonate for existing accounts.

#Passwords for SIP calls are encrypted using the MD5 algorithm. This ensures that the users' passwords can not be deciphered by anyone. Of course, this advantage fades if the password is not strong enough and a determined hacker reviles its' value.

#When exporting extensions the passwords are exported unencrypted. It is very important that the files containing these informations not to fall in the hackers' hands. This could break in a major security problem.
Restore
March 10, 2010, at 04:01 PM by cristina -
Changed lines 68-69 from:
Allow: ACK, INVITE, BYE, CANCEL, REGISTER, REFER, OPTIONS, PRACK, INFO, SUBSCRIBE, MESSAGE, NOTIFY, PUBLISH
to:
Allow: ACK, INVITE, BYE, CANCEL, REGISTER, REFER, OPTIONS, PRACK, INFO, SUBSCRIBE, MESSAGE,
NOTIFY, PUBLISH
Restore
March 10, 2010, at 04:01 PM by cristina -
Changed lines 65-66 from:
WWW-Authenticate: Digest realm="Yate", nonce="578c75c4dac3859a4ce169a9e585aa0e.1266844943", stale=FALSE, algorithm=MD5
to:
WWW-Authenticate: Digest realm="Yate", nonce="578c75c4dac3859a4ce169a9e585aa0e.1266844943",
stale=FALSE, algorithm=MD5
Restore
March 10, 2010, at 04:00 PM by cristina -
Changed lines 55-69 from:














to:
[=
------
<sip:INFO> Received 525 bytes SIP message from 10.0.0.1:5060
------
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.0.17:5060;rport=5060;branch=z9hG4bK1128016479;received=10.0.0.17
From: <sip:091@elder.null.ro>;tag=816519612
To: <sip:091@elder.null.ro>
Call-ID: 529868862@elder.null.ro
CSeq: 1567 REGISTER
WWW-Authenticate: Digest realm="Yate", nonce="578c75c4dac3859a4ce169a9e585aa0e.1266844943", stale=FALSE, algorithm=MD5
Server: YATE/2.1.0
Allow: ACK, INVITE, BYE, CANCEL, REGISTER, REFER, OPTIONS, PRACK, INFO, SUBSCRIBE, MESSAGE, NOTIFY, PUBLISH
Content-Length: 0
=]
Restore
March 10, 2010, at 03:56 PM by cristina -
Deleted line 14:
Added lines 29-30:

%margin-left=25px% http://www.freesentral.com/uploads/Documentation/logs.jpg
Restore
March 10, 2010, at 03:33 PM by cristina -
Changed line 14 from:
to:
%margin-left=25px% http://www.freesentral.com/uploads/Documentation/security_issues_FS.jpg
Restore
March 10, 2010, at 03:10 PM by cristina -
Added lines 2-3:

(:order_number: 5:)
Restore
March 10, 2010, at 03:09 PM by cristina -
Added lines 1-139:
Restore