15 steps to secure your iPhone / iPad
There has been a lot of controversy in the media regarding the security of Apple iPhone and iPad devices. Whilst both ship with a natively secure operating system, the majority (~60%) of iPhone and iPad users have jail broken their devices which makes them blatantly insecure!
Jailbreaking is a process that allows iPad, iPhone and iPod Touch users to install homebrew applications on their devices by unlocking the operating system and allowing the user root access. Once jailbroken, iDevice users are able to download many extensions and themes previously unavailable through the App Store via unofficial installers such as Cydia. A jailbroken iPad, iPhone or iPod Touch is still able to use the App Store and iTunes.
Jailbreaking is different from SIM unlocking, which, once completed, means that the mobile phone will accept any SIM without restriction on, for example, the country or network operator of origin. Jailbreaking, according to Apple, can void Apple's warranty on the device,[1] although this is quickly remedied by restoring the device in iTunes.
This article will address some of the security issues with jailbroken iPhone and iPad devices and how you can secure your unit.
1. SSH Passwords
By default, jailbroken devices are vulnerable to being hacked into using SSH. If you have jailbroken your device and installed Cydia it is vital that you change your phones mobile and root account passwords. The default password is 'alpine' which means that if you connect to a wireless access point using your device, rogue individuals can gain unauthorized access to your device.
How to check a CentOS ISO checksum
When you download a CentOS DVD ISO file (for example: http://iso.linuxquestions.org/download/1274/2996/ftp/mirror.its.uidaho.edu/CentOS-5.5-i386-bin-DVD.iso), it can be helpful to check the files checksum against the download list to confirm the integrity of the file.
This check is important both for security (so that your receiving a unmodified CentOS installer) and to make sure the ISO has not been corrupted during the download.
To check a CentOS DVD checksum:
1. Download the CentOS md5sum.exe tool from: http://mirror.centos.org/centos/dostools/md5sum.exe
2. Save the file to the root of your C:\ drive or to your c:\Windows\system32 directory.
3. Check the CentOS download page here and note the valid checksum, for example: 48c158fb9446148432a07634b2688915a279580
4. Download your CentOS ISO file.
5. Once the download completes check the MD5 sum:
c:\md5sum.exe CentOS-5.5-i386-bin-DVD.iso
And confirm that the sum on your machine matches the sum listed on the download page.
Linux ‘Give root password for maintenance’ Lost Password
In the event your Linux box experiences disk or file system issues you may receive a "Give root password for maintenance" prompt upon reboot. If you have your root password you can login but in the event your using 'slide' or 'sudo' for wheel access or you've just mis-placed your root password - you'll need to reset it.
To reset your root password:
1. When the GRUB loader shows during boot press the spare bar to pause boot.
2. Select your boot kernel.
3. Type 'e' to edit the default kernel line.
4. Type 'e' again on the line that starts with 'kernel'.
5. Add 'init=/bin/bash' to the end of the 'kernel' line then press enter.
6. Type 'b' to boot the modified kernel parameters.
Protect your Asterisk server with Fail2Ban
As Internet accessible corporate Voice over IP servers continue to grow in number, so does the risk of rogue individuals gaining access to SIP extensions due to weak or poorly managed Asterisk passwords.
You can protect your Asterisk server using Fail2Ban. Fail2ban scans log files like /var/log/asterisk/full or /var/log/secure and bans IP addresses with to any password failures. It then updates firewall rules to reject the IP address permenantly or for a administrator defined period of time.
This article does NOT negate the need to set strong SIP extension passwords or change system default passwords, this is purely aimed at countering the most common way to hack SIP servers: Brute-forcing SIP passwords.
To install Fail2Ban for Asterisk -
SSH to your VoIP server and login as root , then type the following commands:
yum -y install jwhois
cd /usr/src/
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2/download
tar -jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
cd /etc/fail2ban/filter.d
touch asterisk.conf
Copy these the following into a new configuration file: /etc/fail2ban/filter.d/asterisk.conf:
Install Fail2Ban on CentOS 5.5
The installation process for Fail2Ban (a brute force protection application) on CentOS 5.5. is as follows -
Login to your server as root, then:
wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact
tar -xf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on
Once the installation is complete open the jail.conf configuration:
nano -w /etc/fail2ban/jail.conf