Brekeke Software Security Advisory: Protect your SIP system from SIP Attack
Published: December 21, 2010
Recently, there have been increased reports of VoIP/SIP attacks and other fraudulent activities. The typical attack tries to make a large number of registrations (10,000 or more) on your server, either resulting in taking down your server with excessive traffic or finding a way to use your server to make free calls.
To avoid these malicious attacks, we recommend the following security measures for your SIP environments that use Brekeke products:
– Update Brekeke products to the latest version available. Download updates from:
http://www.brekeke.com/download/download_list.php
– Follow the instructions in section 8 (Security) of the Brekeke SIP Server Administrator’s Guide:
http://www.brekeke-sip.com/download/bss/v2_x/bss_admin_en.pdf
– Create a strong password (at least six characters including a combination of upper/lower-case letters and numbers).
– Choose a strong and unique user name.
– Delete all unnecessary/inactive users (extensions, registered users, etc.).
– Use the Address Filtering feature, referring to the wiki topic below for configuration details:
http://wiki.brekeke.com/wiki/Avoid-attacks
– Use a firewall in front of Brekeke SIP Server/Brekeke PBX to block unknown remote IP addresses.
– Add a dial plan to reject SIP attacks, using the following wiki topic as a guide:
http://wiki.brekeke.com/wiki/Avoid-attacks
– If possible, choose a unique prefix number for PSTN (analog) lines.
Here are some additional resources for protecting your SIP system from attacks:
http://wiki.brekeke.com/wiki/Security
http://wiki.brekeke.com/wiki/Avoid-attacks
http://wiki.brekeke.com/wiki/Connect-to-the-BSS-Admintool-with-SSL
[Privacy Statement] At Brekeke Software, we recognize that your privacy is very important, which is why we will never share your e-mail address with anyone. Read more about Brekeke’s Privacy Policy at http://www.brekeke.com/company/company_privacy.php.
Copyright © 2010 Brekeke Software, Inc. All rights reserved.