Recently in Security Category

Once you have your FreePBX/Asterisk server up and running, what do you need to do to start using encryption to protect your phone calls?

1) You are going to need a certificate. I am not doing a PKI tutorial here -- there are enough out there on the web. Keep in mind that your phones -- soft or hard -- will need to trust your CA.

2) Asterisk must be compiled with SSL and SRTP support.

3) SIP Settings in FreePBX or sip.conf:

tcpenable=yes
tlsenable=yes
tlscertfile=/var/lib/asterisk/keys/myCertandKey.pem (key and cert concatenated in one file.... lame, I know, so make sure perms on that file are 400.)
tlscafile=/etc/pki/tls/certs/myCA.pem
tlscipher=AES256-SHA:AES128-SHA:RC4-SHA
tlsclientmethod=tlsv1

(One day, I hope there's a hard phone that does TLS 1.2 with ECDH and AES-GCM.)

4) Extension Settings in FreePBX or sip.conf :

transport=tlsonly
encryption=yes (SRTP Only)

5) SNOM Phone Settings:

Login:
registrar: my.asterisk.server;transport=tls

RTP:
RTP Encryption: on
SRTP Auth-tag: AES-80
RTP/SAVP: mandatory
Media Transport Offer: TCP

Certificates:
Upload your CA's public cert.

 6) For Trunks (assuming the other end is in your circle of trust):

Refer to the Asterisk Wiki.

7) As long as you have a cert and key for Asterisk, you may as well use the same one for   the web interface. You'll need to install mod_ssl:
yum install mod_ssl
and then edit /etc/httpd/conf.d/ssl.conf to point to to your certificate files above. Otherwise your admin passwords go across the network in the clear.

8) Consider adding real CentOS repos to your install instead of sticking with just the FreePBX repos. It will certainly void your warranty, but you'll have up-to-date software.

9) Test with Cain.

10) Understand that confidentiality is not at the top of the priority list for Asterisk or FreePBX, although that is changing... It's enough to make you want to try FreeSwitch.

In recent days, this blog has seen an increase in traffic to entries on Asterisk and Encryption. So you're wondering if you can use OpenSSL and Asterisk to keep your phone calls private. The answer is, it depends. To keep calls private, you'll need to secure the PBX, the phones, and the connections between them.

The good news is that Asterisk is more stable than ever, and it supports OpenSSL. SIP-S behaves pretty much like https does on Apache's web server. SRTP's source code is available, although SRTP has had far less scrutiny into its encryption implementation. (I am unaware of any FIPS-140 validated SRTP modules.) Why two different forms of encryption? This is an important point:

  • SIP-S encrypts just the registration and call control data. This includes extension, username, password (beyond Digest), and the phone number you're dialing. The use of digest authentication in unencrypted SIP across the Internet is a critical flaw. While digest hashes your password with MD5 with a "nonce" or salt, the nonce is sent in the clear. CAIN can crack a 4-digit password captured in digest form in less than one second.
  • SRTP covers the contents of the call to include your voice back and forth. The key for SRTP is negotiated in the SIP channel, so doing SRTP only is pointless. (Select an 80-bit key for SRTP if possible.) SIP-S protects your username and password and the number dialed, but not what you're saying or hearing. In summary, you need both SRTP and SIP-S/SIP-TLS to keep your calls private.

Keep in mind that anyone eavesdropping on your network connection will still know there's a call in progress and the IP addresses of your endpoint/hardphone/softphone and your Asterisk server even if you're using both forms of encryption. In general, it's a good idea to encrypt your calls locally, because it's fairly trivial (CAIN) for your Network Admin to configure a span port and start recording all your calls to disk. Also keep in mind that monitoring is a feature of Asterisk that can be enabled. If you can't secure your server, your calls won't be private.

What about the other side of the call? Who are you talking to? How does your call get there? If you're using a commercially provided SIP trunk to get to the PSTN and dial real phone numbers, it's pretty much over right there. Few low-cost SIP providers support SIP-S or SRTP. Even if they do, they still need to fill out FCC Form 445 and FCC Form 449. 

FCC Form 445 is used to monitor the progress of telecommunications carriers that provide facilities-based broadband Internet access or interconnected Voice over Internet Protocol (VOIP) services in complying with the Communications Assistance for Law Enforcement Act (CALEA) and the Commission's requirements for such facilities and services. See Communications Assistance for Law Enforcement Act and Broadband Access and Services, ET Docket No. 04-295, Second Report and Order and Memorandum Opinion and Order, FCC 06-56 (released May 12, 2006), 21 FCC Rcd 5360 (2006) (Second Report and Order). See also 47 C.F.R. § 1.2000 et seq.

FCC Form 449 and background:

With very limited exceptions, all intrastate, interstate, and international providers of telecommunications in the United States must file this Worksheet. Telecommunications providers that are contributors to any of the support mechanisms, including USF, TRS, NANPA, or LNPA, must file this Worksheet. The term "telecommunications" refers to the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received. For the purpose of filing, the term "interstate telecommunications" includes, but is not limited to, the following types of services: wireless telephony, including cellular and personal communications services (PCS); paging and messaging services; dispatch and operator services; mobile radio services; access to interexchange service; special access; wide area telecommunications services (WATS); subscriber toll-free and 900 services; message telephone services (MTS); private line; telex; telegraph; video services; satellite services; resale services; Frame Relay services; asynchronous transfer mode (ATM) services; Multi-Protocol Label Switching (MPLS) services; audio bridging services; and interconnected VoIP services.

The keyword here is "interconnected." Also, "non-interconnected:"

Non-Interconnected VoIP Service Providers: All providers of "non-interconnected VoIP service" (as defined in section 64.601(a) of the Commission's rules) with interstate end-user revenues subject to TRS contributions must file this Worksheet in order to register with the Commission and report their revenues for purposes of calculating TRS contributions.

Unless you're Google Voice, in which case you don't have to follow the rules. This may explain the reluctance of Google to make Google Voice an "official" business app.

Back to your phone calls: if you're paying anyone else to provide anything to your phone call other than a raw internet connection, they have to register with the FCC and certify that they can provide monitoring to the government. Form 445 requires a reference number from Form 449-A so they can check. Actuallly, your broadband provider needs to do this too, so what can you do? To make private calls, they need to connect through PBXes that you control. No PSTN calls are private, ever.

So if you're going to make a secret squirrel phone call to your buddy using Asterisk, that buddy's phone had better be a client of the same Asterisk server, or you need SIP or IAX2 trunks you both control, between Asterisk servers you both control, with encryption. Yes, you can encrypt SIP and IAX2 trunks, per Asterisk docs. Even better, use VPN between the two Asterisk servers, so you have two layers of encryption. That way, a single flaw in SIP-TLS, SRTP, or OpenVPN/IPSec won't be fatal. (Some call it "swiss-cheese theory:" if you have two layers of swiss cheese, the holes probably won't overlap. Using VPN for all SIP traffic - trunks and calls - can prevent you from exposing servers and phones on the Internet. SIP scanning is one of the most common attacks I see with Snort. It's best not to leave any VOIP ports open to the Internet. Use VPN for trunks and clients.

Even with SIP-S, SRTP, and OpenVPN or IPSec, though, network traffic analysis will reveal the connection, or association, between IP addresses. You and your co-conspirators are visiting the same server, so if one of you is a target, your buddies become targets, too. Suddenly, everyone who connects to your secret squirrel Asterisk server is suspicious. While the content of your communication is secure, the IP traffic to and from your PBX reveals your whole criminal team. Now you know why numbers stations  are still in use in 2013, along with one-time-pads on flash paper. Before online gambling, bookies use to keep their betting slips on flash paper.

How to build Asterisk?

From source, of course. (Although the latest stable version of the  FreePBX distro has SSL and SRTP support compiled in and OpenVPN installed in CentOS 6.3, but an antique version of OpenSSL -- OpenSSL 1.0.0-fips 29 Mar 2010.) My last Fedora (Spherical Cow) install had every prerequisite installable from Yum. You could build all the prereqs from source, but that takes a while. (If you're on Amazon's cloud, it will be necessary for quite a few of them.) Then stop with RPMs. Do not use RPMs for Asterisk.  Build Asterisk from source. There are too many options that need to be compiled in, from SSL to SNMP and SRTP. You can also see what's really getting built. Asterisk has a nice menuconfig that will let you know what you're missing.

For the uninitiated:

  1. Wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
  2. Tar -zxvf asterisk-11-current.tar.gz
  3. Cd asterisk-11-current
  4.  ./configure
  5. Make menuselect (and then choose your options, including SRTP.)
  6. Save and exit
  7. Run mp3 script here: asterisk-11-current/contrib/scripts/get_mp3_source.sh
  8. Make
  9. Make install

You could try building OpenSSL from source and then building Asterisk from that rather than the RPM/Deb package that came with your distribution. Then you can update it on OpenSSL's schedule rather than Fedora's. I'd complain about not getting TLS 1.2 or elliptic curves and keys, but I'm pretty sure no phones around support it. Snom phones support RC4, RSA, DH, and SHA-1, but not CRLs.

What kind of hard phone to use? The SNOM phones work best in my environment. They can even do OpenVPN before registering with your Asterisk server. However, I've had issues doing OpenVPN and SIP-TLS simultaneously because of DNS issues. (PFSense, an open-source firewall, supports OpenVPN and even has a profile export module for SNOM phones.) And unlike the Nortel phones, there's no "ringless monitoring extension" feature on SNOM phones that lets your admins place your phone's microphone and camera off-hook silently.

However, you're going to have to trust the firmware on any phone you get. Not just that it doesn't have a back door, but also that it's implementing encryption well. Some Cisco phones have FIPS-140 certification, but the SNOMs do not. (FIPS certification means the encryption has been implemented well, but it doesn't mean the phone is impervious to attack, as shown here.) The trouble with the Cisco FIPS phones is that you really don't want to try SIP out on them. Cisco small business phones support SIP, but they're not using FIPS certified encryption modules. What about soft phones? In general, general-purpose computing devices are more likely to be hacked. A Windows or Mac computer is more likely to have a virus than a VOIP hard phone -- the attack surface is larger. However, you may not have a choice if you want to try a secure call from your smart device. Fortunately, there's OpenVPN for iOS and Android now.

Other risks:

  • Are you making the call with your computer? FAIL. Your computer is infected and copying all the data someplace else.
  • Are you talking near a computer? FAIL. Your computer is infected and recording audio and video from your webcam.
  • Are you talking near any other type of phone - landline, mobile? FAIL. The phone has been placed off-hook remotely and audio is being recorded.
  • Are you talking in public? FAIL

One day I became curious to see if I could use a security token/smart card with pfSense to log into OpenVPN. Why not? It beats storing unencrypted keys and/or passwords on mobile computers. If you can't get users to change their passwords as often as you'd like, smart cards are one kind of mitigation. You'll just need card readers or USB ports on client devices and the open-source pkcs11 dll or shared object. And get your users not to leave the tokens/cards in their computers. (Which is why it's great to also make them proximity cards for doors.) If you needed your smart card to go to the restroom, I'm guessing you wouldn't leave it in the computer.

This does NOT cover Windows domain authentication, or one-time-password tokens such as inSecureID.

It turns out that it is possible -- provided you follow some simple steps. The best part is that smartcard authentication to pfSense's implementation of OpenVPN doesn't require any server-side configuration changes. (Assuming you're already doing certificate-based authentication -- tls key too, if you want.) That's right. If you've got certificate-based authentication working, you don't need to change a single parameter on the pfSense side. You can also use your smart card to log in via SSH with Putty-SC and via https with Firefox.

Smart cards and tokens are often misunderstood. Mention "hardware security module" and people start to think you're a security geek. But smart cards are mini-HSMs. The card stores your certificate and key. It protects your key with a PIN. Some cards can store more certificates and keys than others, but that's the main concept. It separates your private key from the computer and protects it. Get the PIN wrong a few times and your card gets locked. Forget the PIN unlock code (PUK) and you may lock out the card permanently, which is exactly what should happen in a hardware security module.

But this is IT, where simple concepts are blown up by implementations. Every smart card brand and model is different. The middleware is all different. You have to get married to a card and its vendor's middleware to make it work. Even the HSPD-12/PIV standard is a standard for reading cards only. Administration is different for all vendor PIV implementations, creating millions of dollars in opportunities for card middleware vendors. (Hmmm, I wonder what the US national ID card is going to look like.)

Until OpenSC. OpenSC is the Smart Card project that's been open-sourcing card solutions for a number of years, and it pretty much works if you stick to cards they support.

Problem: they don't support that many cards and the cards they do support aren't sold many places. But you can buy ones that work for shipment to the US and Wassenar countries. I chose Aventra and it worked. Gooze's 2003 PKI USB tokens are up next for testing.

One key point: pkcs15 is a file structure for cards. pkcs11 is a software interface for cards. Read the OpenSC documentation twice before starting -- once for concepts and again for details.

When you buy the cards, you'll be offered a proprietary driver and middleware. Don't use it. Everything you need is at OpenSC-project.org. Stick with those drivers and their process. OpenSSL has an engine for cards: the PKCS11 engine. That lets you issue OpenSSL commands to get a CSR from the card's key. The other software component is pkcs11 shared object/dll file, or "driver." You point your smartcard-aware application at that so it knows where to find the software interface, which knows where to find certificates and ask for keys. (In windows, it's c:\windows\system32\opensc-pkcs11.dll; in Linux, it's wherever you stuck opensc-pkcs11.so.)

Once you get the card, install Open-SC, and stick the card in the reader. (You can install Open-SC on Linux or Windows and maybe Mac.)

1. Initialize the card:
pkcs15-init --create-pkcs15 --profile pkcs15 --use-default-transport-key --pin xxxxxxx --puk xxxxxxxxxx --label "larry" --so-pin xxxxx --so-puk xxxxxxx

(There are many different options, you'll need to read the documentation...)

2. Get the certificates on the card:
Method 1: Fast using your existing OpenVPN certificates:
In a nutshell, here's what you do. Take your OpenVPN client certificate and key, (and your CA chain if necessary), and export it using OpenSSL into a pkcs12 file. Then use OpenSC's pkcs15-init tool to get the pkcs12 file onto the card.

The command below exports your certificate and private key in the same form you can get it out of pfSense. It contains your private key, so don't leave it lying around.

openssl pkcs12 -export -out larry.p12 -in larry.pem -inkey larry.key

Once you've got that, get it on the card thus:

pkcs15-init --store-private-key larry.p12 --format pkcs12 --auth-id 01 --pin xxxxx

Method 2: Create a new card-only key, use your own CA
For advanced users with their own CA, there's another way: issue the command to the card to create a private key, then use the OpenSSL pkcs11 engine and the pkcs11 interface to generate a certificate request.

pkcs15-init --generate-key rsa2048 --auth-id 01 --pin xxxxx

This should take about 40 seconds on the MyEID card. Then get the slot ID for the key:
pkcs15-tool --list-keys

Using reader with a card: SCM SCR 3310 [CCID Interface] 00 00
Private RSA Key [Private Key]
Object Flags : [0x3], private, modifiable
Usage : [0x10E], decrypt, sign, signRecover, derive
Access Flags : [0x0]
ModLength : 2048
Key ref : 1 (0x1)
Native : yes
Path : 3f0050154b01
Auth ID : 01
ID : d5e583c9fc7835231e94369f0f066d5ca5039814
GUID : {d5e583c9-fc78-3523-1e94-369f0f066d5c}

The fire up OpenSSL:
openssl
And then load the pkcs11 engine. (This is what requires you to install the extra engine.)
engine dynamic -pre SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so

If all is successful, you can forge ahead. If not, figure out what's wrong with your compile.
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine

Using the key ID from above, you can create a certificate signing request without getting the key off the card. Just put "slot_x-id_" in front of the number.

OpenSSL>req -engine pkcs11 -new -key slot_1-id_d5e583c9fc7835231e94369f0f066d5ca5039814 -keyform engine -out mynewrequest.csr

Then sign the CSR with your CA and import the certificate to the card. If you don't know how to sign a CSR, then Google it... Once you have the certificate, get it onto the card:

pkcs15-init --store-certificate larry.crt --auth-id 01 --id d5e583c9fc7835231e94369f0f066d5ca5039814 --format pem

Notice that the private key never leaves the card. (My dream is to get TinyCA working and store the CA key on a smart card....)

Now you're ready to test using the card:

OpenVPN:
Then change your client OpenVPN configuration file to use pkcs11. One catch is that the OepnVPN client supports pkcs11 but doesn't give you any way to input the PIN. Nor does OpenVPN-GUI. Viscosity does, but it's proprietary. OpenVPN-GUI has a modded version that supports it that I have not tested yet. Thus I use Viscosity. You'll need to load your pkcs11 module. In windows, it's c:\windows\system32\opensc-pkcs11.dll.

Once you get OpenVPN working, you can try using the key to access logins via SSH using Putty's smart card version. To get your public key off the card in ssh form, just try:
ssh-keygen -D /usr/lib/opensc-pkcs11.so

You can also configure Apache's httpd to use client certificates for authentication. Just change your /etc/httpd/conf.d/ssl.conf to include these two lines:
SSLCACertificateFile /etc/httpd/conf.d/mycafile.pem
where mycafile.pem is your cert authority's public cert.
and then
SSLVerifyClient require
And all your SSL connections will then require client certificates. Apache tends to reset the connection when you don't have a client certificate available.

Firefox has security token support built in. Go to options | encryption | security devices, and load your pkcs11 module. In windows it's c:\windows\system32\opensc-pkcs11.dll. Then you'll be able to choose a client certificate from the card.

When you're done configuring and testing the card, issue the following command to finalize the card:
pkcs15-init --finalize

TrueCrypt supports smart cards, but I have not figured out how to store a keyfile on the card. Yet.

And this assumes OpenVPN, Viscosity, and the cards are all engineered secure.

When Amazon started offering free virtual machines, I jumped and started setting up Asterisk from scratch. You can't just upload an ISO and boot from that. (That would be WAY too easy for an IaaS provider like Amazon to offer free.)

After getting all the prequisites in, (there are only really two you need to build by hand, iksemel and libSRTP. sox is optional. The rest are RPMs.), I started the ./configure. Success. Then make. Halfway through, the machine shuts down because I'm consuming too many resources. The first time I thought it was a fluke, but after the second time, I gave up.

But I was still intrigued to see if I could do it, so I moved to the Rackspace cloud and set up a CentOS 6 virtual machine with 20 GB of virtual drive and 512 MB of RAM. Again, no uploading a boot ISO. This isn't VMWare. The build went a lot faster when installing required RPMs. On CentOS, sox is available in the repo. On Amazon's AMI box, it was not.

However, FreePBX 2.10 won't install with Asterisk 10. You can install Asterisk 1.8, then install FreePBX, and then upgrade Asterisk to 10. So far, it works. I can't do testing of every feature, but it is easier to test in the cloud than building yet another box in my basement. (With the exception of DAHDI, of course.)

Rackspace is nice and conservative with its default CentOS build. Iptables is left open to everyone for one port -- 22 tcp -- for ssh. It responds to ping, too, but you can fix that. There's no way I was going to open up much more to everyone, like https (which works fine for FreePBX 2.10), or SIP, or RTP ephemeral ports.

How I did that: Use iptables to limit SSH to my own IP addresses, including a backup address or two. Then install OpenVPN. Given that I'm already managing certificates for https and Asterisk it's not a stretch. It's a lot easier if you have your own certificate server rather than using the scripts provided with each component. (Rant: Everyone who needs to configure https, ssl, tls, or OpenVPN on live Internet-connected machines should be required to complete a tutorial on the CONCEPTS of PKI before being allowed get access to CA and certificate creation scripts for live Internet boxes. Both Asterisk and OpenVPN ship with them.)

OpenVPN runs on port 1194 udp. So what's the other open port? 5222 for Gtalk. I just wish Google had a list of its public IPs for me to enter into iptables.

To access the box, I dial in to the OpenVPN with my certificate that has a password-protected encrypted key. Then I connect to the web interface via https. Snom phones connect via OpenVPN with a certificate and cleartext key. For backup and remote logging, the Cloud server also connects back to my basement via OpenVPN. OpenVPN is easier to configure and seems to have better uptime than my IPSec tunnels. I just hope it's as secure as IPSec.

Total cost so far: $5. It's running under a dollar a day, which is fine for a test box for a little while. I'm a little worried that I won't be able to let go after tweaking it out just the way I want it.

Downside: if iptables stops, my box is getting hacked. I'm afraid to ask how much a dedicated firewall (virtual or real) would cost.

Bug I haven't been able to fix yet: sometimes Snom can't connect via TLS or TCP after getting there through OpenSSL. UDP always works. I'm still working to figure out why.

I'd like to do an selinux policy, too, but that's going to take some time.

Update: Video calls seem to be working between extensions between a Nortel 1535 and the Bria softphone. Since the Nortel doesn't support TLS/SRTP, I can't test video encryption yet.

Asterisk 10 Encryption

| No Comments | No TrackBacks

As a follow-up to my Asterisk 1.8 encryption fun, I wanted to check out Asterisk 10 and see if I could get SIP-S and SRTP working. I fired up an antique Celeron box with 512MB of RAM with the FreePBX distro CD. An hour later, it was running Asterisk 1.8 and I was talking between extensions. No encryption yet.

At this point, I started to appreciate PBX-in-a-Flash a little more because that distro does a full ./configure, make, make install for Asterisk and Dahdi. The stock FreePBX distribution doesn't, but it does get things up and running quick.

After getting FreePBX running, I downloaded libsrtp and Asterisk 10. I had the same trouble with libsrtp in the Asterisk ./configure as before, so Google the error and add -fPIC etc. to the Makefile. After a couple of attempts, Asterisk finished configuring and making and installed and started. I could make calls back and forth.

However, when I first added tlsenable=yes and a path to my certs to my sip_general_custom.conf and restarted Asterisk 10, it did nothing for TLS. Asterisk wasn't even listening on port 5061. And AES encryption on an IAX2 trunk back to my production Asterisk box failed with the following error:

WARNING[1248] /usr/src/asterisk-10.0.0/include/asterisk/crypto.h: AES encryption disabled. Install OpenSSL.

OpenSSL was installed. On further investigation, I discovered that the res_crypto module was not loading or loadable.

OpenSSL-devel was not installed. So I went back and did a yum-install openssl-devel and recompiled and reinstalled Asterisk 10. Then TLS worked fine.

For the record, here are the packages I installed for Asterisk 10 on a FreePBX 2.9.0.9 distro. Dahdi and Asterisk-Add-Ons are not covered here.

zlib-devel-1.2.3-3.i386
libxml2-devel-2.6.26-2.1.2.8.el5_5.1.i386
sqlite-devel-3.3.6-5.i386
doxygen-1.4.7-1.1.i386
keyutils-libs-devel-1.2-1.el5.i386
e2fsprogs-devel-1.39-23.el5_5.1.i386
libsepol-devel-1.15.2-3.el5.i386
libselinux-devel-1.33.4-5.5.el5.i386
krb5-devel-1.6.1-36.el5_5.6.i386
openssl-devel-0.9.8e-12.el5_5.7.i386
mysql-devel-5.0.77-4.el5_5.4.i386

Another thing: You can add your SIP parameters (like tlsenable=yes) to the SIP configuration page that's available in FreePBX now, instead of hand-editing /etc/asterisk/sip_general_custom.conf.

Next: An selinux policy for Asterisk?

Asterisk Encryption Gotchas

| No Comments | No TrackBacks

Finally, Asterisk supports encryption of phone calls and signalling in version 1.8. It's about time. So now, those of us running FreePBX can just hit the encryption checkbox and everything will run fine. Not so much. FreePBX 2.9 incorporates encryption options for extensions, but it assumes you've done all the legwork and configured all the prerequisites. (Tested with varying levels of success on Asterisk 1.8.1.1, FreePBX 2.9.0.7, Bria 3.2.1 62387 (iPhone version works fine, too), snom370-SIP 8.4.32, Aastra 57iCT/3.2.2.1136, and Xlite 4.0.9). My Asterisk install is based on PBX in a Flash, but I do my own recompiling, which pretty much voids its warranty and script upgrade functionality. So proceed at your own risk. (Since this is Asterisk, though, you knew that already.)

To get encryption running in Asterisk, take things step by step. Asterisk encryption is really two types of enrcryption: SIP-S, or SIP over TLS for signalling -- traditional PKI using OpenSSL; and SRTP for the voice traffic. Each is configured independently under each extension. Asterisk Encryption is not end-to-end. It is extension-to-Asterisk, and maybe Asterisk-to-Asterisk on trunks. Asterisk encryption is not foolproof, and it will not encrypt calls to the PSTN. It's still vulnerable to MITM attacks with faked certs, and to a compromise of your Asterisk install. Also, just because your connection to Asterisk is encrypted and the lock symbol shows up on your phone doesn't mean the other extension (or trunk) on the other side of Asterisk is also secure.

The key for SRTP is exchanged over the SIP channel, so if SIP's not encrypted, what's the point of bothering with SRTP? If you want to see what you're missing by not using encryption, download Cain from oxid.it and run it while you register the Bria softphone client and make a call from your windows computer. You get hashes of your SIP passwords and recordings of your phone calls, all from a GUI Windows program. If you have a network tap or span port in the right spot, you can intercept every call and signal between your Asterisk server and its SIP endpoints.

To get started, Asterisk 1.8 requires libsrtp. (You can thank Cisco for making it available, too.) You'll need to download, configure, make, make runtest, and make install before you hit ./configure on your Asterisk source. (Yes, recompiling Asterisk is necessary.) Then, when you do ./configure on your Asterisk source, you'll get an error when it finally gets to checking your libsrtp availability. Google the error phrase, and you'll learn what to change in the CFLAGS line of your libsrtp Makefile. Recompile and reinstall libsrtp, then reconfigure Asterisk. Then in your Asterisk source, make menuselect and select libsrtp under resources. Don't forget to make sure your other cool Asterisk features (like gtalk) are still enabled before you save and exit. Then recompile and reinstall Asterisk. There are plenty of tutorials for these steps on the Interwebs.

Once Asterisk is running again, you can start by getting a certificate for TLS. I am not going to do yet another certificate from self-signed CA howto here. There's an excellent one over at madboa. It's nice for Asterisk to now include a CA/Cert script, but you should really understand how SSL works. I know people who send private keys via email.

Another note about certificates: even if all your workstations are in a friendly LAN with the same DNS suffix, use the fully-qualified Domain Name (FQDN) for your Asterisk certificate. Some endpoints (Bria, I'm looking at you) require FQDN and cannot validate the certificate if you're getting to your Asterisk server by a short name. Using IP addresses for the registrar in your endpoints? That won't work either. You'll need the CA cert on some endpoints but not others. (Snom phones like certs in DER format; Asterisk and Aastra like PEM. To copy from PEM to DER, try this:

openssl x509 -in input.crt -inform PEM -out output.crt -outform DER

Once you get your CA and certificate, your sip_general_custom.conf file should have lines as follows. (In FreePBX, sip_general_custom.conf is the one you can hand-edit safely.)

tcpenable=yes ; If you don't have TCP enabled for SIP now, go ahead and enter this and test it.
tlsenable=yes
tlsbindaddr=0.0.0.0
tlsclientmethod=tlsv1
tlscertfile=/etc/asterisk/keys/asterisk.crt ; concatenate the key file to the bottom of the cert file so they're together.
tlscafile=/etc/asterisk/keys/asteriskCA.crt
tlscipher=AES256-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

Some say put "ANY" there for tlscipher. I suggest you want encryption that's strong but compatible with your endpoints. For valid strings, look here: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS. To see which one your endpoint is using, you'll need to do a network capture via Wireshark. If there's no shared cipher between your endpoint and Asterisk, you'll see something like this in your logs:
/var/log/asterisk/full:[2012-01-03 13:59:30] VERBOSE[29926] tcptls.c: == Problem setting up ssl connection:
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Also, you'll need to trust your self-signed CA in Linux. (Seriously, don't set tlsdontverifyserver=yes -- it's just lame.)

If you're on Fedora or CentOS, the folder is /etc/pki/tls/certs.
# ln -s myAsteriskCA.cer `openssl x509 -hash -noout -in myAsteriskCA.cer`.0
then verify:
# openssl verify -CApath /etc/pki/tls/certs /etc/asterisk/keys/myAsterisk.cer
should get you a:
/etc/asterisk/keys/myAsterisk.cer: OK
Once you have a certificate in place, restart Asterisk and see what comes up:
/var/log/asterisk/full:[2012-01-02 23:37:26] VERBOSE[24700] tcptls.c: SSL certificate ok

Then you can try connecting with TLS. In FreePBX, you go to the particular extension you want to test and select TLS Only and reload. Each endpoint is different. Once TLS is successful, you can try setting the extension to use SRTP encryption in FreePBX.

Notes on Phones:

Each phone is different. Bria was easy, so you may want to start with that to see if Asterisk is working correctly. In account settings, domain needs to be a FQDN that matches what you've assigned the certificate. You also need to import the your CA cert into Windows' CA certificate store. For signaling transport, select TLS. For SRTP, select "Make and accept only encrypted calls" for Media Encryption. With any luck, when you hit the apply button, you should see "All accounts are active." While Bria for Windows validates certificates, it's optional on the Bria for iPhone/iPad.

The other software phone, 3CX, has settings for TLS but gets caught in an SSL handshake loop when trying to register, in spite of a shared cipher suite.

For the SNOM 370 to connect via SRTP successfully, I had to set RTP/SAVP to Mandatory. (Identity | RTP in the Snom Menu.) If you have multiple SIP accounts to the same Asterisk server in your SNOM phone, having any one ID configuration incorrect can break them all (Error message "Not acceptable here" whenever you dial). Also set the SRTP Key to 80-bit; 32-bit is the SNOM default, which doesn't work. (This has changed in Asterisk 10: Add option encryption_taglen to set auth taglen only 32 and 80 are supported currently.)

Also, disable RTCP support in SNOM if you don't want Asterisk to crash when it's doing SRTP.

user_host1!: my.asterisk.net;transport=tls
user_host2!: my.asterisk.net;transport=tls
user_srtp1!: on
user_srtp2!: on
user_symmetrical_rtp1!: off
user_symmetrical_rtp2!: off
user_server_type1!: asterisk
user_server_type2!: asterisk
user_savp1!: mandatory
user_savp2!: mandatory
empty_tls_client_cert!: off
xcap_via_tls!: true
tls_server_authentication!: on
user_auth_tag1!: off
user_auth_tag2!: off
support_rtcp!: off

On Aastra 6757iCT I got TLS working, and SRTP for inbound. Unfortunately, when SRTP is active, dialing out doesn't work at all, with "call failed" every time so far. I've gone through most of the DTMF options, inluding SIP, and still no joy. The difference between CA certs and Trusted Certs on the TLS support page is not clear to me. Aastra says to put your CA root & intermediate certs in CA Certs and Trusted Certs on the TLS support menu. For my mode -- persistent TLS -- I have only trusted certificates, a PEM file with concatenated public certs of my Asterisk server and its issuing CA.) Also, you need to manually set all the ports to 5061 for TLS. The others phones switched ports automatically. Relevant lines:

sip local port: 5061
sip local tls port: 5061
sip proxy port: 5061
sip registrar port: 5061
sip outbound proxy port: 5061
sip srtp mode: 0
(SRTP disabled -- so dialing out can work.)
sip transport protocol: 4
sips trusted certificates: asterisk2.pem
sips persistent tls: 1

I'd like to make more progress on the Aastra, but it requires even more reboots than the Snom.

Finally, run Cain again to see if your phones are encrypted for SIP and Voice. Even when SRTP is encrypting voice traffic, you can tell that a call is happening and how log it lasts. If you can't get a tap, you can do a TCP dump to a .cap file on your Asterisk server and then open it with Wireshark. Then you can take a look to see if the data looks encrypted.

Leftover vulnerabilities: This configuration still uses passwords for client authentication. You can use client-side certs if you want. Certificate Authorities are vulnerable. Bria (at least on Windows) uses the Windows Certificate Authorities that come installed. SNOM phones ship with CA certs aboard. (You still have to upload your own certs to the SNOM phone.) SNOM has no mechanisms for a certificate revocation list, so compromised CAs can be used to impersonate your certificates in a MITM attack. Aastra makes you upload any CA certs for trust.

Finally, for the SNOM phones that have the OpenVPN client, using the OpenVPN connection back to your Asterisk server and encryption within the (encrypted) VPN connection should provide some additional level of security.
(Assuming you haven't left your private keys exposed someplace.)

The secure PBX is not connected to the PSTN. And when you say man-in-the-middle attack, think government-in-the-middle. It's gender neutral.

More on Asterisk and VOIP privacy here.

All Asterisk security entries.

Some things are trivial in Linux/Unix and more complex in Windows. In Linux, it's md5sum filename. In Windows, there are free tools from Microsoft (fciv.exe), but no built-in commands that are super-easy to script.

So what are you to do if you need to collect file details and hashes for every folder within the subfolders of a directory? If you're doing it with VBScript, you'll need a free library available from XStandard. Once you register, you'll get a dll that you'll need to register. (It's 32-bit only, so if you're on a 64-bit box, you'll need to do this:
C:\WINDOWS\SysWOW64\regsvr32.exe XMD5.dll
and then to execute the script:
c:\windows\SysWOW64\cscript.exe FolderReportMD5.vbs )

Anyhow, this script is derived from the Sapien sample scripts. (While there are many free editors out there, I think Sapien's PrimalScript is worth every penny if you'll be doing a lot of Windows scripting.)

And since my MT template doesn't handle code well, here's a link to the text file.

'**************************************************************************
' File: FileListMD5.vbs
'
' Comments: This script uses the MD5 library available here:
' http://www.xstandard.com/en/documentation/xmd5/#api1
' This script runs through a directory tree and writes file attributes to a csv file.
' To run on x64 use C:\WINDOWS\SysWOW64\regsvr32.exe XMD5.dll and then execute via
' c:\windows\SysWOW64\cscript.exe FolderReportMD5.vbs
' Based on Sapien's sample script for FolderProperties.
'**************************************************************************
Set objFSO2 = createobject("scripting.filesystemobject")
'where to put the file list?
Set objFile = objFSO2.createtextfile("c:\scripts\" & "FileList" & ".csv")
q = """"
'write the header line of the CSV file.
objFile.WriteLine(q & "FilePath" & q & "," & q & "FileName" & q & "," & q & "DateCreated" & q _
& "," & q & "DateLastAccessed" & q & "," & q & "DateLastModified" & q & "," & q & "FileSize" & q &_
"," & q & "MD5Hash" & q & "," & q & "FileAttributes" & q)

'where to start
strSource="C:\folder"

Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objFolder=objFSO.GetFolder(strSource)

Call ProcessFiles(objFolder)

Sub ProcessFiles(objFolder)
Set colFiles=objFolder.Files


For Each file In colFiles
'it's a good idea to clear out the vars on each loop
strFingerPrint = "blank"
strPath = File.Path
Set objMD5 = CreateObject("XStandard.MD5")
strFingerPrint = objMD5.GetCheckSumFromFile(strPath)
Set objMD5 = Nothing
wscript.Echo strFingerPrint
wscript.Echo "File Name:" & vbTab & File.Name
wscript.Echo "Short File Name:" & vbtab & File.ShortName
wscript.Echo "File Path:" & vbtab & File.Path
wscript.Echo "Date Created:" & vbtab & File.DateCreated
wscript.Echo "Date Last Accessed:" & vbtab & File.DateLastAccessed
wscript.Echo "Date Last Modified:" & vbtab & File.DateLastModified
wscript.Echo "File Size:" & vbtab & File.Size
wscript.Echo "File Attributes:"
strFileAttributes = " "
if File.Attributes AND 0 Then wscript.Echo " Normal"
If File.Attributes And 0 Then strFileAttributes = strFileAttributes & " Normal"
if File.Attributes AND 1 then wscript.Echo " Read-only"
If File.Attributes And 1 Then strFileAttributes = strFileAttributes & " Read-only"
if File.Attributes AND 2 then wscript.Echo " Hidden"
If File.Attributes And 2 Then strFileAttributes = strFileAttributes & " Hidden"
if File.Attributes AND 4 then wscript.Echo " System"
If File.Attributes And 4 Then strFileAttributes = strFileAttributes & " System"
if File.Attributes And 8 Then wscript.Echo " Volume"
If File.Attributes And 8 Then strFileAttributes = strFileAttributes & " Volume"
if File.Attributes AND 16 then wscript.Echo " Directory"
If File.Attributes And 16 Then strFileAttributes = strFileAttributes & " Directory"
if File.Attributes And 32 Then wscript.Echo " Archive Bit is set"
If File.Attributes And 32 Then strFileAttributes = strFileAttributes & " Archive Bit is set"
If File.Attributes AND 1024 then wscript.Echo " Alias"
If File.Attributes And 1024 Then strFileAttributes = strFileAttributes & " Alias"
if File.Attributes AND 2048 then wscript.Echo " Compressed"
If File.Attributes And 2048 Then strFileAttributes = strFileAttributes & " Compressed"

'finally, write the line to the csv file
objFile.WriteLine(q & File.Path & _
q & "," & q & File.Name & q & "," & _
q & File.DateCreated & q & "," & q & File.DateLastAccessed & q & "," & q _
& File.DateLastModified & q & "," & q & File.Size & q & "," & q & strFingerPrint & q & "," & q & strFileAttributes & q)

Next
'process Subfolders
Call ProcessSubFolders(objFolder)

End Sub

Sub ProcessSubFolders(objFolder)
Set colSubs=objFolder.SubFolders
For Each folder In colSubs
ProcessFiles(folder)
Next

End Sub

About this Archive

This page is an archive of recent entries in the Security category.

Random is the previous category.

Find recent content on the main index or look in the archives to find all content.