How to be secure using MOR
From Kolmisoft Wiki
Jump to navigationJump to search
How to be secure using MOR
This guide will give you some hints where you could improve your MOR system security
Passwords
- Never give passwords to people you do not trust
- Use only secure passwords:
- Your passwords must be at least 12 symbols length
- Your passwords must contain letters (a-z)
- Your passwords must contain numbers (0-9)
- Your passwords must contain special characters (!@#$%^&*() and so on..)
- You must use different passwords for all types of services, for example MOR GUI, ROOT, phpmyadmin and stats passwords must be different
- When using SSH - please consider using SSH keys instead of passwords. More information about SSH can be found here.
- Change passwords regularly. Some guides how to do it:
- Change root password
- Change stats password
- MOR GUI password - change it from user details
- Change all default MOR passwords after installation.
MOR good practices
- It is recommended to disable public new user registrations or to be careful with:
- Default user settings - it is common for new users to do these mistakes:
- DO NOT put any initial balance - if you do so you will give money for calling for your new customers for free - such service is often abused and one or more users make a lot of of free account registrations to call for free.
- DO NOT MAKE USER POSTPAID - if you do so with public registrations enabled and you set any credit for that user (it can also be automatically applied from default user settings) - that user will be allowed to call for free and you risk that the unknown customer will not pay you.
- Default user settings - it is common for new users to do these mistakes:
- Do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about this here, here and here.
- Use Action log feature in MOR to monitor suspicious users actions in MOR system. Keep an eye on Hacking attempt messages here - they indicate that the user is trying to access MOR GUI places/features which are not allowed for him to use. More information about Action log can be found here.
Additional software to increase MOR system security
MOR Monitorings Addon
Monitorings Addon addon will protect your from high money losses. More information about this addon can be found here.
Fail2Ban
Fail2Ban is installed by default in MOR systems and protects these services against brute force attacks:
- SSH
- Asterisk - from registration attacks
More information about Fail2Ban can be found here.
Iptables
It is a default Linux firewall and is installed by default in all MOR systems. Although additional configuration is needed in order it would protect you:
- Configure iptables that it would accept connections only to ports required for MOR system to work. More information about these ports can be found here.
- Allow connections to SSH (default TCP Port: 22) only from support.kolmisoft.com and systems you trust.
- If MOR GUI is not required for your business model - you can block access to it too (Default TCP ports: 80/443). Only remember to allow access to it from support.kolmisoft.com and the systems you trust.
Services
- Apache (httpd) - you must use SSL in order you and your users could surf MOR GUI safely. More information about installing SSL can be found here.
- Asterisk - do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about known insecure PBX systems here, here and here.
Very advanced techniques for highly technically skilled people
For these techniques Kolmisoft does not provide any support.
- Port knocking (can be used for SSH or GUI access if it is not used publicly). More information about this technique can be found here.
- Intrusion prevention systems: Cisco Suricata