DrainBamage Posted May 11, 2017 Share Posted May 11, 2017 Is there any real world resources out there, non-vendor or vendor specific, that addresses PBX fraud? How it is done, how to prevent, how to detect early? I am encountering too many end users with cracked CPE. I am wondering the best way for me to intelligently talk about it with them. I am seeing most of the vendors to be Cisco, NEC, ShoreTel (who have been difficult to work with, they claim their solution to be infallible), and a surprising number of Yeastar implementations (as there are so few out there). It is not limited to these, I also see most other vendors out there too but not as often. I understand a number of SIP hacks but I think I need to know more. Also looking when the only external access is the auto-attendant. White, grey, or black-hat, I do not care the source. Quote Link to comment Share on other sites More sharing options...
taswanita Posted October 25, 2017 Share Posted October 25, 2017 i am looking for the same answer hope someone helps Quote Link to comment Share on other sites More sharing options...
rottingsun Posted November 11, 2017 Share Posted November 11, 2017 There's a few basic strategies, some hardware based and some software based. Normally a special type of firewall called a session border controller is placed in front of the PBX. They're designed to address issues like toll fraud. Other things can be done too though. General PBX hardening best practices should be enforced, like strong SIP account passwords, limiting SIP sessions to only your authorized private subnets, not allowing outgoing international calling, not allowing outgoing calling to offshore US territories, turning off call transfer feature codes for incoming calls, not exposing your PBX directly to a public IP, etc. On top of that, you must monitor logs regularly. Here's a presentation that's FreePBX based but includes general best practices. https://player.vimeo.com/video/130328541 Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted November 14, 2017 Share Posted November 14, 2017 (edited) Open ports is a big issue here. It's the main access path for many hackers. 3CX deals with this quite well but ports are still 'open' in that they can be accessed from other site locations, if needed. Obscuring your ports (e.g. using something other than default) helps a bit, using hard passwords that make no sense whatsoever to anyone can help as well. A good firewall with all ports blocked save the ones needed (don't open any RDP ports - if you need remote-access use something like RD Gateway - these ports some are the most commonly hacked) is the way to go. With your PBX admin accounts, I would only make one Admin account - having that one the only one to access any of the more dangerous settings which you should manage. These settings would include things like whether international calls should be allowed, whole-number redirects (redirecting your main number to another main number), inter-state calls etc. Anything that might cost you ridiculous amounts of money. Also, with the Admin account, maybe naming it something obscure that doesn't make it look like an Admin account at first glance? Just generic like the others. I'm assuming you've had a Google around for answers? You might've seen these pages: PBX Hacking: How it worksWHAT IS PABX FRAUD & WHY DO YOU NEED TO KNOW ABOUT IT?PBX Fraud Information There's tonnes out there on this stuff - which is only logical because it does cost hundreds of thousands of dollars if it does happen (usually, depends on what the hacker is trying to do). Edited November 14, 2017 by Dave-ee Jones Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.