News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Security - Port used for Obi to Obi calls

Started by Techguy007, February 16, 2015, 02:41:45 AM

Previous topic - Next topic

Techguy007

I have few questions to anyone who has looked into the following:

Security – What prevents an unknown person from calling my Obi number and making outgoing calls using it? I realize they have to know my Obi number. What if ObiTalk is hacked and hackers steal all the numbers. Worst things have happened. Is there a way to secure it?

Port used for Obi-to-obi calls – What port is used when making Obi-to-Obi calls? I know when I setup a SIP connection it uses SIP Port 5060 or something in in that range. I was wondering if anyone knew what ports are used by Obi-to-Obi calls.

Thank you to anyone taking the time to share their thoughts.

202Owner

How to secure OBiTALK:

Auto Provisioning - Auto Firmware Update::Method = Disabled
Auto Provisioning - ITSP Provisioning::Method = Disabled
Auto Provisioning - OBiTalk Provisioning::Method = Disabled
OBiTALK Service - OBiTALK Service Settings::Enable = NOT checked

And don't login to OBiTALK.com... it is not always secured with https.

azrobert

#2
You can check which OBi is trying to make the call. If you want additional security, the sending OBi can automatically prefix the dialed number with a PIN and the receiving OBi check and remove it.

OBiTalk InboundCallRoute:
{510111111|610222222>(<PIN:>(Msp1)):sp1}

Only OBi numbers 510111111 and 610222222 can make a call with numbers with "PIN" prefix.

The default port number is 10000
There is an option TryMultiplePorts.
I don't know how this works.

Edit:
The above assumes you want to make OBi to OBi calls.
The default config will only allow others to ring the phone port, not make calls.

Techguy007

Thank you both for your replies. Azrobert thank you for the port information. I was looking for this all over so this was very helpful. I have to try what you mentioned. I was able to make a direct call to a Obi 100 from a Obi 200 that I own and then make outgoing calls.

For an example I can do **9######### to connect to my other Obi from there I can select option "2". At this point if I press any of my speed dial numbers ( say 9#) programmed to the destination obi it would call out. My concerns is if I can do this can anyone else do the same thing?

I verified by going to the call history- I can see the the destination Obi made the outgoing call

azrobert

Quote from: Techguy007 on February 21, 2015, 03:26:01 AM
My concerns is if I can do this can anyone else do the same thing?

You had to add the calling OBi to the Circle of Trust for this function to work. Only OBi numbers in your Circle of Trust will be routed to the Auto Attendant. For additional security you can add a PIN to the AA. You can specify up to 4 PINs on the AA.

Voice Services -> Auto Attendant -> UsePIN: Checked
Then add a PIN number to PIN1

Even without a PIN, someone would have to hack into your account, look at your configuration to discover your OBi numbers then call your OBi with a spoofed OBi number. If someone had the knowledge to do this, I don't think they would be stealing minutes. They would be doing something much more nefarious. 


Techguy007

Azrobert - thank you! you have provided a wealth of information. May I ask you another question related to the same topic. I configured my Google Voice via obitalk (not the manual method). After that I followed the steps you have mentioned above to secure the box and disabled auto provisioning and changed admin and user passwords. After taking these steps I configured a another DID number using a SIP service provider. Here is the question:

How is it that when I go into Obi dashboard and click on the "Advanced configuration" that I can see the newly configured SIP service, how did Obitalk obtain that information after I secured the box?

azrobert

I did not recommend those settings. 202Owner did.

Quote from: 202Owner on February 16, 2015, 05:25:14 AM
How to secure OBiTALK:

Auto Provisioning - Auto Firmware Update::Method = Disabled
Auto Provisioning - ITSP Provisioning::Method = Disabled
Auto Provisioning - OBiTalk Provisioning::Method = Disabled
OBiTALK Service - OBiTALK Service Settings::Enable = NOT checked

And don't login to OBiTALK.com... it is not always secured with https.

Don't know. Re-check the setting and see if they are configured correctly.