How to secure your Avaya VoIP Environment?
Understand ASM, Thread Modeling and other elements to keep your systems secured.
In this post “How to secure your Avaya VoIP Environment?”, see the different Attack models the attackers use, ways to strengthen your Avaya VoIP Environment, different type of attacks, threat modeling, Kernel Architecture, and how to implement rules to maintain your VoIP Environment under your customer’s security guidelines.
As system implementers and maintainers we get either tasked or asked by the customer’s security team to help them solve vulnerabilities found during different network VSS (Vulnerability Security Scan) where they can find some of our servers listed either with a weak ssh key, an application using a monitoring script, or in bad cases where an attacker brakes into the system and starts making malicious calls.
To assist you to solve some of these issues I have listed the 4 characteristics to help you understand and methods to secure the Avaya VoIP Environment:
- ASM
- Thread Modeling
- Kernel Architecture
- Patch Management
- Maintain Server Security Compliance
Attack Surface Management – ASM
It refers to the processes and technologies used by a malicious attacker to see how they can infiltrate an SBCE using RW Profiles by looking at the surface, monitoring and discovering how is this device vulnerable to then target the organization. This is true to any other server sitting in the Avaya VoIP Environment.
There are Management systems that helps cataloging the type of attacks. ASM sits in the center of these four Pilars listed below to help maintain your Avaya VoIP Environment and network elements secured.
- Risk Management
- Asset Management and Discovery
- Vulnerability Management
- Compliance
Thread Modeling
is a method of optimizing Software, Systems, network security by locating vulnerabilities, identifying objectives, and developing countermeasures to either prevent or mitigate the effects of cyber-attacks against the system.
In our case we need to know what type of servers we have deployed in the VoIP Environment.
Understand which Services and Applications are running in them. Then you can add those to your Thread Modeling Plan.
As sysadmins we have to work closely with Avaya Support as they develop patches, fixes and update software to help us maintain our systems (SBCE, SMGR, SM, CM, AAMS, AAM, AES, AADS, etc.). optimized with the latest fixes.
Patch Management
Understanding the Avaya Linux Kernel and Software Codes
We as sysadmins cannot modify the Avaya software or applications packaged with the Avaya propitiatory software. But it does help to understand what’s under the hood for your knowledge and to keep the customer’s security team informed and to be added to the Thread Modeling.
For example: Avaya servers run RHEL 7.5 on CM 8.x, for SMGR RHEL 7.6 through 7.9, so on and so forth.
systemd – Linux come with what is call “systemd” which is a suite of software that allow us to extract and run different applications. One of these application is the command called “hostnamectl that outputs the Operating System and its Kernel information running in your server.
Below you can see the “hostnamectl” command from SM running 8.1
To add another level of security to our Avaya VoIP Environment the system Kernel comes with a User Space where the Avaya Applications is located and a Kernel Space where the Hardware and other system applications run.
User Space – Computer Operating System segregates the Virtual Memory into User Space and Kernel Space. This separation provides memory and hardware protection from malicious attacks.
Kernel Space – Reserved to run Device Drivers, System-Kernel and it’s extensions.
In the Reference section below I have listed some of the RHSA notices released by Avaya related to Kernel Space.
That brings us to “Patch Management” where we develop processes and procedures to keep the Avaya VoIP Environment optimized with the latest patches. When scheduling these updates you may want to start from closest point to the customer’s edge network and work you way back in. This includes AVPs, ACP, SBCEs, and Avaya Aura Media Servers. Then move to patch the SMGR, SM, CM and finally the rest of the servers such the Messaging, AES, AADS, WebLM, etc.
Types of Patches – Aside from Kernel there are Hot-Fixes and Security Patches that must be installed to keep your systems under the customer’s security guidelines.
Maintain Server Security Compliance
Based on the type of Server part of your Avaya VoIP Environment there are different types of security measures you can implement. Some of these measures are:
- TLS Certificates
- Link Encryption
- SRTP
- Server Login
TLS Certificate
Sever Certificates – You can implement Server certificates to allow end-to-end encryption between the SIP Trunks and any connections between the Avaya Servers, including any 3rd party server.
User Certificates – For SIP Endpoints it is something that has been part of the implementation process where they need a Signed Certificate to allow connections between the SBCE, AADS and Session Managers and AAMS.
Certificates can also be applied to the H.248 Media Gateways.
Link Encryption – The Avaya Media Gateways can be configured to use “Link Encryption” this allows encryption for registration and communication back to the Core server.
SRTP – The SBCEs can be set to use Secured RTP SRTP over the regular RTP.
Server Login – Having strong login passwords and different login accounts are recommended. Assigning the admin accounts to the corresponding groups to allow them to run/perform maintenance depending on their company’s role.
Reference:
- One is related to the “Kernel Space” found in “RHSA-2018-0292”, where the solution was to patch those system with the required software patch.
- IBM on ASM
- OWASP on Thread Modeling
- MITRE Attack Reference
Please note: I reserve the right to delete comments that are offensive or off-topic.