Security for Asterisk

Compare SECast to alternatives

SECAST

»

COMPARISON

 
SecAst
Fail2Ban
Firewall

SIP Connection Monitoring

Credentials valid
Breached credentials
Diffused probes
SIP packet structure

User Behaviour Monitoring

Fraud phone number database verification
Dialing cadence
Simultaneous calls
Heuristic patterns

Network Connection Monitoring

Hacker database IP address verification
SIP data transfer rate
Clustered connection attempts
Geographic location
Port connection rate

Attack Containment

Ban IP on PBX or firewall
Override dialplan permitted patterns
Disconnect individual calls
Lockdown new connections

Attack Response Orchestration

Control internal firewall
Control external firewall
Control external router
Change dialplan
Share attack data with peers
Yes/Excellent
Partial/Fair
No/Poor

Comparison Details

The following boxes provide further evaluation details, and by clicking the down arrow at the bottom of each box you can see how SECast compares.

Regular firewalls are oblivious to the content of VoIP related traffic, and simply forward SIP/RTP/IAX/etc. from the internet to the Asterisk server.  A complete lack of understanding of the packet content results in traditional firewalls being little more than routers.  Fail2ban is actually not a security system, rather it depends completely on Asterisk to report a failed login attempt (and fail2ban then adds the source IP to a local iptables ban list).

SECast is the only product that builds a profile of every user or connected device, and ensures the SIP commands received are safe and appropriate.  Even normal SIP commands issued at unusual frequencies can be indicative of hacking.  SECast is the only product able to detect such patterns, detect valid SIP credentials being misused, etc.

Traditional firewalls do not monitor behavior at the user level, and simply pass VoIP related packets back and forth.  Fail2Ban also has no visibility into the behavior of the user (only errors reported by Asterisk can be acted on by Fail2Ban).

SecAst is the only product that monitors the behavior of each user (and in fact each device) and creates a risk score based on the behavior of the user combined with other factors.  While one action on its own may not be enough to identify a hacking attempt, the combination of actions detected by SecAst allow it to detect and halt hacking before the attacker can do much harm (or generate massive fraud charges on your carrier account).

Fail2Ban has no visibility at the network connection level; it can only respond to error messages from Asterisk.  Traditional firewalls, on the other hand, excel in this area as monitoring UDP and IP level traffic is what they were designed to do.  The only weakness of traditional firewalls is that they are not aware of patterns and sources of VoIP specific hacking.

SecAst combines both high level (user and SIP) with low level (UDP/IP) traffic information to provide unmatched sensitivity to hacking attempts at the network level.  SecAst also uses databases of known hacker IP addresses to block connection attempts before the attacker even has a chance to communicate with the PBX.