Security Policy and Posture
This page provides an overview of VoIPmonitor's security posture, development practices, and internal security controls for security departments conducting assessments, audits, or compliance reviews.
Data Protection
Database Encryption
| Data Type | Encryption Status | Notes |
|---|---|---|
| CDRs, call metadata | Not encrypted at rest | Use MySQL/MariaDB TDE or filesystem encryption (LUKS) if required |
| User passwords | SHA-256 hashed | LDAP offloads credential storage externally |
| Data in transit | Optional TLS | See SSL/TLS_connection_to_the_Mysql/MariaDB |
💡 Tip: For environments requiring database encryption at rest, use MySQL/MariaDB Transparent Data Encryption (TDE) or filesystem-level encryption (LUKS, dm-crypt).
Privacy Features
- IP Anonymization - Database-level anonymization via Groups > IPs > Anonymize Rewrite Rules
- Two-Factor Authentication (2FA) - Enhanced account security
- Audit Logging - File-based logging via
AUDIT_LOG_FILEin configuration.php - Regulatory Compliance - SIPREC WORM storage (SEC 17a-4, CFTC 1.31), CALEA export
Authentication
Supported Methods
| Method | Status | Documentation |
|---|---|---|
| Local accounts | Supported | Built-in username/password |
| Two-Factor Authentication | Supported | Settings > System Configuration |
| LDAP (password verification) | Supported | Custom Login - username/password only |
| Google Sign-In (OAuth 2.0) | Supported | Google Sign-In |
| Microsoft Sign-In (Entra ID) | Supported | Microsoft Sign-In |
| REMOTE_USER Authentication | Supported | REMOTE_USER_Authentication |
| Custom login scripts | Supported | Custom Login |
Session Management
- PHP sessions with automatic session ID regeneration on login (prevents session fixation)
- Configurable timeout via
session.gc_maxlifetimein php.ini - Manual session invalidation available for administrators
ℹ️ Note: Automatic session ID regeneration is a built-in security feature requiring no additional configuration.
Network Security
Architecture Overview
Firewall Ports
| Port | Protocol | Service | Security Notes |
|---|---|---|---|
| 80, 443 | TCP | Web GUI | HTTPS strongly recommended |
| 5029 | TCP | Manager API | Restrict to internal IPs only - never expose publicly |
| 60024 | TCP | Sensor-to-server | Encrypted with server_password
|
| 5060 | UDP/TCP | SIP monitoring | Default SIP port |
⚠️ Warning: The Manager API port (5029) should NEVER be exposed to the public internet.
Key Security Features
- TLS/SRTP Decryption - Decrypt encrypted VoIP traffic for monitoring
- Encrypted sensor communication - Secure TCP with
server_password - HTTPS/Basic Auth - Secure web GUI access
Security Assessment Checklist
Configuration Review
- SSL/TLS configuration (certificate validity, cipher suites)
- Database connection encryption (MySQL SSL)
- Firewall rules for all VoIPmonitor ports
- File permissions on
/etc/voipmonitor.conf(should be 600 or 640)
Authentication Review
- Validate 2FA and LDAP configuration
- Review user permissions in GUI (Users & Audit > Users)
- Check IP restrictions (Users > Secure users tab)
Compliance Review
- Privacy features for GDPR/HIPAA requirements
- Audit logging enabled if required (AUDIT_LOG_FILE)
- Data retention policies (
cleandatabasesettings in Data Cleaning)
System Hardening
VoIPmonitor requires only components listed in installation guides. Remove unnecessary services to minimize attack surface.
Services NOT Required
| Service | Risk | Action |
|---|---|---|
| CUPS (printing) | CUPS_Evilsocket and similar vulnerabilities | Remove |
| Desktop environments | Large attack surface | Remove from production |
| FTP servers | Insecure protocol | Remove if unused |
| Development tools | Compiler exploits | Remove from production |
Removing CUPS
# Check if installed
dpkg -l cups 2>/dev/null || rpm -qa cups
# Stop and disable
systemctl stop cups && systemctl disable cups
# Remove (Debian/Ubuntu)
apt remove --purge cups cups-browsed
# Remove (RHEL/CentOS/AlmaLinux)
yum remove cups
⚠️ Warning: Before removing any service, verify it is not required by other applications on the server.
See Also
- Sniffer Configuration - Security-related parameters
- User Management - Permissions and access control
- GUI Configuration - Audit logging setup
AI Summary for RAG
Summary: VoIPmonitor security posture documentation for security assessments and compliance reviews. Database: CDR/metadata stored unencrypted at rest (use MySQL TDE or LUKS if required); passwords SHA-256 hashed. Authentication: local accounts, 2FA, LDAP (password verification only - NOT SSO), Google OAuth, Microsoft Sign-In (in development). NOT supported: Shibboleth, SAML SSO, LDAP SSO, generic OIDC. Sessions: PHP-based with automatic session ID regeneration on login (prevents session fixation). Network: encrypted sensor communication (port 60024 with server_password), Manager API (port 5029 - restrict to internal only), HTTPS for GUI. Compliance: SIPREC WORM storage, CALEA export, IP anonymization, audit logging. System hardening: remove CUPS and other unnecessary services to minimize attack surface.
Keywords: security posture, security assessment, compliance, database encryption, SHA-256, password hashing, authentication, 2FA, LDAP, SSO, Shibboleth, SAML, Google OAuth, Microsoft Sign-In, session management, session fixation, session ID regeneration, firewall ports, Manager API, port 5029, port 60024, SIPREC, CALEA, IP anonymization, audit logging, HIPAA, PCI-DSS, GDPR, system hardening, CUPS, attack surface, TDE, LUKS
Key Questions:
- Is user data encrypted in the VoIPmonitor database?
- How are passwords stored in VoIPmonitor?
- What authentication methods does VoIPmonitor support?
- Does VoIPmonitor support Shibboleth or SAML SSO?
- Does VoIPmonitor support LDAP SSO?
- What network ports does VoIPmonitor use?
- Should the Manager API port (5029) be exposed to the internet?
- How do I secure VoIPmonitor for compliance?
- What security features does VoIPmonitor have for regulatory compliance?
- Is CUPS required for VoIPmonitor?
- Does VoIPmonitor prevent session fixation attacks?