Manualshelf

System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M
291292293294295296297298299300
Toll Fraud
Toll fraud is by far the biggest risk to your phone system in terms of the potential for
ruinous cost. It is not unheard of for fraudsters to rack up tens of thousands of dollars
in stolen phone calls over the course of a few days.
Toll fraud is not a new thing, having existed prior to VoIP; however, the enabling nature
of VoIP means that it is easier for fraudsters to take advantage of unsecured systems.
Most carriers will not take responsibility for these costs, and thus if your system is
compromised you could be stuck with a very large phone bill. While carriers are getting
better and better at alerting their customers to suspicious activity, that does not absolve
you of responsibility for ensuring your system is hardened against this very real and
very dangerous threat.
Within your Asterisk system, it is vitally important that you know what resources on
your system are exposed to the outside world and ensure that those resources are secure.
The most common form of toll fraud these days is accomplished by brute-force attack.
In this scenario, the thieves will have a script that will contact your system and attempt
to register as a valid user. If they are able to register as a telephone on your system, the
flood of calls will commence, and you will be stuck with the bill. If you are using simple
extension numbers and easy-to-guess passwords, and your system accepts registrations
from outside your firewall, it is certain that you will eventually be the victim of toll fraud.
Brute-force attacks can also cause performance problems with your system, as one of
these scripts can flood your router and PBX with massive numbers of registration at-
tempts.
The following tactics have proven successful in minimizing the risk of toll fraud:
1. Do not use easy-to-guess passwords. Passwords should be at least eight characters
long and contain a mix of digits, letters, and characters. 8a$j03H% is a good pass-
word.
1234 is not.
2. Do not use extension numbers for your SIP registrations in sip.conf. Instead of
[1000], use something like a MAC address (something like [0004f2123456] would
be much more difficult for a brute-force script to guess).
3. Use an analysis script such as fail2ban to tweak your internal firewall to block IP
addresses that are displaying abusive behavior, such as massive packet floods.
The fail2ban daemon is emerging as a popular way to automatically
respond to security threats. We’ll discuss it further in Chapter 26.
† Actually, since it’s published in this book, it is no longer a good password, but you get the idea.
Security and Identity | 257