securing the server

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

securing the server

Postby cdaniel » Sat Jun 25, 2016 7:14 pm

we were hacked and used our server to place calls, from what i heard using one of the extension which had registration ..what are best ways to protect against?
our engineers change the default dial prefix, http port 80 to another one ..would help complex extensions, different password registration?...what other measures?

thank you
cdaniel
 
Posts: 11
Joined: Mon Jun 20, 2016 3:37 pm

Re: securing the server

Postby shdw888 » Tue Jul 05, 2016 1:33 am

Hi Sir.. Please use the yast firewall custom set up.. thats the best firewall to secure your system
shdw888
 
Posts: 24
Joined: Thu Nov 19, 2015 6:04 am

Re: securing the server

Postby ZenTelecoms » Tue Jul 12, 2016 7:27 am

Good Day,

Block all incoming traffic except for your IP's and block the most common ports from being accessed from outside of you network.

E.g. mysql port, ssh port, sip port, ftp port and http port.
Vicidial Installation, Plus Hosting.
Email: sales@zentelecoms.com
ZenTelecoms
 
Posts: 5
Joined: Wed May 25, 2016 8:17 am

Re: securing the server

Postby mattyou1985 » Wed Jul 20, 2016 5:49 am

this is just the best to use http://viciwiki.com/index.php/DGG

thanks gos to williamconley as he posted it to me
mattyou1985
 
Posts: 111
Joined: Tue Apr 19, 2016 3:30 pm

Re: securing the server

Postby mattyou1985 » Wed Jul 20, 2016 5:56 am

all so when adding in soft phones its all ways best to do this GH20B =username Cb23CGb =password
even in vicidial you can add in under agents and lock the agents to that softphone then do agents user and pass totaley difrent from the soft phone makes it all most impossible to login and if not all rdy Change the server Defalt password to somthink like this A@bcdtH_H27D@bba the longer the better {not the web admin 6666}
mattyou1985
 
Posts: 111
Joined: Tue Apr 19, 2016 3:30 pm

Re: securing the server

Postby williamconley » Sun Sep 04, 2016 10:01 pm

1) Whitelist Lockdown your server. Once that is done: No unauthorized IPs will be able to access your server.

2) Set good passwords for all your sip accounts and user accounts. This helps in case of a failure of 1) (even temporarily).

3) SIP accounts should NOT be "100" through "10000". They should be alphanumeric. This only involves the "extension" field under admin->phones. It does not affect the dialplan or extensions.

4) Do use the instructions available here http://viciwiki.com/index.php/DGG which include whitelist lockdown instructions. It also includes Dynamic Good Guys itself which is merely an add-on to allow easy addition of Authorized IPs and even a mobile link to self-add from outside the system. But that is not necessary, all you really need is the instructions for whitelisting.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 113 guests