innovaphone wiki - User contributions [en]

MyPBX para Android Ficha técnica ES

2019-05-31T17:20:13Z

Flp: /* Requisitos */

{{Template:Disclaimer ES}}

==Foto==

[[Image:mypbxandroid.png]]

==Ficha técnica==

===innovaphone myPBX para Android===
Teléfono IP basado en Android para la PBX innovaphone

===Códec de voz===
G.711 A-law / μ-law, G.722

G.729 (sin licencia a partir de la V11r2sr23/V12r1sr7)

Opus-NB, Opus-WB (a partir de la V12)

===Redes===
A través de connexión WLAN o datos (mín. 3G)

Conexión con la PBX innovaphone (a través de dirección IP pública o VPN)

===Características generales===
[[V11_Firmware_teléfonos_Ficha_técnica_ES#Datasheet|generic features V11 innovaphone phones]]

[[V12_Firmware_teléfonos_Ficha_técnica_ES#Datasheet|generic features V12 innovaphone phones]]

===Características especiales===
* Directorio telefónico con contactos de la PBX y personales del Smartphone
* Fallback a GSM configurable

===Requisitos===
Terminal con sistema operativo Android 4.1 o superior

Recomendamos testear el terminal móvil en cuestión antes de realizar el despliegue; debido a la dependencia existente entre el hardware de los terminales móviles y Android.

===Cód. Art. / Licencias necesarias===
* Una licencia myPBX por cada usuario - Cód. Art. 02-00031-001

[[Category:Fichas técnicas ES|{{PAGENAME}}]]

MyPBX para Android Ficha técnica ES

2019-05-31T17:19:51Z

Flp: /* Requisitos */

{{Template:Disclaimer ES}}

==Foto==

[[Image:mypbxandroid.png]]

==Ficha técnica==

===innovaphone myPBX para Android===
Teléfono IP basado en Android para la PBX innovaphone

===Códec de voz===
G.711 A-law / μ-law, G.722

G.729 (sin licencia a partir de la V11r2sr23/V12r1sr7)

Opus-NB, Opus-WB (a partir de la V12)

===Redes===
A través de connexión WLAN o datos (mín. 3G)

Conexión con la PBX innovaphone (a través de dirección IP pública o VPN)

===Características generales===
[[V11_Firmware_teléfonos_Ficha_técnica_ES#Datasheet|generic features V11 innovaphone phones]]

[[V12_Firmware_teléfonos_Ficha_técnica_ES#Datasheet|generic features V12 innovaphone phones]]

===Características especiales===
* Directorio telefónico con contactos de la PBX y personales del Smartphone
* Fallback a GSM configurable

===Requisitos===
Terminal con sistema operativo Android 4.1 o superior
Recomendamos testear el terminal móvil en cuestión antes de realizar el despliegue; debido a la dependencia existente entre el hardware de los terminales móviles y Android.

===Cód. Art. / Licencias necesarias===
* Una licencia myPBX por cada usuario - Cód. Art. 02-00031-001

[[Category:Fichas técnicas ES|{{PAGENAME}}]]

Howto:Protección contra los ataques de fuerza bruta (SP)

2015-02-26T14:39:13Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protección contra Ataques de Fuerza Bruta

Seguridad: ¿Tiene su PBX suficiente protección?

En Internet existen siempre peligros latentes. Esto no es nada nuevo para usted, muestra de ello son los mecanimos apropiados de seguridad que utiliza para proteger sus sistemas. Un cortafuego protege su red de accesos no autorizados; un antivirus le protege de virus, gusanos, troyanos, etc., además de permitirle navegar y enviar emails de manera segura.
De igual modo, las instalaciones telefónicas han de ser protegidas con mecanismos de seguridad que prevengan de ataques o de daños. Éste es precisamente el caso que se da en las instalaciones que se conectan directamente a Internet y no tienen ninguna protección en la red interna de la empresa, haciéndolas accesibles desde el exterior.

A lo largo de los últimos meses se han dado con más frecuencia ataques en sistemas telefónicos a través del método de “Ataques de Fuerza Bruta”. Un programa pirata comprueba combinaciones de contraseñas de usuarios al igual que accesos, de manera que realiza busquedas en fracciones de segundos. Si consiguen acceder al sistema, se denomina uso fraudulento o “Call Fraud”. El hacker podrá, por ejemplo, realizar llamadas gratuitas a expensas del propietario de la instalación telefónica. Uno de los peores ejemplos se da cuando los hackers instalan líneas de tarificación especial (900...) en la instalación del propietario para posteriormente llamarse a sí mismo desde esta instalación a las líneas mencionadas, de manera que se lucran del propietario de la instalación ya que generan elevadas facturas telefónicas. En otros casos, los ataques pretenden únicamente paralizar la infraestructura telefónica (Denial-of-Service o DOS).

Existen múltiples mecanismos para proteger la PBX innovaphone. Sin embargo, siguiendo los siguientes pasos se podrá incrementar de una manera considerable la seguridad en ella.

===Crear únicamente objetos que se utilicen===
A menudo se crean objetos en la PBX que no se usan activamente (por ejemplo, un trabajador que ya no trabaja en la empresa) y que probablemente no estén protegidos con contraseña. Cualquiera podría acceder desde una red externa a la instalación, probar con varios números y, cuando encuentre alguno inutilizado, causar el daño. Se aconseja que se protejan todos los objetos creados con una contraseña y establecer No. Of Regs w/o Pwd en 0.

===Nombre de usuario corriente y protección con contraseña===

Es muy común utilizar “admin” como nombre de usuario para registrarse. Simplemente con ser un poco creativos con el nombre le podemos complicar las cosas a los piratas informáticos (p. ej., PericoPalotes, VíctorTazo). Por lo general, una contraseña no garantiza la seguridad. Las contraseñas “abc” o “pbx” no le supone una gran dificultad a un hacker. En sólo dos minutos podrían piratear estas contraseñas de tres minúsculas. Igualmente, una contraseña de 3 caracteres, combinando mayúsculas y minúsculas, no le supondría al hacker más de media hora.

La cosa cambia cuando nos encontramos con una contraseña de 8 caracteres. Incluso tratándose únicamente de minúsculas, un programa tardaría 37.968 días para comprobar todas las combinaciones posibles. Si combinamos minúsculas y mayúsculas, la busqueda tardaría fácilmente unos 97.400... ¡años! Cuidado también con el ataque “Diccionario” que supone el problema siguiente: si escogemos una de las 5000 palabras que alberga el vocabulario español e inglés, al hacker no le supondrá más de una hora. Igual ocurre con una fecha de cumpleaños, sea cual sea la forma cómo se escriba (01.01.1960 o 01.01.60).

Por lo tanto, para estar bien protegidos, la contraseña ha de ser larga, que no sea ninguna de las palabras posibles en el ataque por diccionario y contener mayúsculas y minúsculas y/o dígitos. La probabilidad de que la contraseña sea robada disminuye proporcionalmente a su complejidad.

===Desactivar “unknown registrations”===

Hay diferentes funciones que ayudan al administrador a llevar a cabo la instalación telefónica simplificando el proceso, como la “Zero Configuration Deployment” que incluye también “unknown registrations” para ayudar al administrador a llevar a cabo accesos en el sistema sin haber introducido correctamente el nombre de usuario y contraseña. Esto es de gran ayuda para grandes instalaciones. La función se puede activar o desactivar, de manera que es importante que “unknown registrations” se desactive una vez que el proceso se haya completado, ya que si no cualquiera desde una red externa podría acceder sin tener un nombre de usuario o contraseña.

Este artículo describe únicamente ciertos tipos de errores y algunos mecanismos de protección. Con la aplicación de algunos de estos mecanismos mencionados se puede mejorar en gran medida la seguridad de la instalación telefónica. Sin embargo, el asunto de la Seguridad es tratado en una lección de la Formación Avanzada (Advanced Training) de innovaphone. Le aconsejamos que vuelva a repasar dicha lección, donde encontrará información detallada al respecto.

===Configurar el Filtro IP (IP Filter)===

Se recomienda establecer filtros globales IP para evitar accesos no autorizados desde redes IP externas. Únicamente accesos bajo esta configuración de red con filtro IP serán permitidos. Desde la V8 HF8 hay 2 filtros IP diferentes. Uno para accesos sin conrtaseña y el otro con contraseña.

===Utilizar H323/TLS con ''TLS Only''===

Desde la V11r1 se recomienda utilizar H.323/TLS en lugar de H.323. Además de encriptar la señal de las llamadas, permite acceder teléfonos sin contraseña (Certificado). Marcando la casilla TLS Only en la sección Devices utilizada para el acceso, desactivaremos la indentificación por contraseña. De este modo, se evitarán accesos no deseados con contraseñas robadas o jaqueadas.

== Related Articles ==

* Localized articles

[[Howto:Protection against Brute Force Attacks]]

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protección contra los ataques de fuerza bruta (SP)

2015-02-26T14:37:15Z

Flp: /* Utilizar H323/TLS con TLS Only */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protección contra Ataques de Fuerza Bruta

Seguridad: ¿Tiene su PBX suficiente protección?

En Internet existen siempre peligros latentes. Esto no es nada nuevo para usted, muestra de ello son los mecanimos apropiados de seguridad que utiliza para proteger sus sistemas. Un cortafuego protege su red de accesos no autorizados; un antivirus le protege de virus, gusanos, troyanos, etc., además de permitirle navegar y enviar emails de manera segura.
De igual modo, las instalaciones telefónicas han de ser protegidas con mecanismos de seguridad que prevengan de ataques o de daños. Éste es precisamente el caso que se da en las instalaciones que se conectan directamente a Internet y no tienen ninguna protección en la red interna de la empresa, haciéndolas accesibles desde el exterior.

A lo largo de los últimos meses se han dado con más frecuencia ataques en sistemas telefónicos a través del método de “Ataques de Fuerza Bruta”. Un programa pirata comprueba combinaciones de contraseñas de usuarios al igual que accesos, de manera que realiza busquedas en fracciones de segundos. Si consiguen acceder al sistema, se denomina uso fraudulento o “Call Fraud”. El hacker podrá, por ejemplo, realizar llamadas gratuitas a expensas del propietario de la instalación telefónica. Uno de los peores ejemplos se da cuando los hackers instalan líneas de tarificación especial (900...) en la instalación del propietario para posteriormente llamarse a sí mismo desde esta instalación a las líneas mencionadas, de manera que se lucran del propietario de la instalación ya que generan elevadas facturas telefónicas. En otros casos, los ataques pretenden únicamente paralizar la infraestructura telefónica (Denial-of-Service o DOS).

Existen múltiples mecanismos para proteger la PBX innovaphone. Sin embargo, siguiendo los siguientes pasos se podrá incrementar de una manera considerable la seguridad en ella.

===Crear únicamente objetos que se utilicen===
A menudo se crean objetos en la PBX que no se usan activamente (por ejemplo, un trabajador que ya no trabaja en la empresa) y que probablemente no estén protegidos con contraseña. Cualquiera podría acceder desde una red externa a la instalación, probar con varios números y, cuando encuentre alguno inutilizado, causar el daño. Se aconseja que se protejan todos los objetos creados con una contraseña y establecer No. Of Regs w/o Pwd en 0.

===Nombre de usuario corriente y protección con contraseña===

Es muy común utilizar “admin” como nombre de usuario para registrarse. Simplemente con ser un poco creativos con el nombre le podemos complicar las cosas a los piratas informáticos (p. ej., PericoPalotes, VíctorTazo). Por lo general, una contraseña no garantiza la seguridad. Las contraseñas “abc” o “pbx” no le supone una gran dificultad a un hacker. En sólo dos minutos podrían piratear estas contraseñas de tres minúsculas. Igualmente, una contraseña de 3 caracteres, combinando mayúsculas y minúsculas, no le supondría al hacker más de media hora.

La cosa cambia cuando nos encontramos con una contraseña de 8 caracteres. Incluso tratándose únicamente de minúsculas, un programa tardaría 37.968 días para comprobar todas las combinaciones posibles. Si combinamos minúsculas y mayúsculas, la busqueda tardaría fácilmente unos 97.400... ¡años! Cuidado también con el ataque “Diccionario” que supone el problema siguiente: si escogemos una de las 5000 palabras que alberga el vocabulario español e inglés, al hacker no le supondrá más de una hora. Igual ocurre con una fecha de cumpleaños, sea cual sea la forma cómo se escriba (01.01.1960 o 01.01.60).

Por lo tanto, para estar bien protegidos, la contraseña ha de ser larga, que no sea ninguna de las palabras posibles en el ataque por diccionario y contener mayúsculas y minúsculas y/o dígitos. La probabilidad de que la contraseña sea robada disminuye proporcionalmente a su complejidad.

===Desactivar “unknown registrations”===

Hay diferentes funciones que ayudan al administrador a llevar a cabo la instalación telefónica simplificando el proceso, como la “Zero Configuration Deployment” que incluye también “unknown registrations” para ayudar al administrador a llevar a cabo accesos en el sistema sin haber introducido correctamente el nombre de usuario y contraseña. Esto es de gran ayuda para grandes instalaciones. La función se puede activar o desactivar, de manera que es importante que “unknown registrations” se desactive una vez que el proceso se haya completado, ya que si no cualquiera desde una red externa podría acceder sin tener un nombre de usuario o contraseña.

Este artículo describe únicamente ciertos tipos de errores y algunos mecanismos de protección. Con la aplicación de algunos de estos mecanismos mencionados se puede mejorar en gran medida la seguridad de la instalación telefónica. Sin embargo, el asunto de la Seguridad es tratado en una lección de la Formación Avanzada (Advanced Training) de innovaphone. Le aconsejamos que vuelva a repasar dicha lección, donde encontrará información detallada al respecto.

===Configurar el Filtro IP (IP Filter)===

Se recomienda establecer filtros globales IP para evitar accesos no autorizados desde redes IP externas. Únicamente accesos bajo esta configuración de red con filtro IP serán permitidos. Desde la V8 HF8 hay 2 filtros IP diferentes. Uno para accesos sin conrtaseña y el otro con contraseña.

===Utilizar H323/TLS con ''TLS Only''===

Desde la V11r1 se recomienda utilizar H.323/TLS en lugar de H.323. Además de encriptar la señal de las llamadas, permite acceder teléfonos sin contraseña (Certificado). Marcando la casilla TLS Only en la sección Devices utilizada para el acceso, desactivaremos la indentificación por contraseña. De este modo, se evitarán accesos no deseados con contraseñas robadas o jaqueadas.

== Related Articles ==

* Localized articles

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:28:11Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto:Protección contra los ataques de fuerza bruta (SP)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protección contra los ataques de fuerza bruta (SP)

2015-02-26T14:26:48Z

Flp: New page: ==Applies To== This information applies to * innovaphone PBX having direct access to the internet <!-- Keywords: enter keywords, foreign translations and/or synoyms not appearing in the...

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protección contra Ataques de Fuerza Bruta

Seguridad: ¿Tiene su PBX suficiente protección?

En Internet existen siempre peligros latentes. Esto no es nada nuevo para usted, muestra de ello son los mecanimos apropiados de seguridad que utiliza para proteger sus sistemas. Un cortafuego protege su red de accesos no autorizados; un antivirus le protege de virus, gusanos, troyanos, etc., además de permitirle navegar y enviar emails de manera segura.
De igual modo, las instalaciones telefónicas han de ser protegidas con mecanismos de seguridad que prevengan de ataques o de daños. Éste es precisamente el caso que se da en las instalaciones que se conectan directamente a Internet y no tienen ninguna protección en la red interna de la empresa, haciéndolas accesibles desde el exterior.

A lo largo de los últimos meses se han dado con más frecuencia ataques en sistemas telefónicos a través del método de “Ataques de Fuerza Bruta”. Un programa pirata comprueba combinaciones de contraseñas de usuarios al igual que accesos, de manera que realiza busquedas en fracciones de segundos. Si consiguen acceder al sistema, se denomina uso fraudulento o “Call Fraud”. El hacker podrá, por ejemplo, realizar llamadas gratuitas a expensas del propietario de la instalación telefónica. Uno de los peores ejemplos se da cuando los hackers instalan líneas de tarificación especial (900...) en la instalación del propietario para posteriormente llamarse a sí mismo desde esta instalación a las líneas mencionadas, de manera que se lucran del propietario de la instalación ya que generan elevadas facturas telefónicas. En otros casos, los ataques pretenden únicamente paralizar la infraestructura telefónica (Denial-of-Service o DOS).

Existen múltiples mecanismos para proteger la PBX innovaphone. Sin embargo, siguiendo los siguientes pasos se podrá incrementar de una manera considerable la seguridad en ella.

===Crear únicamente objetos que se utilicen===
A menudo se crean objetos en la PBX que no se usan activamente (por ejemplo, un trabajador que ya no trabaja en la empresa) y que probablemente no estén protegidos con contraseña. Cualquiera podría acceder desde una red externa a la instalación, probar con varios números y, cuando encuentre alguno inutilizado, causar el daño. Se aconseja que se protejan todos los objetos creados con una contraseña y establecer No. Of Regs w/o Pwd en 0.

===Nombre de usuario corriente y protección con contraseña===

Es muy común utilizar “admin” como nombre de usuario para registrarse. Simplemente con ser un poco creativos con el nombre le podemos complicar las cosas a los piratas informáticos (p. ej., PericoPalotes, VíctorTazo). Por lo general, una contraseña no garantiza la seguridad. Las contraseñas “abc” o “pbx” no le supone una gran dificultad a un hacker. En sólo dos minutos podrían piratear estas contraseñas de tres minúsculas. Igualmente, una contraseña de 3 caracteres, combinando mayúsculas y minúsculas, no le supondría al hacker más de media hora.

La cosa cambia cuando nos encontramos con una contraseña de 8 caracteres. Incluso tratándose únicamente de minúsculas, un programa tardaría 37.968 días para comprobar todas las combinaciones posibles. Si combinamos minúsculas y mayúsculas, la busqueda tardaría fácilmente unos 97.400... ¡años! Cuidado también con el ataque “Diccionario” que supone el problema siguiente: si escogemos una de las 5000 palabras que alberga el vocabulario español e inglés, al hacker no le supondrá más de una hora. Igual ocurre con una fecha de cumpleaños, sea cual sea la forma cómo se escriba (01.01.1960 o 01.01.60).

Por lo tanto, para estar bien protegidos, la contraseña ha de ser larga, que no sea ninguna de las palabras posibles en el ataque por diccionario y contener mayúsculas y minúsculas y/o dígitos. La probabilidad de que la contraseña sea robada disminuye proporcionalmente a su complejidad.

===Desactivar “unknown registrations”===

Hay diferentes funciones que ayudan al administrador a llevar a cabo la instalación telefónica simplificando el proceso, como la “Zero Configuration Deployment” que incluye también “unknown registrations” para ayudar al administrador a llevar a cabo accesos en el sistema sin haber introducido correctamente el nombre de usuario y contraseña. Esto es de gran ayuda para grandes instalaciones. La función se puede activar o desactivar, de manera que es importante que “unknown registrations” se desactive una vez que el proceso se haya completado, ya que si no cualquiera desde una red externa podría acceder sin tener un nombre de usuario o contraseña.

Este artículo describe únicamente ciertos tipos de errores y algunos mecanismos de protección. Con la aplicación de algunos de estos mecanismos mencionados se puede mejorar en gran medida la seguridad de la instalación telefónica. Sin embargo, el asunto de la Seguridad es tratado en una lección de la Formación Avanzada (Advanced Training) de innovaphone. Le aconsejamos que vuelva a repasar dicha lección, donde encontrará información detallada al respecto.

===Configurar el Filtro IP (IP Filter)===

Se recomienda establecer filtros globales IP para evitar accesos no autorizados desde redes IP externas. Únicamente accesos bajo esta configuración de red con filtro IP serán permitidos. Desde la V8 HF8 hay 2 filtros IP diferentes. Uno para accesos sin conrtaseña y el otro con contraseña.

===Utilizar H323/TLS con TLS Only===

Desde la V11r1 se recomienda utilizar H.323/TLS en lugar de H.323. Además de encriptar la señal de las llamadas, permite acceder teléfonos sin contraseña (Certificado). Marcando la casilla TLS Only en la sección Devices utilizada para el acceso, desactivaremos la indentificación por contraseña. De este modo, se evitarán accesos no deseados con contraseñas robadas o jaqueadas.

== Related Articles ==

* Localized articles

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:26:43Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:07:18Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto:Protección contra los ataques de fuerza bruta]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:06:03Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto:Protección contra los ataques de fuerza bruta (SP)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:05:14Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto-Protección contra los ataques de fuerza bruta (ES)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:04:31Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto:Protección contra los ataques de fuerza bruta]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:03:39Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:Protection against Brute Force Attacks

2015-02-26T14:03:05Z

Flp: /* Related Articles */

==Applies To==
This information applies to

* innovaphone PBX having direct access to the internet



==More Information==
Protection against Brute Force Attacks

Security: Does your PBX have sufficient protection?
There are dangers lurking in the internet. You know this which is why you protect your systems with appropriate security mechanisms. A firewall protects your network from unauthorised access; virus protection keeps viruses, worms, trojans etc. at bay and enabling carefree surfing and emailing.
Telephone systems also need to be equipped with security mechanisms to prevent them from being damaged or attacked. This is especially the case for systems directly connected to the internet which do not have a protected home in a company intranet, making them comparably accessible from the outside world. Over the past months there have been more and more attacks on telephone systems by means of the “Brute Force Attack” method. A hacker programme tests user-password combinations or registrations, making several parallel enquiries in a fraction of a second.
If they successfully access the system, then it is easy to abuse the system, also called Call Fraud. The hacker can, for example, make free phone calls at the cost of the telephone system owner. There have been especially grave situations where hackers have firstly set up expensive hotlines, then called them via the cracked telephone system, earning money themselves from the call fees. In some cases, attacks only aim to bring a telephone system to a stand-still – to cause damage without any further abuse (Denial-of-Sevice attacks, so-called DOS).
There are many other mechanisms which provide good protection for the innovaphone PBX. However, just following these steps can increase security many times over:

===Only create used objects===
Sometimes objects are created in the PBX, which are then not used actively (e.g. employees leave the company) these may not even be password protected. Somebody could register externally to the system, try out several extension numbers, find an unused one and cause damage. It is advisable to protect all objects created with a password and set '''No. of Regs w/o Pwd''' to 0.

===Conscientious user name and password protection===

The well-loved “admin” is often selected for a registration by default. Just a little creativity can make life harder for a hacker when this user is given a special name (e.g. “Fridolin”? or “FrauHolle”?). As a general rule, a password does not mean you are protected. The passwords “abc” or “pbx” are not a great obstacle for hackers. It would take a hacker just a couple of minutes to crack these three-figure, lower-case passwords. A three-figure password, combining a lower case letter with an upper case letter and a digit would stand up to the same attack for just half an hour.
An eight-figure password is a different kettle of fish. Even if only lower-case is used, a programme needs the grand total of about 37,968 days to try all the combinations. A mixture of lower-case, upper-case and digits would amount to 97,400 years.
It should be noted that this is not the case for the “dictionary approach”: if you select one of the 5,000 words which are included in the German and English basic vocabulary, then your password would stand for less than one hour. This is also the case for data such as own date of birth in any format (e.g. 01.01.1960 or 01.01.60).
In order to provide real protection, therefore, the password should be quite long, should not use the dictionary approach, should include upper-case and lower-case letters, and both special characters and/or digits. This increases the combination possibilities, thus reducing the probability that the password will be cracked.

===Deactivate “unknown registrations”===

There are various functions which support an administrator when commissioning a telephone system thus simplifying the rollout. These are called “Zero Configuration Deployment”. This also includes “unknown registrations”, which help the administrator to carry out registrations on the system without having to enter the appropriate user and password. This is a real relief especially for larger installations. This function can be activated or deactivated. Therefore, it is important that “unknown registrations” are deactivated once the rollout has been completed, as otherwise, anyone from outside could register without needing a user name and password.
Only selected error sources and appropriate security mechanisms have been described. Applying these mechanisms can significantly improve your telephone system’s security. A lesson in the innovaphone Advanced training course has been dedicated to the topic of Security. We recommend you to think about working through this lesson again! More detailed information can be found in the training course documents.

===Configure IP Filter===

It is recommended to define global IP address filters to protect the innovaphone PBX from unauthorised access. Only the configured IP subnets are allowed to register at the PBX.
Starting from V8 HF8 you have 2 different filters. One filter is for registrations without password, and the other filter is for registrations with password.

=== Use H323/TLS with ''TLS Only'' ===
From V11r1, it is recommended to use H.323/TLS instead of plain H.323. In addition to call signalling encryption, this allows phones to be registered without any password (certificate based). By setting the ''TLS Only'' check-mark in the ''Devices' entry used for registration, password based registration is disabled. This way, no malicious registration is possible with a leaked or hacked user password.

== Related Articles ==

* Localized articels

[[Howto-localized:Schutz vor Brute Force Attacken (D)]]

[[Howto-localized:Bescherming tegen brute force attacks (NL)]]

[[Howto-localized:Protection contre les Attaques par Force Brute (FR)]]

[[Howto-localized:Protezione_da_Brute_Force_Attacks (I)]]

[[Howto-localized:Protección contra los ataques de fuerza bruta (SP)]]

[[Category:Howto|{{PAGENAME}}]]

Howto:How to create new articles

2015-02-26T10:36:26Z

Flp: /* Templates */

== Create a new article ==

Please read the following rules, before creating an article.

=== Search the existing articles ===

Before creating a new article, look first if your subject has been already covered in another article. It is always better to edit an existing article, than to create a new one.

=== Templates ===

There are different templates for new articles available. To use an template you must first choose the right category for your new article.

Here a short example:
You want to write a new Howto article. Go to the wiki page [[ Create_New_Page | Create New Page]] and use the textbox howto to type in your new article name. Please do not delete the already inserted "Howto: " . This detemines in which namespace your new article will be created. Click on the create article button and you will be directed to your new page.
However keep in mind that the templates are not obligatory. If you think your new articles doesn't need all the points inserted by the template, feel free to modify them.

If you feel no template is appropriate for your new article, your are of course free to start it from scratch. However, make sure that your new article is in the right namespace and that it is categorized correctly.

=== The article title ===

Article names should contain normal words or phrases. For example use "SIP Provider Compatibility Report" instead of an abbreviated form like "SIPCompatRep". Normally a user will look for keywords like "Provider" or "Compatibility". If you use an abreviated title the mediawiki search engine will not find a matching article.

=== The article text ===

Don't use abbreviations shorter than three letters. For example use "compact flash" instead of "CF". The mediawiki search engine will not search strings shorter than three characters.

=== wiki links ===

If you want to link to other articles in this wiki, use if possible intra-wiki links instead of externeal links.
Example:
* Good
<pre>[[ Create_New_Page | Create New Page]]</pre>

*Bad
<pre>[http://wiki.innovaphone.com/index.php?title=Create_New_Page Create New Page]</pre>

In some cases you might find it usefull to link to a entire category of pages. You can do this by using category links.
Example:
<pre>[[:Category:Compat|Compatibility Articles here]]</pre>

=== Embedding Images/Screenshots ===

* '''Resize application window''' that you want to show ([[Media:How to create new articles screenshots good 01.PNG|good example]], [[Media:How to create new articles screenshots bad 01.PNG|bad example]])
* '''Cut''' unnecessary picture areas
* Pressing '''Alt-PrintScreen''' places an image of the frontmost window on the clipboard. Pressing PrintScreen by itself places an image of the entire desktop on the clipboard.
* Open MS-Paint. (From Start/Run, issue the command "mspaint".) Create a new empty image, and use Edit/Paste to bring in the screenshot you just took. (If the screenshot is smaller than the default Paint canvas, [[Media:How to create new articles screenshots bad 02.PNG|you'll end up with white areas]]. Start over: create a new empty image, change its dimensions to 1x1, and Paste again. The canvas will grow for the Paste, but it doesn't shrink.)
* '''Do not scale''' screenshots, this make it [[Media:How to create new articles screenshots bad 04.png|unreadable]]
* Use MS-Paint to Save As, using '''PNG''' as the file format (it is superior to all the rest, [[Media:How to create new articles screenshots bad 03.jpg|JPG is bad choice]])

For files that are relevant for the current article only, please follow the image naming scheme. That is, prefix the name with the article name and add a sequential number. This will make sure that file names related to different articles do not conflict. So, instead of using ''screenshot1.png'', rather use e.g. ''How to create new articles 03.png''.

Screenshots are included using the '''<nowiki>[[Image:xyz.png]]</nowiki>''' syntax.

[http://www.irfanview.de IrfanView] - usefull free tool for making large number of screenshots:

*install
*run
*press c to configure and start capture
**set capture area(Foreground window - Client area)
**set output folder
**set PNG as output file format
*press Ctrl+F11 to make screenshot

====Screenshots (Screen Dumps) from innovaphone Phones LCD Displays====

http://192.168.0.1/lcd_dump.bmp

==== Network Diagrams ====

In some cases it is easier to draw a simple network diagram to describe some networking scenario. For this purpose a free graph editor [http://www.yworks.com/en/products_yed_about.html yEd] from yWorks can be used to create network diagrams including shapes for innovaphone devices.

Installation procedure
*download yEd diagram editor from [http://www.yworks.com yWorks homepage], install and run it once
*download innovaphone-pictograms from <dfslink>\\inno-sifi\dfs\Interne Dokumente\Präsentationen\inno_master\yEd_Shapes</dfslink>
*unpack file and extract innovaphone.grapml into
** WinXP/Vista: <code>C:\documents and settings\USERNAME\.yed3</code>
** Win7: <code>C:\Users\USERNAME\AppData\Roaming\yWorks\yEd\</code> or <code>C:\Users\USERNAME\.yed3</code>
* Exact location depends on where yEd stores its runtime data. Look for a directory that contains <code>realizers.xml</code> and <code>settings.xml</code>.
* Recent version of yEd (version 3.7 will do) supports direct import of the user defined palettes. In this case right click on any existing palette and import innovaphone.grapml

Recommend practice to use shapes
* Adaption of existing drawings
** Open drawing in yed
** Mark shape to be replaced
** Right click on marked shape
** Select Properties/SVG
** Select More..., choose new shape out of the ones included in the package
* Creation of new drawings
** use shapes from palette innovaphone
** one can hide the embedded description by right click on shape, properties, label, uncheck visible checkbox

yEd can export diagrams in PNG file format that should be used to upload on wiki. Innovaphone employees should check [http://wiki-intern.innovaphone.com/index.php?title=Wiki_Implementation#Network_diagrams notes regarding network diagram source files storage].

=== Uploading Files ===

Generally, the inno-wiki is not a download site. If you still feel it appropriate to provide downloads on a page, you can upload the file just like you would for screen shots.

We support uploading of Images, ''txt', ''pdf'' and ''zip'' files.

Downloads are included using the '''<nowiki>[[Media:xyz.zip]]</nowiki>''' syntax.

=== Keywords ===

In some cases you may want that your article should be found if the search function is looking for certain keywords. However this keywords don't fit in your article context, because they are in a foreign language or simply synoyms of used technical terms.
In this case just use the Keyword paragraph, to insert the desired keywords in your article.

== Editing an existing article ==

Often people make just small changes to a page, for example typing errors. Mediawiki offers the posibility to mark changes as minor. You will find the checkbox "This is a minor edit" just over the "Save page" button.

[[Image: How_to_create_new_articles_2.PNG‎ | minor edit checkbox]]

This will make sure people watching a page (see below) do not get notified just because of such a minor update.

== Staying up-to-date with articles ==

If you think an article has very essential content and want to stay informed about every change made to this page, you can use the watchlist feature. To add a page to your watchlist, just use the link "watch" on top of the page.

[[ Image:How_to_create_new_articles_1.PNG | watch link]]

In order to be automatical informed by mail about recent changes to pages on your watchlist, you have to make some adjustments to your preferences. By using the Specialpage "Preferences" [[Special:Preferences | My Preferences ]] you can enable the feature ''E-mail me when a page I'm watching is changed'' .

== Related Articles ==

[[Create_New_Page | Create New Page by using templates]]

[[Help:Contents | General help on working with mediawiki]]