Jump to content

RobertoAchab

Members
  • Posts

    37
  • Joined

  • Last visited

Recent Profile Visitors

4,869 profile views

RobertoAchab's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Hello, thanks, so it's only a matter to try and install it? I'm sure we're going to have resources enough, but I'd like to be sure about the "dedicated cpu", I saw in a blog article that it was mandatory an year ago, isn't there any official recommendation now? Regards
  2. Hello, I'm planning to move our pbx to a virual environment, in this momento we don't know if it'll be vmware or scale, and I have a question about best practices. I read a blog article asserting that if I install the pbx on a VM I have to do it dedicating a phisical processor to that vm only. Is it still the offficial best practice for virtual enironments, or are there vm environments/configurations/products (i.e. the linux one) that doesn't need to dedicate a phisical processor to the PBX? I don't want to know if it simply "works", I need to know if it is officially supported by Vodia. Regards Roberto Arvigo
  3. By the way, is it possible to use FQDNs in some ways in the access lists? a lot of our teleworkers have dyndns configured...
  4. Hello, as I repeated a couple of times I was testing to move the pbx on a public ip because teleworkers would have great advantage in not using VPNs anymore, but they are connecting from dynamic IPs, so I can't use access list... well, I can't use them now, I was just thinking to ask developers if they can configure access list of the pbx as they do with hunt groups and phone calls from our CRM... but that is science fiction for now :-D
  5. Hello, my pbx has only one trunk and it's confiured as an outbound proxy, the test I did was only for me, to be sure that without a trunk defined calls can't reach the pbx. The password for my extensions are randomly generated and periodically changed, so I think they are quite secure. Step by step I'm understanding how to secure my pbx, the only think I still can't understand is why the hacked calls came from accounts 100 and 1010, while those accounts don't exist (as phone numbers, service flags, ivr.... they don't exist at all). I can understand why hackers scanned whose numbers, because they usually are the desk's numbers, but my internal addressing has 9xx numbers, so where did pbx take "100" account? Is it so standard that it exists also if it's not defined as an account? Regards
  6. OK, I tried and disabled the trunk, then I called from my mobile and the Patton gateway don't even receives the call, because the pbx is refusing it. Now at least I'm sure the hackers can't "impersonate" a trunk- Regards
  7. Hello, I'm glad to read that calls couldn't be placed, as I didn't understand from the nightly report if they were only trials or real calls. Unfortunately they came from "100" and "1010", those accounts don't exist on my pbx, they aren't service flags, nor any other things. I assumed that they were seen as coming from a trunk for this reason. I think that this night I'm going to temove the outbound proxy and try to call from home to the office, if it fails then I'll know that without being configured a trunk can't reache the pbx. I'm also going to evaluate upgrading to 5, if I can find the spare time to test it. Regards
  8. Sorry, maybe I'm misunderstanding all this... I have a trunk defined as outbound proxy, it's a patton connected to isdn lines, but I also do "hacked" calls from non-exixsting internal accoounts (like 1010, all my numbers start with 7), I can't understand how configuring an outbound proxy should stop these attacks.
  9. Ok, i knew, but my role in the company is to give support to customers of a couple of programs we distribute, my boss decided that we are spending too mush time for this thing to work, so I think we're going to live with VPNs for a while and then, in some months we're going to migrate to an itsp, so those will be someone else's problems.
  10. As I said before, I don't know which ips my user are coming from, they use dinamic-ip home ADSL connections. As far as I can read the conclusion is that you can't have a public pbx or you'll be helpless against hackers
  11. Hello, I can have the strongest pasword policy (I was planning to have a process on our crm to change passwords automatically every weeks) but the hacked calls came from non-existing numbers(100 and 1010, my addressing doesn't use 1xx numbers), vhat can I do to tell the pbx that it can place calls only if they come from rgistered accounts? It seems to me like fighting mail relay, unortunately pbxs have a lot less tools than mail servers... Regards
  12. ...btw, in the few hours I had the public pbx xlite clients did correct login and placed phone calls, while some "behind double-NAT" SNOM hw phones didn't work or only received calls, but didn't call out. In the registration message of these phones the subnet declared was 10.176,x.x, I don't even know how the phone knew it, the phone was on a 192.168.x.x network, NATted behind a 10.176 by the provider (that thing explains the term "duble natted" :-)), then it was natted again to a public 93.x.x.x that was finally shown in the registration message as the real ip from which the phone came. The Xlite in the very same subnet showed the original 192.168.x.x ip in the registration instead (and 93.x.x.x as the real one) and it worked well. os there any way to say to the snom phone (821s and 3xxs) what to declare as the phisical p address? Should I use a STUN? and in this case which is a working free STUN? Thanks in advance for the answers.
  13. Hello, thanks for the answer, giving a public ip address to the pbx is a solution to avoid using VPNs, the company I work for has mostly tele-workers and VPNs "instability" sometimes gives us problems. This is the reason why I can understand that "closing" the pbx from unknow ip addresses should secure it, but I don't want to do it, because teleworkers often have dinamic ip addresses (and sometimes they connect from their grandma' house... :-)). I already read the suggestion to set an outbound proxy, I'm attaching my only trunk configuration, but I can't understand how this can prevent internet-connected hacker-accounts to place calls. I can filter the outgoing phone numbers on the patton itself, obviously, but I'd prefer to keep all the "security" configurations on the pbx
  14. Hello, recently I put a pbx on a public address, but as soon as I did it I was submerged by false call from an extension that didn't even exist. I found documentation about the fact that this behavior is caused by someone that impersonate e trunk. Now my question is how can I protect my trunk? I only have one patton and I don't want any other trunk, so is there any option in the pbx so that it asks for the trunks to be pre-configured, or that they have to do a signon? Also, is there a step by step guide somewhere about securing a pbx? i can use ten letter random passwords for my extensions, but if someone can simulate a trunk all my efforts are useless... Regards (I have a 4.5.0125 snomone pbx, I forgot to mention)
  15. Hello, I installed a pbxnsip in the late 2009, then I got ill and came back to work only this summer, in june. Now they want to update to snom one, I tried to copy exactly the directory of this onto the pbxnsip's ones, but the result is very unstable (on a virtual test machine, obviously, not on a production environment :-)). We don't have a big pbx, it's 40 licenses only, but the configuration is compliated, lot of ivrs and autoattendandm call groups, backup trunks and things like that, I'd really like not to re-configure the snomone from scratch, so I ask you, is there a best practice for migrating from pbxnsip to snomone? thanks for the attntion bye Roberto
×
×
  • Create New...