How to – Secure Vicidial, correctly. Part 1

How to – Secure Vicidial, correctly. Part 1

secure vicidial

How to – Secure Vicidial, correctly. Part 1

This article will show you how to secure Vicidial server correctly. This is definitely one of the topics, that I am asked about the most, so with that being said, this will be a multipart series with different “layers” of security from the basic way you need to secure your system in todays remote world, and as advanced as encrypted passwords, recordings, two factor authentication and more.

secure vicidial
Securing Vicidial

The steps I will cover in this article, will be the steps to take once you have finished installing a fresh Vicidial server. It will cover a single server setup, not a cluster which requires some additional steps to be shown later on in this series. This article will also presume you are setting this up for remote access, not just local. Let’s get started.


Secure Vicidial

Step 1 – Setup access through YAST firewall.

At the Linux CLI, type “yast firewall” and the following screen will pop up:

secure vicidial

Go down to “Interfaces” and select your NIC card that has WAN access and change the zone from default to public:

image 12
Change default zone to public

Then TAB over to the public zone and remove all entries but apache2-ssl and ssh, then add viciportal-ssl.

image 13
Public Zone services to allow

Finally, add these services to your “Trusted” zone and TAB over to [Accept] and press enter.

image 14
Trusted Zone services to allow

This completes the first step for securing your Vicidial server’s firewall access.


Step 2 – Granting access for Dynamic portal & IP whitelist access only through the VB-firewall crontab entry

The next thing you need to do is change the crontab entry from blacklist being blocked to whitelist and dynamic access only. To do so, type “crontab -e” at your Linux CLI and you should see the following:

image 15
crontab -e

“Page down” until you see the VB-firewall entries near the bottom and change them as you see below:

image 16
Make the changes you see above and press cntl+X to save and follow the prompts to save it.

Ok, so these steps above will prepare your server for the next steps of this process which I have written in other articles already, but I will link them here for easy navigation.


Step 3 – Enabling IP Whitelist

You can follow my blog post about IP whitelist, here.

image 5

Step 4 – Setting up the dynamic portal

You can follow the article for these instructions, here.

Dynportal
Dynportal

Well, that’s it for part 1, you have now setup your system for secure remote access to your server through IP whitelist & dynamic portal only. As always, feel free to comment below with any questions or issues you have along the way. My team and I are always available to help our Vicidial community secure themselves against the threats todays world comes with such as BazarCall malware, Ryuk and Conti Ransomwares and other cyber threats that directly target the telecommunications industry. Please protect yourself accordingly, if you need help with this, please fill out the form below for a FREE security audit or if you need some technical assistance on your servers.



Well, that’s it from us here at CyburDial for today, but please stay tuned for Part 2 of this series which will cover adding in other servers for a cluster type environment and how to allow access only to certain services on each server that are needed for communication between the cluster such as MySQL.

I hope this helps.

-Nox

One comment

David Blum

You should re-do the PuTTY images – “Use font encoding” on the “Translation” settings page will use the proper line-drawing characters regardless of the font you use for your terminal session (at least in my experience)…thanks!

Leave a Reply