Difference between revisions of "Log Watch and Ban"

From IPitomy Wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
=== <br/> ===
+
==<span class="mw-headline" id="Log_Watch.2FBan_Service">Log Watch + Ban Service </span>==
  
==== <span class="mw-headline" id="Log_Watch.2FBan_Service">Log Watch/Ban Service </span><br/> ====
+
This feature allows the PBX to monitor the SIP registration traffic and ban any IP address that makes 5 failed registration attempts. The IP address will be banned for either 3 days or until the service is restarted. Configuration settings allow you to ignore (not monitor) IP addresses attempting registration, as well as allowing you to manually add addresses you want the system to ignore. If you set up an Admin Email Address under PBX Setup>General and have Unified Messaging configured, the PBX will send you an email any time an IP address is banned via this feature. Follow this link to see what a [http://wiki.ipitomy.com/wiki/Ban_Email Ban Email] will look like.
  
This feature allows the PBX to monitor the SIP registration traffic and ban any IP address that makes 3 failed registration attempts. The IP address will be banned for either 3 days or until the service is restarted. Configuration settings allow you to ignore (not monitor) IP addresses that are communicating from the LocalNet, as well as allowing you to manually add addresses you want the system to ignore. If you set up an Admin Email Address under PBX Setup=>General and have Unified Messaging configured, the PBX will send you an email any time an IP address is banned via this feature. Follow this link to see what a [http://wiki.ipitomy.com/wiki/Ban_Email Ban Email] will look like.
+
'''TLDR: Log Watch+Ban protects the PBX from hacking attempts by restricting access from outside IP addresses.'''
<br/><div class="center"><div class="floatnone"></div></div>
 
==== &nbsp;<span class="mw-headline" id="Enable_Log_Watch.2FBan_Service">Enable Log Watch/Ban Service </span><br/> ====
 
  
'''STEPS:'''
 
  
#From the '''PBX Setup'''->'''General System Setup '''page, locate the '''Security Settings '''section.
+
'''PRO Tip: If you are troubleshooting a single remote phone that has gone offline, this feature could be the reason. Confirm the user's IP address and make sure it's in the ignore list.'''
#'''Enable''' the '''Log Watch Ban Service '''by setting the parameter to “'''Yes'''” on the drop-down list.
+
 
#Click the button to save the changes.
+
==<span class="mw-headline" id="Enable_Log_Watch.2FBan_Service">Enable Log Watch + Ban Service </span>==
 +
 
 +
=== '''Steps:''' ===
 +
[[File:PBXSetupGeneral.png|frameless|187x187px]]
 +
 
 +
#From the '''PBX Setup'''->'''General '''page, locate the '''Security Settings '''[[File:SecuritySettings.png|frameless|634x634px]]                                                                                                                                                  <small><sub>(use the '''Ctrl+F''' feature in your browser to search for the word "'''''security'''''" if you are having trouble scrolling to it).</sub></small>
 +
#'''Enable''' the '''Log Watch Ban Service '''by setting the parameter to “'''Yes'''” on the drop-down list. [[File:LWnB.Enable1.png|frameless|596x596px]]
 +
#Click the "'''Save Changes'''" button at the bottom of the page to save the changes. Be sure to also click "Apply Changes" at the top right to put the changes into effect.
  
 
Once you have enabled the Log Watch/Ban Services, you will be able to configure the parameters for the security settings.
 
Once you have enabled the Log Watch/Ban Services, you will be able to configure the parameters for the security settings.
<div class="center"><div class="floatnone"></div></div>
 
The following table describes the parameters and descriptions (recommended settings) for the Log Watch and Ban feature.
 
  
 +
== Settings ==
 +
The following screenshot and table describes the settings for the Log Watch and Ban feature.
  
 +
[[File:LWnB settings.png|frameless|722x722px]]
  
 
{| style="border-spacing:0"
 
{| style="border-spacing:0"
 
|-
 
|-
| style="background-color:#b8cce4;  border-top:0.0069in solid #0000ff;  border-bottom:0.0069in solid #0000ff;  border-left:0.0069in solid #0000ff;  border-right:none;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | <center>'''Sections/Fields'''</center>
+
| style="background-color:#b8cce4;  border-top:0.0069in solid #0000ff;  border-bottom:0.0069in solid #0000ff;  border-left:0.0069in solid #0000ff;  border-right:none;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" |<center>'''Sections/Fields'''</center>
| style="background-color:#b8cce4;  border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | <center>'''Description'''</center>
+
! style="background-color:#b8cce4;  border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" |<center>'''Description'''</center>
 
|-
 
|-
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''Service is currently Running '''<br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''Service is currently Running '''<br />
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | This indicates the status of the service, either '''Running''' or '''Not Running'''.
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | This indicates the status of the service, either '''Running''' or '''Not Running'''.
 
|-
 
|-
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''Reload Button'''<br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''Reload Button'''<br />
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Restarts the Ban service, clearing any existing banned IP addresses.
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Restarts the Ban service, clearing any existing banned IP addresses.
 
|-
 
|-
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''&nbsp;Enable Log Watch & Ban Service '''<br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''&nbsp;Enable Log Watch & Ban Service '''<br />
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Set to Yes and the PBX will monitor failed SIP registration attempts. 5 failed attempts and the IP is blocked for:
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Set to Yes and the PBX will monitor failed SIP registration attempts. 5 failed attempts and the IP is blocked for:
*3days
+
*3 days
*Until system reboot
+
*or Until system reboot
*Until Reload button is clicked
+
*or Until the r'''eload''' button is clicked
 
 
 
 
  
 
|-
 
|-
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''&nbsp;Ignore IPs in SIP LocalNets '''<br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''&nbsp;Ignore IPs in SIP LocalNets '''<br />
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Set to '''Yes''' and the PBX will ignore failed SIP registration attempts from IPs from the LocalNets configured in the system. When set to '''No''', IP addresses from the LocalNets are ignored for failed attempts.
+
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | If set to Yes, this service will not ban IP addresses which have been specified in '''[[IP PBX Manual PBXSetup SIP|PBXSetup>SIP]]'''. When set to '''No''', all IP addresses will be banned after three failed attempts to register unless they are entered into the "''Ignoring Addresses''" list below.
 
|-
 
|-
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''Ignoring Addresses'''<br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''Ignoring Addresses'''<br />
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Lists the addresses that were manually entered to be ignored in regards to failed SIP registration attempts
+
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Lists the addresses that were manually entered to be ignored in regards to failed SIP registration attempts.
|-
 
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solid;  border-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" | '''&nbsp;Add Entry'''<br/>
 
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Enter the IP addresses you wish to be ignored by the PBX in regards to failed SIP registration attempts.
 
|}
 
 
 
==== &nbsp;<span class="mw-headline" id="Configure_Log_Watch.2FBan_Service">Configure Log Watch/Ban Service </span><br/> ====
 
 
 
'''STEPS:'''
 
 
 
#Navigate to PBX Setup=>General.
 
#Scroll down to the '''Security Settings '''panel, set the parameters based on your general business requirements.
 
#Click the button to save the changes.
 
#Navigate to the '''PBX Setup'''=>'''General''' page. Locate the '''Admin Settings''' section (located at the top of the page).
 
#Enter an IP address for '''Admin Email Address''' field. Depending on whether you have Unified Messaging configured, the PBX will send an email to this address any time that it bans an IP address. See the Unified Messaging section of this guide for details on how to configure this parameter.
 
#Click the '''Apply Changes''' link located at the top right hand corner of the page, to commit the changes to the database.
 
 
 
 
 
 
 
{| style="border-spacing:0"
 
 
|-
 
|-
| style="border-top:0.0069in solid #000000;  border-bottom:0.0069in solid #000000;  border-left:0.0069in solid #000000;  border-right:none;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | <br/>
+
| style="border-width: 0.0069in medium 0.0069in 0.0069in;  border-style: solid none solid solidborder-color: rgb(0, 0, 255) -moz-use-text-color rgb(0, 0, 255) rgb(0, 0, 255);  padding: 0in 0.075in;  text-align: center" |'''&nbsp;Add Entry'''<br />
| style="border-top:0.0069in solid #000000;  border-bottom:0.0069in solid #000000;  border-left:none;  border-right:0.0069in solid #000000;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | <br/>
+
| style="border:0.0069in solid #0000ff;  padding-top:0in;  padding-bottom:0in;  padding-left:0.075in;  padding-right:0.075in" | Enter the IP addresses you wish to be ignored by the PBX in regards to failed SIP registration attempts. The IP address field will accept many different formats of IP address (e.g. - 10.0.0.1/24 is accepted as well as 192.168.1.1).
 
|}
 
|}
 +
'''''Be sure to Use the "Save Changes" button at the bottom of the page and the "Apply Changes" button at the top right to commit any of these settings changes to the database'''''
  
==== <span class="mw-headline" id="Disable_Log_Set_Security_Setting">Disable Log Set Security Setting </span><br/> ====
+
== <span class="mw-headline" id="Disable_Log_Set_Security_Setting">Disable Log Watch + Ban Service </span> ==
  
'''STEPS:'''
+
=== '''Steps:''' ===
 +
[[File:PBXSetupGeneral.png|frameless|187x187px]]
  
#From the '''PBX Setup=>General System Setup '''page, locate the '''Security Settings '''panel.
+
#From the '''PBX Setup'''->'''General '''page, locate the '''Security Settings '''[[File:SecuritySettings.png|frameless|634x634px]]                                                                                                                                                <sub><small>(use the '''Ctrl+F''' feature in your browser to search for the word "'''''security'''''" if you are having trouble scrolling to it).</small></sub>
#Disable the security setting by selecting “No” from the drop-down list for the '''Log Watch Ban Service.'''
+
#'''Disable''' the '''Log Watch Ban Service '''by setting the parameter to “'''No'''” on the drop-down list. [[File:Disable LWnB.png|frameless|632x632px]]
#Click the button to save the changes.
+
#Click the "'''Save Changes'''" button at the bottom of the page to save the changes. Be sure to also click "Apply Changes" at the top right to put the changes into effect.
#Click the '''Apply Changes''' link located at the top right hand corner of the page, to commit the changes to the database.
 
  
It should be noted that the Log Watch is not intended to be the only line of defense for security. It is best practice that if you are being attacked by a intruder, that you permanently ban at the router/firewall level. This keeps the offending traffic off your LAN.
+
It should be noted that the Log Watch is not intended to be the only line of defense for security. It is best practice, if you are being attacked by an intruder, to permanently ban the offending IP address at the router/firewall level. This keeps the problem traffic off your LAN.

Latest revision as of 15:33, 18 March 2024

Log Watch + Ban Service

This feature allows the PBX to monitor the SIP registration traffic and ban any IP address that makes 5 failed registration attempts. The IP address will be banned for either 3 days or until the service is restarted. Configuration settings allow you to ignore (not monitor) IP addresses attempting registration, as well as allowing you to manually add addresses you want the system to ignore. If you set up an Admin Email Address under PBX Setup>General and have Unified Messaging configured, the PBX will send you an email any time an IP address is banned via this feature. Follow this link to see what a Ban Email will look like.

TLDR: Log Watch+Ban protects the PBX from hacking attempts by restricting access from outside IP addresses.


PRO Tip: If you are troubleshooting a single remote phone that has gone offline, this feature could be the reason. Confirm the user's IP address and make sure it's in the ignore list.

Enable Log Watch + Ban Service

Steps:

PBXSetupGeneral.png

  1. From the PBX Setup->General page, locate the Security Settings SecuritySettings.png (use the Ctrl+F feature in your browser to search for the word "security" if you are having trouble scrolling to it).
  2. Enable the Log Watch Ban Service by setting the parameter to “Yes” on the drop-down list. LWnB.Enable1.png
  3. Click the "Save Changes" button at the bottom of the page to save the changes. Be sure to also click "Apply Changes" at the top right to put the changes into effect.

Once you have enabled the Log Watch/Ban Services, you will be able to configure the parameters for the security settings.

Settings

The following screenshot and table describes the settings for the Log Watch and Ban feature.

LWnB settings.png

Sections/Fields
Description
Service is currently Running
This indicates the status of the service, either Running or Not Running.
Reload Button
Restarts the Ban service, clearing any existing banned IP addresses.
 Enable Log Watch & Ban Service
Set to Yes and the PBX will monitor failed SIP registration attempts. 5 failed attempts and the IP is blocked for:
  • 3 days
  • or Until system reboot
  • or Until the reload button is clicked
 Ignore IPs in SIP LocalNets
If set to Yes, this service will not ban IP addresses which have been specified in PBXSetup>SIP. When set to No, all IP addresses will be banned after three failed attempts to register unless they are entered into the "Ignoring Addresses" list below.
Ignoring Addresses
Lists the addresses that were manually entered to be ignored in regards to failed SIP registration attempts.
 Add Entry
Enter the IP addresses you wish to be ignored by the PBX in regards to failed SIP registration attempts. The IP address field will accept many different formats of IP address (e.g. - 10.0.0.1/24 is accepted as well as 192.168.1.1).

Be sure to Use the "Save Changes" button at the bottom of the page and the "Apply Changes" button at the top right to commit any of these settings changes to the database

Disable Log Watch + Ban Service

Steps:

PBXSetupGeneral.png

  1. From the PBX Setup->General page, locate the Security Settings SecuritySettings.png (use the Ctrl+F feature in your browser to search for the word "security" if you are having trouble scrolling to it).
  2. Disable the Log Watch Ban Service by setting the parameter to “No” on the drop-down list. Disable LWnB.png
  3. Click the "Save Changes" button at the bottom of the page to save the changes. Be sure to also click "Apply Changes" at the top right to put the changes into effect.

It should be noted that the Log Watch is not intended to be the only line of defense for security. It is best practice, if you are being attacked by an intruder, to permanently ban the offending IP address at the router/firewall level. This keeps the problem traffic off your LAN.