[asterisk-biz] PBX got Hacked
Peter Beckman
beckman at angryox.com
Tue Mar 10 20:58:28 CDT 2009
On Tue, 10 Mar 2009, Ruddy Gbaguidi wrote:
> The best thing to do is to use a known security model. I'm thinking
> about Linux vs SeLinux which is a security layer over linux. So, why
> don't we have the classic asterisk product and a
> asterisk-security-enhanced module that will, if enabled, analyze and
> block all security holes.
Blocking all KNOWN security holes is one thing. Blocking ALL security
holes is impossible.
Using SeLinux still relies on one knowing which boxes to check and
uncheck, what happens when you check or uncheck a box, and how to
configure it to be secure. Besides, it's overkill if you are running an
Asterisk box.
* Firewall: block everything, allow 5060, 10000-20000, 22
* Anti-brute force tools
* SSH with keys ONLY
* secure, random, long passwords
* keep software and OS up to date
That's it.
(maybe open a few other ports, depending on your config; AGI, Manager,
etc, but those should be IP restricted AND have really good passwords
where applicable).
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the asterisk-biz
mailing list