A Diagnosis and Hardening Platform for an Asterisk VoIP PBX

Abstract

Voice over IP (VoIP) is a set of software and hardware technologies used for making voice calls over the Internet. VoIP has been massively deployed in corporative environments since voice and data network convergence enables unified communication services while reducing costs. The main component of a VoIP network infrastructure is the private branch exchange (PBX). Nowadays, Asterisk is the most widespread PBX deployed within corporations due to its open access technology, along with its modular and flexible design. The configuration of PBX systems usually relies on multiple configuration files composed of a vast number of parameters that may have an impact on the security of the system. Therefore, the setup of such systems tends to be complicated and prone to errors and usually requires highly specialized human intervention. In this research, a diagnosis platform for discovering vulnerabilities and security breaches in the configuration of an Asterisk PBX is presented. The proposed platform performs both reactive and proactive actions in order to reconfigure and harden an Asterisk PBX. Firstly, the platform reacts after certain events by modifying the configuration of the Asterisk PBX in order to mitigate risks. Secondly, the platform performs several on-demand assessments that also reconfigure the Asterisk PBX to improve overall security. Finally, the functionality of the platform is easily extensible and highly customizable. Extensive tests have been carried out to assess the security and performance of the Asterisk PBX when facing attacks. Results show that the security of the platform increases, avoiding performance degradation when using the proposed platform.