Close
 Brekeke Website | Bekeke SIP Server | Brekeke PBX   
Notification:  
v3.0.2 Professional
Login
Loading

Brekeke Software Security Advisory: Protect your SIP system from SIP Attack


Published: December 21, 2010

Recently, there have been increased reports of VoIP/SIP attacks and other fraudulent activities. The typical attack tries to make a large number of registrations (10,000 or more) on your server, either resulting in taking down your server with excessive traffic or finding a way to use your server to make free calls.

To avoid these malicious attacks, we recommend the following security measures for your SIP environments that use Brekeke products:

- Update Brekeke products to the latest version available. Download updates from:
http://www.brekeke.com/download/download_list.php

- Follow the instructions in section 8 (Security) of the Brekeke SIP Server Administrator’s Guide:
http://www.brekeke-sip.com/download/bss/v2_x/bss_admin_en.pdf

- Create a strong password (at least six characters including a combination of upper/lower-case letters and numbers).

- Choose a strong and unique user name.

- Delete all unnecessary/inactive users (extensions, registered users, etc.).

- Use the Address Filtering feature, referring to the wiki topic below for configuration details:
http://wiki.brekeke.com/wiki/Avoid-attacks

- Use a firewall in front of Brekeke SIP Server/Brekeke PBX to block unknown remote IP addresses.

- Add a dial plan to reject SIP attacks, using the following wiki topic as a guide:
http://wiki.brekeke.com/wiki/Avoid-attacks

- If possible, choose a unique prefix number for PSTN (analog) lines.


Here are some additional resources for protecting your SIP system from attacks:
http://wiki.brekeke.com/wiki/Security
http://wiki.brekeke.com/wiki/Avoid-attacks
http://wiki.brekeke.com/wiki/Connect-to-the-BSS-Admintool-with-SSL

[Privacy Statement] At Brekeke Software, we recognize that your privacy is very important, which is why we will never share your e-mail address with anyone. Read more about Brekeke’s Privacy Policy at http://www.brekeke.com/company/company_privacy.php.

Copyright © 2010 Brekeke Software, Inc. All rights reserved.