Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

The Hackers are Here! Use 3CX SBC as an Intrusion Detection Agent!

Discussion in 'Ideas' started by epodworksnet, Mar 1, 2017.

The Hackers are Here! Use 3CX SBC as an Intrusion Detection Agent! 3 5 1votes
3/5, 1 vote

  1. epodworksnet

    Jun 3, 2010
    Likes Received:
    With the coming of age of more and more hackerware VoIP is becoming an ever larger target!

    As an example; SIPVicious which is FREE Open Source collection of Python scripts that work as a Session Initiation Protocol auditing tool. At first glance, it’s a seemingly harmless way to test vulnerabilities of your SIP platform. Maybe you’ve even used it before to perform silent INVITE scans. Unfortunately, while being used for good, it’s also being exploited for reconnaissance attacks against IP, VoIP Telephone Handsets and PBX systems.

    For customers, svcrack could potentially be the most terrifying and costly if placed in the wrong hands. With leaked passwords, hackers are able to gain unnerving control over Telephone Handsets and maybe the PBX . I have not tested to see if the devices on the LAN side of the SBC are monitored in the same way the WAN side of the PBX with automatic blacklisting of ill behaved IP Addresses. Once a hacker gets the results from svcrack, they can then register a SIP device and use it for their content.

    While internal password policies can help avoid these situations, additional security measures by 3CX can and should be taken. If we wanted to operate under the assumption of worst-case scenario security, hackers could crack a 4 or 5 character alpha-numeric passwords in minutes.3CX needs to increase the length of all Telephone Handset related password (SIP and Web UI) with passwords that can meet 80bits of entropy or more!

    Further, the SBC is in the right place in a VoIP network design to be the perfect choke point to also act as an Intrusion Detection (ID) Collection Agent forwarding ID Messages to the PBX for central logging collation and determination of a security threat, by the PBX, similar in the way 3CX manages the IP Blacklist. Moreover the 3BC should also act a Syslog Server to have Syslog Entries from the Telephone Handsets relayed to the PBX. This is another key part in ID so arms with the Syslog entries the PBX can track dictionary attacks against telephone handsets plus this would be a help to Cloud Hosted PBX Service Provides to have visibly of the state of all of the Telephone Handsets on the network! Of course some of this ID technology should be built into the 3CX PBX for Telephone Handsets that are on the 3CX PBX's LAN.

    The Hackers are here and we need more defenses to protect the PBX and the Telephone Handsets.