Difference between revisions of "How to be secure using MOR"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 45: Line 45:
   
   
* Apache (httpd) - you must use SSL in order you and your users could surf MOR GUI safely. More information about installing SSL can be found [[Setting_up_https_secure_connection|here]].
* Apache (httpd) - you must use SSL in order you and your users could surf MOR GUI safely. More information about installing SSL can be found [[Setting_up_https_secure_connection|here]].
* Asterisk - do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about known insecure PBX systems [http://nerdvittles.com/?p=737 here],  [http://www2.elastix.org/en/component/kunena/116-security/73040-how-to-change-the-default-asteriskuser-password.html here] and [http://blogtech.oc9.com/index.php?option=com_content&view=article&catid=18:securite--security&id=263:security2011-04&Itemid=6 here].
<br><br>
<br><br>
* Asterisk - do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about known insecure PBX systems [http://nerdvittles.com/?p=737 here],  [http://www2.elastix.org/en/component/kunena/116-security/73040-how-to-change-the-default-asteriskuser-password.html here] and [http://blogtech.oc9.com/index.php?option=com_content&view=article&catid=18:securite--security&id=263:security2011-04&Itemid=6 here].

Revision as of 05:56, 18 October 2011

How to be secure using MOR

This guide will give you some hints where you could improve your MOR system security

Passwords

  1. Never give passwords to people you do not trust
  2. Use only secure passwords:
    1. Your passwords must be at least 12 symbols length
    2. Your passwords must contain letters (a-z)
    3. Your passwords must contain numbers (0-9)
    4. Your passwords must contain special characters (!@#$%^&*() and so on..)
  3. You must use different passwords for all types of services, for example MOR GUI, ROOT, phpmyadmin and stats passwords must be different
  4. When using SSH - please consider using SSH keys instead of passwords. More information about SSH can be found here.



MOR good practices

  1. It is recommended to disable public new user registrations or to be careful with:
    1. Default user settings - it is common for new users to do these mistakes:
      1. DO NOT put any initial balance - if you do so you will give money for calling for your new customers for free - such service is often abused and one or more users make a lot of of free account registrations to call for free.
      2. DO NOT MAKE USER POSTPAID - if you do so with public registrations enabled and you set any credit for that user (it can also be automatically applied from default user settings) - that user will be allowed to call for free and you risk that the unknown customer will not pay you.
  2. Do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about this here, here and here.
  3. Use Action log feature in MOR to monitor suspicious users actions in MOR system. More information about Action log can be found here.



Additional software to increase MOR system security

MOR Monitorings Addon

Monitorings Addon addon will protect your from high money losses. More information about this addon can be found here.

Fail2Ban

Fail2Ban is installed by default in MOR systems and protects these services against brute force attacks:

  • SSH
  • Asterisk - from registration attacks

More information about Fail2Ban can be found here

Iptables

It is a default Linux firewall and is installed by default in all MOR systems. Although additional configuration is needed in order it would protect you:

  • Configure iptables that it would accept connections only to ports required for MOR system to work. More information about these ports can be found here.
  • Allow connections to SSH (default TCP Port: 22) only from support.kolmisoft.com and systems you trust.
  • If MOR GUI is not required for your business model - you can block access to it too (Default TCP ports: 80/443). Only remember to allow access to it from support.kolmisoft.com and the systems you trust.



Services

  • Apache (httpd) - you must use SSL in order you and your users could surf MOR GUI safely. More information about installing SSL can be found here.
  • Asterisk - do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about known insecure PBX systems here, here and here.