16 Jun
2011
16 Jun
'11
3:07 a.m.
Hi
After reading the modules pike, pipelimit, etc. I wanted to know what
measures can be used in the proxy, because like me, there will be more
people interested ;-).
We see that the module pike is a good security measure, but for users
with many channels, we used the configuration of users with few channels
(could we discriminate and make different rules for each?). If we have
the proxy settings for normal users and have trunk configuration as
well, I guess we also mark the traffic of the trunk to see it too
aggressive about the user. As you might know if discriminate different
types of users according to their traffic, one solution I can think of
is to have different proxies for each user type (trunk, normal, etc).
Is there any way to implement something that detects unusual behavior on
the user (referred to countries that do not ever called, excessive
traffic, etc)?. I ask not to try to implement something that exists or
perhaps someone can advise me how to do so because it is very likely not
get it or do it wrong :-P . Continue to seek information and if I find
something to contribute, send him to the list.
Can you think of some way more secure proxy (mainly user accounts)? Do
some basic safety tips to take into consideration? Any guidance? My
advice to avoid trying to schedule something with 100 lines of code when
I can do with 5 lines? Does this indicate that I intend to do not I make
it :-P ?. What I said, I will try paper on the subject and if I can find
information on something (though it may seem a bad code :-( ), which
publishes. Thanks ;-)
Regards
Anto
16 Jun
16 Jun
2:44 p.m.
On Thursday 16 June 2011, Anto wrote:
After reading the modules pike, pipelimit, etc. I
wanted to know what
measures can be used in the proxy, because like me, there will be more
people interested ;-).
We see that the module pike is a good security measure, but for users with
many channels, we used the configuration of users with few channels (could
we discriminate and make different rules for each?). If we have the proxy
settings for normal users and have trunk configuration as well, I guess we
also mark the traffic of the trunk to see it too aggressive about the
user. As you might know if discriminate different types of users according
to their traffic, one solution I can think of is to have different proxies
for each user type (trunk, normal, etc).
Hi Anto,
having different systems is one solution, you could also just use internally
in one server different traffic classes for the user sets you have.
Is there any way to implement something that detects
unusual behavior on
the user (referred to countries that do not ever called, excessive
traffic, etc)?. I ask not to try to implement something that exists or
perhaps someone can advise me how to do so because it is very likely not
get it or do it wrong :-P . Continue to seek information and if I find
something to contribute, send him to the list.
You should also look into the htable module for account/ password brute force
detection. If you want to implement something w/r to the origination country
of certain traffic, there is the geoip module which can provide you this
informations, wich you could also combine with the modules already discussed.
Can you think of some way more secure proxy (mainly
user accounts)? Do
some basic safety tips to take into consideration? Any guidance? My advice
to avoid trying to schedule something with 100 lines of code when I can do
with 5 lines? Does this indicate that I intend to do not I make it :-P ?.
What I said, I will try paper on the subject and if I can find information
on something (though it may seem a bad code :-( ), which publishes. Thanks
;-)
With regards to user accounts, one thing you probably want to look at is
password security and fraud or misuse detection logic. Smart attackers will
find ways around your proactive measures, and you need to respond actively,
like blocking users after you detected something malicious.
Best regards,
Henning
19 Jun
19 Jun
1:05 a.m.
El 16/06/11 12:44, Henning Westerholt escribió:
Hi Anto,
having different systems is one solution, you could also just use internally
in one server different traffic classes for the user sets you have.
You should also look into the htable module for account/ password brute force
detection. If you want to implement something w/r to the origination country
of certain traffic, there is the geoip module which can provide you this
informations, wich you could also combine with the modules already discussed.
With regards to user accounts, one thing you probably want to look at is
password security and fraud or misuse detection logic. Smart attackers will
find ways around your proactive measures, and you need to respond actively,
like blocking users after you detected something malicious.
Best regards,
Henning
Hi
There were planning to use the module htable and pike to prevent
attacks. The biggest question I have is: if I have an account and
simultaneously make a call would be nice, but I have another account to
send multiple simultaneous calls, the pike module might detect this as
"aggressive" and detect a false positive, if configured a level for the
first, nor is it viable proxy depending on several channels. Could be
allocated in usr_preference in number of channels, but you might not
know ... I can not think how.
Another option is to store a variable login attempts and block the
account X minutes. Thank you very much.
Regards
Anto
10:42 p.m.
2011/6/16 Anto <potxoka(a)gmail.com>om>:
Is there any way to implement something that detects
unusual behavior on the
user (referred to countries that do not ever called, excessive traffic,
etc)?.
This requirement is too complex to implement it in a generic module
(IMHO). For example, if we are a Spanish telco operator and our
clients are mostly Spanish, they usually call Spanish numbers. If one
of them starts making lot of calls to Slovenia it could be an attack.
But maybe we have a client that, in fact, makes lot of calls to
Slovenia por any valid reason (businness model and so). So each client
could require a different "security profile".
We are planning to build a system for this purpose. The idea is having
a separate custom server (not a SIP server, or maybe) that collects
clients calls and analyze them against a "security profiles backend"
(a DB or whatever). When kamailio receives a call it would communicate
with this server in some way and ask it "client XXXX wants to make a
call tu NNNNNNN, should I allow it?". Then the custom server would
apply internal logic and give a fast response (yes/no).
I think this is too complex and could make sense to build a
separate/custom server for this purpose, and then, maybe create a
custom Kamailio module for communicating Kamailio with the server
(some communication protocol and so).
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
20 Jun
20 Jun
7:04 p.m.
Hi
Thinking about what to have multiple proxy according to their use would
have to have different gateways for each proxy, right?. If you have the
same gateway for different types of use of proxy, the gateway will have
to look for so that proxy is the incoming traffic and send it. You might
also have the same gateway and be a proxy (balancer) to redirect traffic
to the corresponding proxy. Or have a policy of different traffic input
to output. Thank you.
Regards
Anto
4890
days inactive
4895
days old
4 comments
3 participants
participants (3)
-
Anto -
Henning Westerholt -
Iñaki Baz Castillo