Network Security Hack - Protect your network with Linux's powerful firewalling features

Linux has long had the capability for filtering packets, and it has come a long way since the early days in terms of both power and flexibility. The first generation of packet-filtering code was called ipfw (for "IP firewall") and provided basic filtering capability. Since it was somewhat inflexible and inefficient for complex configurations, ipfw is rarely used now. The second generation of IP filtering was called IP chains. It improved greatly on ipfw and is still in common use. The latest generation of filtering is called Netfilter and is manipulated with the iptables command. It is used exclusively with the 2.4.x and later series of kernels. Although Netfilter is the kernel component and iptables is the user-space configuration tool, these terms are often used interchangeably.

An important concept in Netfilter is the chain , which consists of a list of rules that are applied to packets as they enter, leave, or traverse through the system. The kernel defines three chains by default, but new chains of rules can be specified and linked to the predefined chains. The INPUT chain applies to packets that are received and are destined for the local system, and the OUTPUT chain applies to packets that are transmitted by the local system. Finally, the FORWARD chain applies whenever a packet will be routed from one network interface to another through the system. It is used whenever the system is acting as a packet router or gateway, and applies to packets that are neither originating from nor destined for this system.

The iptables command is used to make changes to the Netfilter chains and rulesets. You can create new chains, delete chains, list the rules in a chain, flush chains (that is, remove all rules from a chain), and set the default action for a chain. iptables also allows you to insert, append, delete, and replace rules in a chain.

Before we get started with some example rules, it's important to set a default behavior for all the chains. To do this we'll use the -P command-line switch, which stands for "policy":

# iptables -P INPUT DROP

# iptables -P FORWARD DROP

This will ensure that only those packets covered by subsequent rules that we specify will make it past our firewall. After all, with the relatively small number of services that will be provided by the network, it is far easier to explicitly specify all the types of traffic that we want to allow, rather than all the traffic that we don't. Note that a default policy was not specified for the OUTPUT chain; this is because we want to allow traffic to proceed out of the firewall itself in a normal manner.

With the default policy set to DROP, we'll specify what is actually allowed. Here's where we'll need to figure out what services will have to be accessible to the outside world. For the rest of these examples, we'll assume that eth0 is the external interface on our firewall and that eth1 is the internal one. Our network will contain a web server (192.168.1.20), a mail server (192.168.1.21), and a DNS server (192.168.1.18)—a fairly minimal setup for a self-managed Internet presence.

However, before we begin specifying rules, we should remove filtering from our loopback interface:

# iptables -P INPUT -i lo -j ACCEPT

# iptables -P OUTPUT -o lo -j ACCEPT

Now let's construct some rules to allow this traffic through. First, we'll make a rule to allow traffic on TCP port 80—the standard port for web servers—to pass to the web server unfettered by our firewall:

# iptables -A FORWARD -m state --state NEW -p tcp \

 -d 192.168.1.20 --dport 80 -j ACCEPT

And now for the mail server, which uses TCP port 25 for SMTP:

# iptables -A FORWARD -m state --state NEW -p tcp \

 -d 192.168.1.21 --dport 25 -j ACCEPT

Additionally, we might want to allow remote POP3, IMAP, and IMAP+SSL access as well:

POP3

# iptables -A FORWARD -m state --state NEW -p tcp \

 -d 192.168.1.21 --dport 110 -j ACCEPT

IMAP

# iptables -A FORWARD -m state --state NEW -p tcp \

 -d 192.168.1.21 --dport 143 -j ACCEPT

IMAP+SSL

# iptables -A FORWARD -m state --state NEW -p tcp \

 -d 192.168.1.21 --dport 993 -j ACCEPT

Unlike the other services, DNS can use both TCP and UDP port 53:

# iptables -A FORWARD -m state --state NEW -p tcp \

-d 192.168.1.21 --dport 53 -j ACCEPT

Since we're using a default deny policy, it makes it slightly more difficult to use UDP for DNS. This is because our policy relies on the use of state tracking rules, and since UDP is a stateless protocol, there is no way to track it. In this case, we can configure our DNS server either to use only TCP, or to use a UDP source port of 53 for any response that it sends back to clients that were using UDP to query the nameserver.

If the DNS server is configured to respond to clients using UDP port 53, we can allow this traffic through with the following two rules:

# iptables -A FORWARD -p udp -d 192.168.1.18 --dport 53 -j ACCEPT

# iptables -A FORWARD -p udp -s 192.168.1.18 --sport 53 -j ACCEPT

The first rule allows traffic into our network destined for the DNS server, and the second rule allows responses from the DNS server to leave the network.

You may be wondering what the -m state and --state arguments are about. These two options allow us to use Netfilter's stateful packet-inspection engine. Using these options tells Netfilter that we want to allow only new connections to the destination IP and port pairs that we have specified. When these rules are in place, the triggering packet is accepted and its information is entered into a state table.

Now we can specify that we want to allow any outbound traffic that is associated with these connections by adding a rule like this:

# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

The only thing left now is to allow traffic from machines behind the firewall to reach the outside world. To do this, we'll use a rule like the following:

# iptables -A FORWARD -m state --state NEW -i eth1 -j ACCEPT

This rule enters any outbound connections from the internal network into the state table. It works by matching packets coming into the internal interface of our firewall that are creating new connections. If we were setting up a firewall that had multiple internal interfaces, we could have used a Boolean NOT operator on the external interface (e.g., -i ! eth0). Now any traffic that comes into the firewall through the external interface that corresponds to an outbound connection will be accepted by the preceding rule, because this rule will have put the corresponding connection into the state table.

In these examples, the order in which the rules were entered does not really matter. Since we're operating with a default DENY policy, all our rules have an ACCEPT target. However, if we had specified targets of DROP or REJECT as arguments to the -j option, then we would have to take a little extra care to ensure that the order of those rules would result in the desired effect. Remember that the first rule that matches a packet is always triggered as the rule chains are traversed, so rule order can sometimes be critically important.

It should also be noted that rule order can have a performance impact in some circumstances. For example, the rule shown earlier that matches ESTABLISHED and RELATED states should be specified before any of the other rules, since that particular rule will be matched far more often than any of the rules that will match only on new connections. By putting that rule first, it will prevent any packets that are already associated with a connection from having to traverse the rest of the rule chain before finding a match.

To complete our firewall configuration, we'll want to enable packet forwarding. Run this command:

# echo 1 > /proc/sys/net/ipv4/ip_forward

This tells the kernel to forward packets between interfaces whenever appropriate. To have this done automatically at boot time, add the following line to /etc/sysctl.conf:

net.ipv4.ip_forward=1

If your system doesn't support /etc/sysctl.conf, you can put the preceding echo command in one of your startup rc scripts, such as /etc/rc.local. Another useful kernel parameter is rp_filter, which helps prevent IP spoofing. This enables source address verification by checking that the IP address for any given packet has arrived on the expected network interface. 

This can be enabled by running the following command:

# echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter

Much like how we enabled IP forwarding, we can also enable source address verification by editing /etc/sysctl.conf on systems that support it, or else put the changes in your rc.local. To enable rp_filter in your sysctl.conf, add the following line:

net.ipv4.conf.all.rp_filter=1

To save all of our rules, we can either write all of our rules to a shell script or use our Linux distribution's particular way of saving them. 

We can do this in Red Hat by running the following command:

# /sbin/service iptables save

This will save all currently active filter rules to /etc/sysconfig/iptables. To achieve the same effect under Debian, edit /etc/default/iptables and set enable_iptables_initd=true.

After doing this, run the following command:

# /etc/init.d/iptables save_active

When the machine reboots, your iptables configuration will be automatically restored.

Happy Hacking!!

Know More On Call Center Vendor Resources - Product and Service Offerings

The following is a guide to a number of selected vendors of call center products and services. The list provides vendor name, Website or telephone number, and a brief description of the products or services offered. It is not a complete or definitive list of vendors, but it does represent an extensive cross section of proven vendor products and services. The list was current at time of publication; however, the nature of the call center environment is dynamic and changes rapidly. There will always be new vendors in the market.

The products and services provided by these vendor organizations include call center communications systems, CTI, ACD products, outsourcing services, as well as workforce measurements systems, consulting services, and a variety of PBX systems designed for call center operations.

Accelerated Payment Systems www.ncms.com Automated check-debiting system for call center transaction processing

ACI Telecentrics (612)928-4700 Call center outsourcing for telephone-based sales and marketing services, primarily to publishing, financial, insurance and telecommunications service industries

Active Voice www.activevoice.com Repartee voice processing and unified messaging applications

Aculab www.aculab.com Computer telephony hardware, particularly boards

Acuvoice www.acuvoice.com Speech synthesis system and text-to-speech system

Adante www.adante.com ACD e-mail

Adaptiv Software Corporation www.adaptiv.com Workforce management software

Adaptive Innovations www.adaptiveinno.com Software that converts statistics and data normally sent to a CSR via a LCD reader board to a desktop monitor for blind CSRs

Aditi Corporation www.aditi.com Software for transacting customer service over the Internet

Advanced Access www.advaccess.com Electronic commerce, call center, and fulfillment solutions

Advanced Recognition Technology www.artcomp.com Voice recognition software

Advantage kbs www.akbs.com Problem resolution software and customer support applications

Aegis Communications Group (214) 361-9870 Outsourced telecommunications-based marketing, customer service, and call center management services

Affinitec Call Center Systems/AAC www.aaccorp.com Call center management software, reader board drivers, and call accounting systems

Ahern Communications www.aherncorp.com Headset distributor

Alert Communications www.alertcom.com Service bureau and outsourcer of call center services

Alltel www.alltel.com Call center solution including consulting, implementation, and dedicated or shared outsourcing

Alpha Technologies (800) 322-5742 Power protection, CFR Series UPS, and ALCI industrial line conditioners

AltiGen Communications www.altigen.com Computer telephony and Internet solutions for small to mid-sized businesses

Amcom Software www.amcomsoft.com A suite of call center applications including auto-attendant, voice response, and various messaging features

Amend Group www.amend.com Site selection assistance as well as commercial real estate services for call centers

American Power Conversion www.apcc.com UPS, power protection, and surge protectors

American Productivity & Quality Center www.aqpc.org Benchmarking and other research related to call centers

Ameritech www.ameritech.com Turnkey, end-to-end, call center systems

Amtelco www.amtelcom.com Call center systems with modular ACD functions, directory systems, departmental registry, and e-mail

Analogic www.analogic.com Speech recognition and text-to-speech systems

AnswerSoft www.answersoft.com Telephony automation software

Apex Voice Communications www.apexvoice.com High-density, scalable systems for call centers

Applied Innovation Management www.aim-helpdesk.com Web-based software for managing external product support

Apropos Technology www.apropos.com Integrated suite of switch-independent call center applications

Ariel Corporation www.ariel.com Design, manufacture, and marketing of DSP-based data communications hardware and software products

Aspect Telecommunications www.aspect./com ACD voice processing system and software for linkage between applications

Artisoft www.artisoft.com Telephony systems with call center features

Astea www.astea.com Field service and internal help desk environment

Atio Corporation www.atio.com A modular call center solution

AT&T www.att.com/business/global Long-distance, toll-free, and call center consulting

AuBeta Telecom www.aubeta.com An out-of-the-box family of call center systems

Aurora Systems www.fastcall.com Computer telephony software (middleware)

Aurum Software www.aurum.com Integrated applications for field sales, channel sales, telesales, telemarketing, corporate marketing, and customer service

Automatic Answer www.taa.com Automated attendants and voice processing systems based on industry-standard PC platforms

AVT www.avtc.com Open systems based on advanced computer telephony products

Balisoft www.balisoft.com A Web/call center integration suite with collaborative tools

Banksoft www.banksoft.net Small call center system that provides call processing and backend data processing

Bard Technologies www.bardtech.com ACD simulator system for call centers

Barnhill Associates www.barnhill.com Systems integrators and consultants on process reengineering

BCS Technologies www.bestechnoliges.com PBX/ACD for small call centers

Bell Contact Centre Solutions Contact center consulting, organization, and training

Bigby, Havis & Associates www.bigby.com/callcenters.htm Human resource consulting for call centers

Blue Pumpkin Software www.blue.pumpkin.com Workforce management software

Bogen Communications (201) 934-8500 Messages on hold, digital announcers, voice loggers, and recorder

Boston Communications Group www.bgci.net Call center outsourcing services

Brady Group www.thebradygroup.com Planning, design, and implementation of customer service strategies, work processes, and technologies

Bramic Creative Business Products (905) 649-2734 Ergonomic furniture for call centers

Brigade Solutions www.brigadesolutions.com Internet customer support outsourcing

Brightware www.brightware.com Web-based customer interaction systems

Bristol Group www.bg.com Large-scale faxing systems

Brite Voice Systems www.brite.com Voice processing and IVR systems that integrate voice, fax, CTI, and Internet capabilities

Broadbase Information Systems www.broadbase.com Enterprise performance management systems

Brooktrout Technology www.brooktrout.com Fax, voice, and telephony products, mainly at the component level

Buffalo International www.opencti.com Object telephony server, a high-performance, flexible telephony platform

Business Telecom Products www.btpi.com Professional-quality headsets

CACI Products Company www.caciasl.com Call center tool to set up a model of staffing and volume

Call Center Network Group www.ccng.com Membership organization for call center professionals

Call Center Solutions www.callcenters.com Predictive dialers and call-blending equipment

Call Center Technology www.callcentertechnology.com Supervisor and call center knowledge management tool

Call Center University www.callcenteru.com Professional organization that promotes certification programs and call center management standards

Call Interactive www.callit.com IVR and call center outsourcing

Call One www.call-1.com Headset and conferencing equipment distribution

Callscan Australia www.callscan.com.au Call center products and services for the Australian and New Zealand markets

Calonge & Associates www.ca.script.com Scripting and script consulting for business-to-business and business-to-consumer marketing campaigns

Carnegie Group www.cgi.com Consulting, application development, and systems integration for call centers

Cascade Technologies www.cascadetechnologies.com Software for employee benefits and human resources

CCI-Hansen Limited www.hancorp.com.au Workforce management systems

CCS TrexCom www.ccstrexcom.com Hardware and software platforms for IVR

CCT Group www.cctgroup.com Call center support tools and full-service call center consulting

CellIT www.cellit.com Call center system with blended multimedia support, inbound (ACD), outbound predictive dialing, IVR call logging, messaging, and unified SQL reporting

CenterCore www.centercore.com Cubicles and agent workstations

CenterForce Technologies www.cforcetech.com/ Call center optimization system for outbound campaigns

Centerpoint Technologies www.ctrpoint.com Computer telephony systems

Centigram www.centigram.com Voice processing equipment

Century Telecommunications www.cticallcenter.com Call center outsourcer

Chordiant Software www.chordiant.com Software for managing customer data, including transaction data, customer histories, and business processes

Cicat Networks www.cicat.com ISDN specialists

Cincom Systems www.cincom.com CTI-enabled call center application

Cintech www.cintech-cti.com ACD for small and mid-size call centers

Cisco Systems www.cisco.com Networking products and systems

ClearVox Communications www.clearvox.com Hands-free headsets for PCs, cordless phones, the Internet, and other applications

Clientele Software www.clientele.com Customer service software

Com2001 Technologies www.com2001.com Provider of a telephone system service and a range of communication services

CoMatrix (800) 888-7822 Supplier of used telecom equipment

Comdial www.comdial.com LAN-based ACD software product

Comdisco Disaster Recovery www.comdisco.com Disaster recovery and service assurance programs

CommercePath www.commercepath.com EDI to fax system

Commetrex www.commetrex.com Computer telephony boards

CommuniTech www.communitech.com Distributor of headsets

ComputerTalk Technology www.icescape.com Server-based ACD with digital switching and built-in CTI

Comverse Information Systems www.cominfosys.com Digital recorders, voice loggers, and monitoring systems

Contact Dynamics www.contactdynamics.com Software and services for interactive Internet communications

Convergys Corporation www.convergys.com Conversational voice technologies

ConServIT www.cvtc.com Inbound service bureau

Copia International www.copia.com Business fax/voice software

CoreSoft Technologies www.coresoft.com Multifunction telephony equipment

Cortelco www.cortelco.com Switching systems, ISDN equipment, and software

CosmoCom www.cosmocom.com Integrated multimedia customer service for Internet and telephone callers

Crystal Group www.crystalpc.com Fault-resilient computer systems

CSI-Data Collection Resources www.csiworld.com/dcr Automated voice and data products for call centers

CT Solutions www.solutions4ct.com Computer telephony VAR equipment for a variety of manufacturers

CTL www.ctline.com Voice processing system for the low end of the market

Dakotah Direct www.dakotahdirect.com Outsourcing call center service bureau

Daktronics www.daktronics.com Multiline readerboards with custom and standard interfaces

Data Processing Resources Corporation www.dprc.com Applications and technologies for call centers, network, and telecommunication organizations

Datapoint www.datapoint.com/ Computer-based communications solutions, including client-server, video communications, and integrated telephony applications

Davox www.davox.com Predictive dialers as well as a CTI/blend system

Dialogic www.dialogic.com Voice cards, SCSA hardware, fax boards, and CTI software

Digisoft Computers www.digisoft.com Call center software for PC-based networks

Digital Software International www.digisoftware.com Scripts for use by CSRs in outbound or inbound call centers

Digital Techniques www.digitaltechniques.com Design and manufacture of telephony products for the call centers

Distributed Bits www.dbits.com E-mail tracker and response automator for call centers

DP Solutions www.dpsol.com Help desk and customer support software

Drextec www.drextec.com PC-LAN-based open predictive dial and telemarketing software system for centers of 12 to 144 agents

DSP Group www.dspg.com Speech compression technology

Dytel www.dytel.com Automated attendants

E-Speech Corporation www.espeech.com Speech recognition

E-Voice Communications www.evoicecomm.com Voice mail systems that incorporate unified messaging technology

Easyphone SA www.easyphone.com Call center management software

EasyRun www.easyrun.com Desktop computer telephony systems

Edify www.edify.com IVR and workflow software

EFusion www.efusion.com A platform for application creation using combined voice and data networks

eGain Communications www.egain.com Customer service solutions for electronic commerce

EIS International www.eisi.com Predictive dialers, outbound, and integrated inbound/outbound applications for call centers

Energy Enterprises www.energyenterprises.com Call center training and consulting services

Enterprise Integration Group www.eiginc.com Services geared to CTI

Entertainment Technology 416-598-2223 Call center display board system

Envision Telephony www.envisiontelephony.com Monitoring and quality assurance software for call centers

Envox www.envox.com Script editor for developing multimedia call center applications

Epigraphx www.epigraphx.com Fax on demand and Internet-enabled fax/ Web combos

eShare Technologies www.eshare.com Web-based customer service and support

Estech (972) 422-9700 Telephone/voice mail product

Evolving Systems www.evolving.com Operational support systems for IP

Exacom www.exacomusa.com Automated messaging system

Executone Information Systems www.executone.com Integrated digital system platform, ACDs, and predictive dialers

Expert Systems www.easey.com IVR development product

Eyretel www.eyretel.com Quality monitoring and multimedia recording systems

FaceTime Communications www.facetime.net Internet/call center systems

Far Systems www.farsystems.com Interactive voice response application generation software and systems

FaxNet www.faxnet.com Enhanced fax services

FaxSav www.faxsav.com Internet fax systems

FaxStar (800) 327-9859 Enterprisewide fax server systems

Figment Technologies www.unimessage.com Unified messaging product

Flashpoint Solutions www.flashpointsolutions.com Custom and generic music and messages on-hold CDs and service

Franklin Telecom www.ftel.com Systems for voice over Internet communications

Fujitsu Business Communication Systems www.fbes.fujitsu.com A variety of call center tools-core switches, CTI links, and specific applications and services

Funk Software www.funk.com Remote control technology that incorporates screen monitoring and screen record and playback

Fuseworks www.fuseworks.com A live Internet marketing solution

GBH Distributing www.gbhinc.com Headsets for a variety of applications, including call centers

Genesys Telecommunications www.genesyslab.com Combined inbound/ outbound call processor

GM Productions www.gmpvoices.com Professional recording of voice prompts and other kinds of announcements

GN Netcom www.gnnetcom.com Wireless and corded headsets

Graybar www.graybar.com Distributor of telecom and call center products

Hammer Technologies www.hammer.com Testing for call center telecommunications systems, CTI, and voice over IP applications

Harris www.harris.com Switching systems and PBX

Hello Direct www.hello-direct.com Catalog distributor of headsets and other consumer telephony devices

HTL Telemanagement www.htlt.com Calculator for simulating call center conditions

IBM/Early Cloud www.earlycloud.com Distributed software for large-scale call center automation that allows companies to automate customer contact applications

IEX www.iex.com Call center management and workforce management software

Inference www.inference.com Case-based problem resolution engine for help desks

Infinet www.infinet1.com LANS and WANS, CTI, remote office connectivity, network management

Infinite Technologies www.ihub.com E-mail, Internet, and remote access products

Info Group www.infogrp.com Telemanagement and call center information systems

Info Systems www.talkie.com Voice processing application generator

InfoActiv www.infoactiv.com Call center consulting and systems integration, computer telephony, interactive voice response, voice messaging, enterprise and operations management

Infobase Services Inc. (ISI) www.ctiguys.com CTI systems, CTI-Link integration systems, monitoring and routing systems, systems integration services

Information Gateways (703-760-0000) Switchless call center platforms that incorporate ACD, PBX, IVR, dialing, scripting, and campaign management functions

Information Management Associates (IMA) www.imaedge.com Enterprise customer interaction software for call centers

InfoServ USA www.infoservusa.com Specialist in the design of IVR systems and applications for vertical markets

Intecom www.intecom.com ACD and PBX functions on a single communications platform

IntegreTel www.integretel.com Billing and collection services for the telephone industry and call center outsourcing

Intek Information www.intekinfo.com High-end outsourcing services and technology consulting

Intellisystems www.intellisystems.com Interactive expert system that provides self-support on the phone and on the Web

Interactive Communication Systems www.icstelephony.com Customer services for computer telephony deployment

Interactive Digital www.easytalksoftware.com Add-on software for reducing call duration on interactive voice response systems

Interactive Intelligence www.inter-intelli.com Computer telephony product for enterprises and call centers

Interactive Quality Services www.iq.services.com Quality assurance consulting and testing services

Interalia Communications www.interalia-inc.com Announcement and messaging systems

Interfax www.interfax.uk.com International network services via the Internet

Interior Concepts www.interiorconcepts.com Furniture systems for call centers

Interprise www.ntrpriz.com Architectural interior design for call center design and development

InterVoice www.intervoice.com Advanced call and business process automation systems

ISC Consultants www.isc.com Call center consulting and optimization

Jabra www.jabra.com Headsets for call centers

Kaset International www.kaset.com Customer service training programs

Key Voice Technologies www.keyvoice.com Small office and corporate voice systems

KnowDev www.knowdev.com Systems for agent training and evaluation

Knowlix www.knowlix.com Knowledge tools for seamless integration into existing internal help desks and customer support centers

KSBA Architects www.ksba.com Architecture, planning, interior design, and project management of call centers

Lernout & Hauspie www.lhs.com Speech recognition, text-to-speech, speech-to-text systems

Line 4 www.line-4.com CTI middleware software

Linkon www.linkon.com A variety of call center products, including voice boards that support a wide range of advanced voice processing applications

Locus Dialogue www.locus.ca Speech recognition systems

Lucent Technologies www.lucent.com ACDs, voice processing system, and other devices

MarkeTel Systems www.predictivedialers.com Predictive dialing systems

MasterMind Technologies www.mastermindtechnologies.com Telephony application development platform

MasterX Corporation www.masterx.com Tool suites that facilitate the real-time transport of data

MATRAnet www.matranet.com Internet software for e-commerce applications

Maxxar www.maxxar.com Platform for running call center and computer telephony applications

MCI Call Center Solutions www.mci.com A full spectrum of services for the call center industry

MCK Communications www.mck.com Remote voice systems

MediaPhonics www.mediaphonics.com Hardware, firmware, software, and CTI architectures and products

Mediasoft Telecom www.mediasoft.com Computer telephony and Web systems as a strategic technology partner to OEM

Melita International www.melita.com Predictive dialing systems

Mercom www.mercom.com Audiolog voice logging server system

Merlin Systems Oy www.merlin.fi/ Value-added services for call centers including PBXs, Lan PBXs, and VoIP services

Metasound www.metasound.com/ Messaging on hold systems

Micro Computer Systems www.mesdallas.com A product to route inbound e-mail to reps in support environments

MicroAutomation www.microaut.com Call management software

Microlog www.mlog.com IVR systems for UNIX and DOS

Mitel www.mitel.com PBXs to manage ACD groups for small call centers

Molloy Group www.molloy.com Enterprise knowledge management software solution for customer support

Multi-Channel Systems www.mesmk8.com PC-based predictive dialers

Mustang Software www.mustang.com E-mail management solutions

N-Soft www.n-softna.com A family of CTI modules and a CTI development environment

National TechTeam www.techteam.com Computer and customer service solutions

Natural Microsystems www.nmss.com Major supplier of voice boards and voice processing platforms

Netaccess www.netacc.com ISDN and modem technology

NetDialog www.netdialog.com Web-based customer interaction front end for call centers

NetManage www.netmanage.com Visual connectivity solutions

NetPhone www.netphone.com CTI servers, boards, and applications for NT

Netphonic www.netphonic.com Call voice browser to integrate the Internet with an IVR system

Netrics.com www.netrics.com Analyzes and measures Website traffic and log analysis software for Web servers

Network Associates www.nai.com Software for help desk, data security

Neuron Data www.elements.com Call center automation systems

NewMetrics Corporation www.newmetrics.com Workforce management solutions

NexCen Technologies www.nexcen.net Customer care products to integrate billing, network management, trouble ticketing, and order management systems

NICE Systems www.nice.com Digital call-logging system to integrate with all major switches and CTI servers

Noble Systems www.noblesys.com Customized call center automation with inbound, predictive dialing, and blended call management

Norrell Corporation www.norrell.com Call center outsourcing services

Nortel www.nortel.com Switches, ACDs, software, fiber cable

North Highland Company www.north-highland.com Management and technology consulting including call center consulting services

Nuance Communications www.nuance.com Speech recognition system

Nuera www.nuera.com Digital circuit multiplication equipment

Octane Software www.octanesoftware.com Internet/call center front-end products

Omtool www.omtool.com Internet/intranet fax server system

OnQueue Call Center Consulting (215) 491-4636 Workforce management services

Ontario Systems www.ontario.com PC-based predictive dialers

Oracle www.oracle.com Database software

Outreach Technologies www.outreachtech.com Conferencing technology

Ovum www.ovum.com Consulting and market research

Paknetx www.paknetx.com Internet-based ACD systems

Panamax www.panamax.com Surge protectors and power-related systems for protecting phone systems, networks, and PCs

Para Systems www.minuteman.com Power protection devices

Parity Software Development www.Parity.com Software tools and hardware components for developing computer telephony applications

PaylinX Corporation www.paylinx.com Real-time credit card authorization software for call centers, IVR, Internet, and POS applications

Pegasystems www.pegasystems.com Customer interaction solutions

Perimeter Technology www.perimetertechnology.com Centrex and SL-1 ACD product

Periphonics www.peri.com Voice processing

Phonetic Systems www.phoneticsystems.com Speech-enabled, telephony-based directory search solutions

Picazo Communications www.picazo.com PC-based phone system that includes ACD

Pipkins www.pipkins.com Call center management software, workforce management

Plantronics www.plantronics.com Headsets

Platinum Software Corporation www.clientele.com Developer of client/ server enterprise resource planning software

Portage Communications www.portagecommunications.com Call center designer, Windows-based software tools

PrairieFyre Software www.prairiefyre.com ACD management information system

Prestige International www.prestigein.com Multilingual and international call center company

PRIMA www.prima.ca System integration professional services for the IVR and CTI markets

Primus www.primus.com Problem resolution and knowledge management software

Priority Fulfillment Service (888) 330-5504 Inbound telemarketing, order entry and fulfillment, credit card authorization, customized reporting, and outbound telemarketing service offerings

ProAmerica www.proam.com Service call management help desk software

Product Line (800) 343-4717 Live-agent inbound and outbound call handing and help desk services

Professional Help Desk (PHD) www.phd.com Help desk software

Promodel Corporation www.promodel.com Simulation product and systems

Pronexus www.pronexus.com Fax server and interactive voice application generator

PTT Telecom Netherlands US (212) 246-2130 National telecom carrier of the Netherlands

PureSpeech www.speech.com Speech recognition product suite

Q.Sys www.qsys.com Telephony servers

Qronus Interactive www.qronus.com Testing systems for CTI products

Quality Call Solutions www.quality.com Turnkey system integrator of IVR and CTI for call centers

Quintus Corporation www.quintus.com Broad-based suite of front-end software for call centers

Racal Recorders www.racalrecord.com Voice loggers, with up to 96 channel capacity

Remedy www.remedy.com Help desk and customer service software

Response Interactive www.responseinc.com Software to provide a live link between visitors to a Website and call center CSRs

RightFax www.rightfax.com Enterprise fax servers

Rockwell www.ec.rockwell.com Integrated call center platform technologies, including ACD, CTI, and information management tools

ScheduleSoft Corporation www.schedulesoft.com Scalable personnel scheduling solutions

Sento Corporation www.sento.com Phoneless phone centers, all IP-based

ServiceWare www.serviceware.com Software for knowledge management

Shark Multimedia www.sharkrmm.com Voice messaging and data/fax communications systems

Siebel Systems www.siebel.com SFA and enterprisewide customer management systems

Siemens www.siemenscom.com Switches; large, high-end ACDs; software for call routing

Silknet Software www.silknet.com Internet-based customer service application

Sitel Corporation www.sitel.com Outsourced telephone-based customer service and sales

Skywave www.skywave.net IP telephony gateway for service providers

Softbase Systems www.netlert.com Nonintrusive desktop messaging system for intranets

Soundlogic www.soundlogic.net Help desk systems

Spanlink www.spanlink.com Internet call center products and services

Specialized Resources www.sritelecom.com Telecom consulting, systems integration, and systems maintenance

Spectrum Corp. www.specorp.com Wallboards used to communicate ACD information to agents in a call center

SpeechSoft www.speechsoft.com IVR and application generation systems

SpeechWorks www.speechworks.com Interactive speech systems for automating telephone transactions

Sprint www.spring.com Long-distance and consulting services for call centers

SPS Payment Systems www.spspay.com Call center outsourcing services

Square D EPE Technologies (714) 557-1636 Power protection systems

StarVox www.starvox.com A business-to-business VoIP system for enterprisewide deployment

StepUp Software www.stepupsoftware.com Simple help desk for small centers

Steve Sibulsky Productions www.onhold6.com Message-on-hold production services

Sungard Data Systems www.sungard.com Disaster recovery and service assurance programs

Swisscom www.swisscom-na.com Swiss national telecom carrier

Symon Communications www.symon.com Readerboards and middleware for call center client/server applications

Syntellect www.syntellect.com Voice processing, IVR, predictive dialing, and Web-related call center products

Systems Modeling www.sm.com Simulation tool for modeling call center performance

Sytel Limited www.sytelco.com Predictive dialers, high-speed campaign simulation, and workforce management tools

TAB Products www.tabproducts.com Call center facilities and design systems

Tandem Computers www.tandem.com High-reliability servers and platforms for call center applications

TargetVision www.targetvision.com Employee communication systems (readerboards), services and software

Taske Technology www.taske.com Call center management software for telephone systems

TCS Management Group www.tcsmgmt.com Workforce management systems

Technology Solutions Company www.techsol.com Consulting and systems integration

Teknekron Infoswitch www.teknekron.com Call center software for job applicant screening and agent monitoring and evaluation

Tekno Industries (708) 766-6960 Call center network management systems

Tekton www.tekton.com Digital voice logging systems for recording and archiving telephone transactions

Telecorp Products www.telecorpproducts.com ACD management system with readerboard

Telegenisys www.telegenisys.com Call processing systems that include CTI applications, predictive dialing, and IVR

Telegra Corp. www.telegra.com Fax test equipment to analyze Internet fax, fax servers, and networks

Tele-Serve Call Center www.tele-serve-1.com Call center applications, answering services, telemarketing, and other telemessaging functions

TCT House www.tctc.co.uk Consultancy, training, recruitment, and performance auditing

Telephonetics www.telephonetics.com Algorithms for music and message-on-hold service, and audio production and programming

Telequest Teleservices www.telequest.com Inbound and outbound telemarketing and teleservices

Telespectrum Worldwide www.telespectrum.com Inbound and outbound telemarketing, customer service, interactive voice response, customer care consulting, call center management, training, and consulting services

Telesynergy Research (USA) www.telesynergy.com PBX/voice/fax boards, application generator, and CT solutions for small to medium-sized business

Teloquent www.teloquent.com Distributed call center (DCC), ISDN-based remote agent ACD

Teltone Corporation www.officelink2000.com Telecom/call center products, including telecommuting and agent-at-home systems

Telus Marketing Services www.tms.telus.com Call center services to businesses, specializing in inbound and outbound sales and customer service marketing programs

Teubner & Associates www.teubner.com Advanced fax processing systems

Texas Digital Systems www.txdigital.com Visual message alert system (readerboard)

TMSI www.tsb.ca CTI suite for call center applications

TNG TeleSales and Service www.worldshowcase.com Outbound and inbound telephone and Web-based marketing services

Tripp Lite www.tripplite.com Power protection products, including UPS systems, surge suppressors, line conditioners, power inverters, and network management accessories

Trivida Corporation www.trivida.com Data mining products

Trustech www.truster.com Voice analysis software with call center monitoring applications

TSB International www.tsb.ca PBX data and networking products, including CTI middleware, call accounting and service bureau systems, and PBX data and network management

Unica Technologies www.unica-usa.com Services and software for customer management in and through call centers

Uniden (817) 858-3300 Products that interface with PBX and desk set telephones to provide wireless headsets

Unimax Systems www.unimax.com Database and "information control" systems for PBXs and voice mail systems

Unitrac Software www.unitrac.com Software applications including customer service, inbound/outbound telemarketing, campaigns, mass mail management, salesforce automation, and fulfillment processing

Utopia Technology Partners www.utosoft.com Help desk software

V*Channel www.vchannel.com Interactive voice and fax servers

Vantive www.vantive.com Help desk software

Venturian Software www.venturian.com IVR and call center integration systems

Viking Electronics www.vikingelectronics.com Fax/data switches, auto attendants, digital announcers, toll restrictors, auto dialers

VIP Calling www.vipcalling.com Wholesale international telecom servers over the Internet

VIPswitch www.VIPswitch.com High-performance Ethernet/intranet switches and communications platforms

Visionyze.com www.visionyze.com Packaged analytical application solution software for customer service centers

Visual Electronics www.digital-fax.com Readerboard systems

Vitrix www.vitrix.com Time and attendance software for call centers

VocalTec Communications www.vocaltec.com IP telephony systems and gateways

Vodavi www.vodavi.com Key telephone systems, Web-based unified messaging, ACD, CTI, Internet telephony, voice processing, and IVR

Voice Control Systems www.voicecontrol.com Speech recognition tool kit and call control/CTI/IVR systems for call centers

Voice Print International (VPI) www.voiceprintonline.com Digital multimedia voice data recording and storage

Voice Processing Corporation www.vpro.com Speech recognition

Voice Technologies Group www.vtg.com PBX integration products, unified messaging, and other CTI systems

Voiceware Systems www.voiceware.net Call processing systems integrator

Voysys www.voysys.com Computer telephony products for small centers, especially IVR

VXI www.vxicorp.com Headsets and microphones for CTI applications

WebDialogs www.webdialogs.com/ Internet-initiated telephony, IP telephony, chat, computer-to-computer collaboration

WebLine Communications www.webline.com A Web-based call center adjunct that combines telephone connectivity with the Web

Witness Systems www.witsys.com Develops and supplies client/server quality monitoring software for call centers

Wygant Scientific www.wygant.com Voice processing applications

Xircom www.xircom.com Networking products

XL Associates www.xla.com Call center consulting services

xPect Technologies www.xpecttech.com Processes and systems to maximize performance

Xtend www.xtend.com Develops PC-based CTI and telemanagement systems

Ziehl Associates www.ziehl.com Headsets and other small-scale telecom equipment

Happy Surfing!!

Cisco LAN Switching - Configuring SNMP

Switches should be configured so that management stations can gather information via the Simple Network Management Protocol (SNMP). SNMP is used to gather statistics, counters, and tables in the Management Information Base (MIB) of a device.

The SNMP framework consists of three parts:

• SNMP manager
• SNMP agent
• MIB

The SNMP manager is a host that monitors the activities of network devices using SNMP. The SNMP manager is typically referred to as the Network Management Station (NMS). The SNMP agent is software running on the device being monitored by the SNMP manager. A MIB is a virtual storage area for network management information consisting of collections of managed objects. MIBs are written in the SNMP MIB module language as defined in RFCs 2578, 2579, and 2580. SNMP agents can be configured to allow read-only or read-write access to the device. Management stations like CiscoWorks use the read-only functions of the agent to monitor the device, and can use the read-write functions of the agent to make changes to the device configuration. SNMP uses passwords called community strings to grant access to the SNMP agent. Access to the agents can be further limited via SNMP access lists.

 SNMP MIB information for each Cisco device can be found on Cisco.com.

You should configure SNMP on each Cisco device to be monitored by NMS. A sample SNMP configuration is shown on SW1 in Example

Example:  Sample SNMP Configuration on SW1

SW1#config t

Enter configuration commands, one per line.  End with CNTL/Z.



SW1(config)#access-list 10 permit 10.10.10.2

SW1(config)#snmp enable

SW1(config)#snmp-server community alpha ro 10

SW1(config)#snmp-server community beta rw 10

SW1(config)#snmp-server contact John Smith (555)789-2653

SW1(config)#snmp-server location Denver Data Center

SW1(config)#snmp enable traps

SW1(config)#snmp trap-source lo0

After SNMP is configured on SW1, the statistics can be viewed using the show snmp command, as shown in as

Example :Output of show snmp Command on SW1

SW1#show snmp

Chassis: SAD050814BH

Contact: John Smith (555)789-2653

Location: Denver Data Center

0 SNMP packets input

    0 Bad SNMP version errors

    0 Unknown community name

    0 Illegal operation for community name supplied

    0 Encoding errors

    0 Number of requested variables

    0 Number of altered variables

    0 Get-request PDUs

    0 Get-next PDUs

    0 Set-request PDUs

0 SNMP packets output

    0 Too big errors (Maximum packet size 1500)

    0 No such name errors

    0 Bad values errors

    0 General errors

    0 Response PDUs

    0 Trap PDUs



SNMP logging: disabled

Happy Reading!! 

Wireless Hack - Scan and Exploit Vulnerable Hosts on WLAN

This is an active phase of your attack. When the fourth step is reached, you should have gathered a large amount of helpful data that makes penetrating wireless peers, gateways, and sniffable wired-side hosts an easy task. Perhaps no penetration is needed, because you have already collected or cracked user passwords flowing across the network. Using the data gathered, you can select the most suitable hosts for a further attack aimed at obtaining administrator or root privileges on these hosts. At this stage you can perform active OS fingerprinting, port scanning, and banner grabbing to determine vulnerable services for further exploitation. Remember the golden rule of fingerprinting: Use several available techniques and analyze the results. The options include the following:

• nmap -O
• thcrut discover (uses improved nmap fingerprinting methodology)
• Ettercap (press f/F over a host)
• xprobe
• xprobe2 (yes, this is a different tool)
• induce-arp.pl (ARP-based OS fingerprinting)
• sing (basic ICMP fingerprinting)
• sprint and sprint-lite
• tools that do fingerprinting via specific services if present (ldistfp, lpdfp telnetfp)
• other tools available in the vast scope of the Internet

As to port scanning itself, nmap is everyone's all-time favorite. What kind of "hacking book" does not describe how to run nmap? Without going into the port scanning depths, here are our recommendations:

• First try the zombie/idle scan with -sI. It might not work.
• Check out the protocol scan (-sO). Try to do fingerprinting with -sO.
• Proceed with -sN (null). Many firewalls and IDSs would not detect it (e.g., ipchains logging).
• You can follow with -sF to be sure, but avoid Xmas (-sX).
• If you haven't captured any useful data from these scans, the host is likely to be some form of Microsoft Windows. Use the half-connect scan (-sS).

Because we are on (W)LAN, there is another tool to consider: the Ghost Port Scan. Ghost Port Scan uses ARP poisoning to spoof both IP and MAC addresses of the scanning host on the LAN. The scanner is able to find IP addresses not in use on the LAN the attacker's host is connected to. Such a feature is used when no source IPs have been specified. The aim of this function is to avoid a potential DoS that could be caused by ARP poisoning. The scanner is quite flexible:

arhontus:~# ./gps

Ghost Port Scan version 0.9.0 by whitehat@altern.org

(gps.sourceforge.net)

Usage: ./gps -d target [-s host1[,host2/host3..]] [-t scan_type]

     [-v] [-r scan_speed] [-p first_port-last_port] [-k 0 | 1]

     [-e ping_port]  [-f t | o] [-i interface] [-S mac | ip]

     [-w window_size]

 -d target             :target host's IP/name

 -s host1[,host2/host3]:list of hosts we pretend to be

                      (use '/' to specify IP ranges)

 -t scan_type        :stealth scan mode (default: syn)

           (syn | xmas | null | fin | ack | rand | fwrd)

 -r scan_speed       :packet rate (default: insane)

           (insane | aggressive | normal | polite |

           paranoid)

 -p first-last ports :port range to scan (default: 1-1024)

 -k 0 | 1            :scan well-known ports (default: 1)

 -e ping_port          :target port for a TCP ping (default: 80)

 -v                  :verbose (use twice for more verbose)

 -f t | o              :fragment IP datagrams (default: no frag)

           (t: tiny frags | o: frag overlapping)

 -i interface        :network interface to use

 -S mac | ip         :spoofing level (IP or ethernet/MAC;

           default: mac)

 -w window_size        :size of the emission window (default: 256

           packets)

To grab banners the old-fashioned way, you can use telnet or netcat. However, your time (important on wireless) and effort can be saved if you use the following:

• nmap+V (nmap patched by Saurik; try the -sVVV flag) or the latest version of nmap with novel banner fingerprinting -sV or -A flags
• amap
• THCrut
• arb-scan
• banshee (features command execution against the IP addresses scanned)
• grabbb (very fast)
• A variety of banner grabbers from the Men in Grey (MIG) group (very fast, but not necessarily accurate)
• "Script kiddie" banner grabbers for the "hole of the month" (usually fast; probably started from banner grabbers for wu-ftpd versions)

As a security consultant, you can always use automated multipurpose security evaluation tools such as Nessus, but a real Black Hat is unlikely to employ these tools for stealth preservation reasons. Choose the tools you like for time-saving and personal reasons. Keep a large collection of exploit code and a long list of default passwords and dictionaries on your penetration testing laptop to save more time by avoiding browsing SecurityFocus, Packetstorm, and similar sites from the WLAN. Use Hydra and similar tools for remote password dictionary attacks and brute-forcing.

Happy Coding!!