goals

- Identify vulnerabilities of the United Nations Asterisk Server

configured as usual.
- Configure Asterisk to provide Security Solutions v.
- Optimize Security Between Calls paragraph prevent intruders access
Enjoy access.
- How to use TSL protocols to avoid eavesdroppers Between branches.
Theoretical framework
1. Asterisk
Asterisk is a complete PBX in software. It runs on Linux, BSD, Windows
and OS X and provides all the features you would expect from a PBX and
more. You can interoperate with almost all telephony equipment based on
standards using relatively inexpensive hardware.
Asterisk provides Voicemail services with Directory, conferencing, IVR,
call waiting. It has support for three-way calling, caller ID, ADSI, IAX,
SIP, H323 (as both client and gateway), MGCP and SCCP / Skinny.
Asterisk needs no additional hardware for Voice over IP. One or more VOIP
providers can be used for outgoing and / or incoming calls (outgoing and
incoming calls can be handled through different VOIP and / or
telecommunications providers)
For interconnection with digital and analog telephony equipment, Asterisk
supports a number of hardware devices, most notably all of the hardware
manufactured by Asterisk's sponsors, Digium. Digium has T1 and E1 plates
1, 2 and 4 ports for interconnection to PRI lines and channel banks. In
addition, analog cards FXO and / or FXS ports 1 to 4 are available and
are very popular for small installations. Cards from other vendors can be
used for BRI or compatible cards four eight BRI ports based on CAPI
compatible cards or HFC chipset cards.
Lately, separate devices are available to carry out a wide range of tasks
including providing FXO and FXS ports that simply plug into the LAN and
are registered in the Asterisk as available devices.
2. Safety Asterisk
The most common form of attack that is showing towards IP telephony
solutions based on Asterisk is to seek SIP servers, which are exposed to
the Internet, even NATed firewalls.
It is SIP attacks, intrusions are not, or are exploiting vulnerabilities
can be repaired with a patch, they are basically oversights in
configuration to the Internet.
The attackers made attempts through techniques of "brute force", trying
different numbers of attachments, such as the typical 100, 101, 1000,
2001, etc. and conduct tests with many passwords. Very often we use the
same password for all annexes and usually with very little imagination,
just numbers and combinations such as 1234, 7777, 0000, etc.