[App_rpt-users] Stepping on toes...

Bryan D. Boyle bdboyle at bdboyle.com
Mon Jul 11 18:31:26 UTC 2016


if you have ports exposed to the net, you will be probed, and occasionally flooded by attempts to crash your system(s).  Mostly Chinese and eastern European actors.  The current market, worldwide, for information security, is in the hundreds of billions of dollars being spent in research, development, analysis, etc. and there are currently, in the US, an estimated 500k job openings that are going unfilled; by 2020, it's estimated that number will grow to 1 MILLION open requisitions.

Hopeless?  No, but you have to be right 100% of the time...the thugs only have to be right once.

What you're seeing is nothing new; since I entered the field in '88, the same patterns of activity have been going on, and what has developed is a lot of appliances and FUD being used to sell said appliances, but, the same types of issues are there.

So...what to do?

1.  Minimize the attack surface.  Repeat the maxim "That which is not expressly permitted is prohibited" until it becomes second nature.  Your boundary should be, as much as possible if you are providing services, statically configured.  uPNP is there for the clueless so they can play xbox and watch tv on Sling.  Turn it off.  static IP inside, port forwarding strictly enforced.  PITA?  Yes.  Just do it. keep records.  the crooks do.

2. Minimize attack surface on your systems.  Stuff is cheap enough that, if you need multiple services (mail, Squid, app-rpt, web, whatever) you can stand up purpose-built servers for those services very cheaply.  Divide and conquer; if your mail server gets hacked, it only affects your mail server, not your doc store, web server, asterisk, etc.  

3. Strong passwords.  like Real Strong.  8 is not enough anymore.  upper, lower, special characters, numbers.  each single character more than 8 is a magnitude greater to hack.

4. back to 2; if you aren't using a service (print, etc), turn it off on the system that doesn't need it.  it's just shutting down another exploit vector.

5. Think like a criminal who is looking to subvert your connection.  And if something doesn't feel right, it isn't, and requires some work on your part.  open source scripts and such are a good start, but not the only answer. 

6. Go to your local bookstore and find a good book on network security and read it.  Google best practices from known good vendors (IBM, AT&T, NIST, etc).  If you are going to play on the network, you darn well better know the minefield you are walking into.  

--
Bryan Boyle, CISSP/GIAC/CISM
WB0YLE
Sent from my iPhone 6S...No electrons were harmed in the sending of this message.



> On Jul 11, 2016, at 14:02, Loren Tedford <lorentedford at gmail.com> wrote:
> 
> I suppose while we are stepping on toes I want to ask about the proper way of securing a dial box from our wonderful hackers out their.. Been using ufw and fail2ban but found out recently nothing is invincible.. any thoughts?? By the way any progress on asterisk crashes?? I can't find a reason for the crashes in the logs..
> 
> Also what is the status on updating asterisk to a more current version?? Any issues with that?? 
> 
> 
> Loren Tedford (KC9ZHV) 
> Email: lorentedford at gmail.com
> Phone: 
> Fax: 
> http://www.lorentedford.com
> http://kc9zhv.com
> 
> Sent from Droid Turbo from Verizon wireless network
> 
>> On Jul 11, 2016 12:34 PM, "Steve Zingman" <szingman at msgstor.com> wrote:
>> Yes,
>> I've seen it before. Ramesh asked the question here and a couple of us had some questions as to his configuration. I think he is in process of gathering info so we can trouble shoot more.
>> I't not hard to get lists confused.
>> 
>> Steve
>> 
>>> On 7/11/2016 1:30 PM, DuaneVT . wrote:
>>> Thanks Steve. You have helped me several times here I believe. Perhaps it was the ARM Allstar list I should have ranted to. As some posts get shared between lists, it is hard not to end up on another list.  
>>> Here is an example. I felt for the questioner...
>>> "Message: 3
>>> Date: Sun, 10 Jul 2016 09:53:39 -0400
>>> From: Doug Crompton <doug at crompton.com>
>>> To: ARM Allstar <arm-allstar at hamvoip.org>
>>> Subject: Re: [arm-allstar] Using "A" and "B" audio outputs using the
>>>         DIAL Image on a RPi
>>> Message-ID: <BLU171-W25439CF444D3509E8F7BE5BA3E0 at phx.gbl>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>> 
>>> Ramesh,
>>> 
>>>  This is NOT a dial list, ask elsewhere! It works fine on the hamvoip.org code.
>>> 73 Doug
>>> WA3DSP
>>> http://www.crompton.com/hamradio
>>> 
>>> 
>>> > To: arm-allstar at hamvoip.org
>>> > Date: Sun, 10 Jul 2016 07:34:57 -0400
>>> > Subject: [arm-allstar] Using "A" and "B" audio outputs using the DIAL Image   on a RPi
>>> > From: arm-allstar at hamvoip.org
>>> > CC: Ramesh at va3uv.com
>>> >
>>> > Hi All:
>>> >
>>> > I am using the DIAL Image on a PRi 2; I would like to use the "A" and
>>> > "B" audio outputs from my fob (A for voice and B for PL), so that I can
>>> > inject them into separate points on my exciter.
>>> >
>>> > I was able to get 2 'discrete' audio outputs when running ACID on a PC.
>>> > This doesn't seem to be working with the Pi / DIAL.  Is anyone running
>>> > this configuration on a Pi?
>>> >
>>> > Thx,
>>> >
>>> > Ramesh.
>>> >
>>> > # 27919 and a truck load of others!
>>> ​"
>>> 
>>> Sheesh, I want to help everyone....
>>> Thanks again until my next question HERE,
>>> Duane ​
>>> 
>>> On Mon, Jul 11, 2016 at 1:06 PM, Steve Zingman <szingman at msgstor.com> wrote:
>>>> Duane,
>>>> When were you told on the App_rpt-users list to go elsewhere with DIAL questions? DIAL is the official distribution for AllStar. Support questions SHOULD be posted here. I know that other lists limit their support to THEIR distribution and have curtly told DIAL users to go elsewhere for support. I do not remember seeing your question on here. If I missed it, I'm sorry. I TRY to help out with DIAL and general Asterisk questions when possible.
>>>> 
>>>> 73, Steve N4IRS
>>>> INAD 
>>>> 
>>>>> On 7/11/2016 12:42 PM, DuaneVT . wrote:
>>>>> I too have asked questions here concerning DIAL and been told curtly to go elsewhere. As DIAL distros have all the files included and interface to the FOBs and SBCs, where do we draw the line? I have followed all instructions for installing the software and had fresh boot problems. It was hard to tell where the problem was, but when I am new to Linux/DIAL and the whole Allstar project, I looked for guidance where I found discussions. There is an Allstar Link community on Google+, and you will see I have all except 1 postings! Crickets.........
>>>>> Perhaps the moderator/users here could post a list of URLs for different aspects of AllStar Link so us Newbies would know where to hang out.
>>>>> I have had GREAT support from other listers here by direct email after each post and I sincerely thank all who have taken an interest in someone who has to learn as we all do.
>>>>> 73,
>>>>> Duane  KA1LM  #42996
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> App_rpt-users mailing list
>>>>> App_rpt-users at ohnosec.org
>>>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>>> 
>>>>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>>>>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 
>>>> 
>>>> -- 
>>>> "Anything is possible if you don't know what you are talking about."
>>>> 1st Law of Logic
>> 
>> -- 
>> "Anything is possible if you don't know what you are talking about."
>> 1st Law of Logic
>> 
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>> 
>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20160711/4b84b24b/attachment.html>


More information about the App_rpt-users mailing list