One thing we did to secure remote users is to use SNOM370s and OpenVPN.. -- Singer XJ Wang, Senior System and Database Administrator The Pythian Group - love your data http://www.pythian.com Desk: (613) 565-8696 x298 Cell: (613) 266-3763
On Thu, Nov 25, 2010 at 12:33, Adrian Marsh <[email protected]>wrote: > Hi Gary, > > > > I went through this process a few times over the past few years. > > Theres a few short guides for securing Asterisk, but much of it depends on > your design. If it’s a traditional POTs-type PBX then locking down IPs > using firewalls is a great thing, however if you make use of inbound-SIP > calls from end-user PC clients on the Internet then that’s not always > possible. > > > > So heres my recommendations: > > > > 1) Change the default context name to something like "publicinbound". > > 2) Create a context called publicinbound that does basically nothing. > > 3) Setup a different context for an peer or friend IAX or SIP, or whatever. > That way you can see which connection the hackers coming in from. > > 4) If you don’t want to firewall off the whole internet, then at least make > use of fail2ban - it’s a free scripted addon that watches for hacking > attempts and firewalls them off. > > 5) Really really long passwords and usernames - this ones pretty key. My > first task was in going through and understanding where all the passwords > were and changing them. I now make mine completely random and a min of 30 > chars. > > 6) IP restrictions. If a peer or user does have a fixed IP, then define it > in the appropriate config file. > > 7) The alwaysauthreject is good.. helps fumble the hackers. > > > > > > > > Thanks, > > > > Adrian > > > > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- The best compliment you could give Pythian for our service is a referral.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
