Security Policy and Posture: Difference between revisions
(Rewrite: konsolidace, lepší tabulky, jednodušší struktura) |
|||
| Line 44: | Line 44: | ||
| Google Sign-In (OAuth 2.0) || Supported || [[Google_Sign_in_usage|Google Sign-In]] | | Google Sign-In (OAuth 2.0) || Supported || [[Google_Sign_in_usage|Google Sign-In]] | ||
|- | |- | ||
| Microsoft Sign-In (Entra ID) || | | Microsoft Sign-In (Entra ID) || Supported || [[Microsoft_Sign_in_usage|Microsoft Sign-In]] | ||
|- | |||
| REMOTE_USER Authentication || Supported || [[REMOTE_USER_Authentication]] | |||
|- | |- | ||
| Custom login scripts || Supported || [[WEB_API#Custom_Login|Custom Login]] | | Custom login scripts || Supported || [[WEB_API#Custom_Login|Custom Login]] | ||
Revision as of 17:15, 8 January 2026
This page provides an overview of VoIPmonitor's security posture, development practices, and internal security controls for security departments conducting assessments, audits, or compliance reviews.
Data Protection
Database Encryption
| Data Type | Encryption Status | Notes |
|---|---|---|
| CDRs, call metadata | Not encrypted at rest | Use MySQL/MariaDB TDE or filesystem encryption (LUKS) if required |
| User passwords | SHA-256 hashed | LDAP offloads credential storage externally |
| Data in transit | Optional TLS | See SSL/TLS_connection_to_the_Mysql/MariaDB |
💡 Tip: For environments requiring database encryption at rest, use MySQL/MariaDB Transparent Data Encryption (TDE) or filesystem-level encryption (LUKS, dm-crypt).
Privacy Features
- IP Anonymization - Database-level anonymization via Groups > IPs > Anonymize Rewrite Rules
- Two-Factor Authentication (2FA) - Enhanced account security
- Audit Logging - File-based logging via
AUDIT_LOG_FILEin configuration.php - Regulatory Compliance - SIPREC WORM storage (SEC 17a-4, CFTC 1.31), CALEA export
Authentication
Supported Methods
| Method | Status | Documentation |
|---|---|---|
| Local accounts | Supported | Built-in username/password |
| Two-Factor Authentication | Supported | Settings > System Configuration |
| LDAP (password verification) | Supported | Custom Login - username/password only |
| Google Sign-In (OAuth 2.0) | Supported | Google Sign-In |
| Microsoft Sign-In (Entra ID) | Supported | Microsoft Sign-In |
| REMOTE_USER Authentication | Supported | REMOTE_USER_Authentication |
| Custom login scripts | Supported | Custom Login |
NOT Supported
- Shibboleth SSO - Not supported
- SAML SSO (JumpCloud, Okta, OneLogin) - Not supported
- LDAP SSO (click-through without credentials) - Only password verification supported
- Generic OIDC providers (other than Google/Microsoft)
Session Management
- PHP sessions with automatic session ID regeneration on login (prevents session fixation)
- Configurable timeout via
session.gc_maxlifetimein php.ini - Manual session invalidation available for administrators
ℹ️ Note: Automatic session ID regeneration is a built-in security feature requiring no additional configuration.
Network Security
Architecture Overview
Firewall Ports
| Port | Protocol | Service | Security Notes |
|---|---|---|---|
| 80, 443 | TCP | Web GUI | HTTPS strongly recommended |
| 5029 | TCP | Manager API | Restrict to internal IPs only - never expose publicly |
| 60024 | TCP | Sensor-to-server | Encrypted with server_password
|
| 5060 | UDP/TCP | SIP monitoring | Default SIP port |
⚠️ Warning: The Manager API port (5029) should NEVER be exposed to the public internet.
Key Security Features
- TLS/SRTP Decryption - Decrypt encrypted VoIP traffic for monitoring
- Encrypted sensor communication - Secure TCP with
server_password - HTTPS/Basic Auth - Secure web GUI access
Security Assessment Checklist
Configuration Review
- SSL/TLS configuration (certificate validity, cipher suites)
- Database connection encryption (MySQL SSL)
- Firewall rules for all VoIPmonitor ports
- File permissions on
/etc/voipmonitor.conf(should be 600 or 640)
Authentication Review
- Validate 2FA and LDAP configuration
- Review user permissions in GUI (Users & Audit > Users)
- Check IP restrictions (Users > Secure users tab)
Compliance Review
- Privacy features for GDPR/HIPAA requirements
- Audit logging enabled if required (AUDIT_LOG_FILE)
- Data retention policies (
cleandatabasesettings in Data Cleaning)
System Hardening
VoIPmonitor requires only components listed in installation guides. Remove unnecessary services to minimize attack surface.
Services NOT Required
| Service | Risk | Action |
|---|---|---|
| CUPS (printing) | CUPS_Evilsocket and similar vulnerabilities | Remove |
| Desktop environments | Large attack surface | Remove from production |
| FTP servers | Insecure protocol | Remove if unused |
| Development tools | Compiler exploits | Remove from production |
Removing CUPS
# Check if installed
dpkg -l cups 2>/dev/null || rpm -qa cups
# Stop and disable
systemctl stop cups && systemctl disable cups
# Remove (Debian/Ubuntu)
apt remove --purge cups cups-browsed
# Remove (RHEL/CentOS/AlmaLinux)
yum remove cups
⚠️ Warning: Before removing any service, verify it is not required by other applications on the server.
See Also
- Sniffer Configuration - Security-related parameters
- User Management - Permissions and access control
- GUI Configuration - Audit logging setup
AI Summary for RAG
Summary: VoIPmonitor security posture documentation for security assessments and compliance reviews. Database: CDR/metadata stored unencrypted at rest (use MySQL TDE or LUKS if required); passwords SHA-256 hashed. Authentication: local accounts, 2FA, LDAP (password verification only - NOT SSO), Google OAuth, Microsoft Sign-In (in development). NOT supported: Shibboleth, SAML SSO, LDAP SSO, generic OIDC. Sessions: PHP-based with automatic session ID regeneration on login (prevents session fixation). Network: encrypted sensor communication (port 60024 with server_password), Manager API (port 5029 - restrict to internal only), HTTPS for GUI. Compliance: SIPREC WORM storage, CALEA export, IP anonymization, audit logging. System hardening: remove CUPS and other unnecessary services to minimize attack surface.
Keywords: security posture, security assessment, compliance, database encryption, SHA-256, password hashing, authentication, 2FA, LDAP, SSO, Shibboleth, SAML, Google OAuth, Microsoft Sign-In, session management, session fixation, session ID regeneration, firewall ports, Manager API, port 5029, port 60024, SIPREC, CALEA, IP anonymization, audit logging, HIPAA, PCI-DSS, GDPR, system hardening, CUPS, attack surface, TDE, LUKS
Key Questions:
- Is user data encrypted in the VoIPmonitor database?
- How are passwords stored in VoIPmonitor?
- What authentication methods does VoIPmonitor support?
- Does VoIPmonitor support Shibboleth or SAML SSO?
- Does VoIPmonitor support LDAP SSO?
- What network ports does VoIPmonitor use?
- Should the Manager API port (5029) be exposed to the internet?
- How do I secure VoIPmonitor for compliance?
- What security features does VoIPmonitor have for regulatory compliance?
- Is CUPS required for VoIPmonitor?
- Does VoIPmonitor prevent session fixation attacks?