Linux Support Sydney

Why Security Matters

Linux Support Sydney were contacted by a small business in Sydney. They were a fairly typical small business, operating in an industrial area with four Windows PCs, a rack with a couple ethernet switches, an ADSL router, and a Linux server. They were too small to need permanent IT people and looked after their Windows PCs as best they could. Their Linux server was used just for their phones, and it worked fine without any maintenance, so they didn't have anyone looking after it.

This is where things get a little scary. Someone in China managed to silently penetrate their Linux phone system due to weak passwords, and started using it to make overseas phone calls. This situation is all too common and can happen on any phone system. It wasn't until the small business got their phone bill the next month that this was discovered. By the time the phone company blocked all outgoing international calls, the people in China had racked up a bill of $29,000.

So we at Linux Support Sydney got an urgent call from this small businesses, they needed someone to come in ASAP and fix their phones. Not only to stop people from being able to use their phone system illegally, but also, since the phone company blocked outgoing international phone calls, the phones had started to play up, with call dropouts, and weird incoming calls that seemed to break the phone system for 30 minutes every time it was answered.

After arriving on site and analysing the situation, we found a pretty typical Linux Asterisk phone system running on Centos 5. It hadn't been updated for a long time, and the Asterisks settings were a fairly typical setup that were good for general use, but weren't very secure. Adding to that the weak phone passwords, and it was basically a free for all.

The first thing we did was update the software, then we locked down the server with a firewall in two layers, one on Centos, and one on the ADSL router. Then we locked down Asterisk, and changed all passwords to long random strings. This took about 3 hours. We monitored the situation remotely for the next few weeks and made a few minor adjustments here and there. The bill was just three hours labour.

In an ideal world, we would have reinstalled the server and set it up from scratch, but the business just couldn't afford that option, what with the $29,000 phone bill, so we did what we could that gave them the best possible outcome at the cheapest price. We also set up backups while we were there so if the single hard disk in the server died, they would only be out a few hours labour for us, or someone else to come in and replace the failed disk and restore from backups.