[asterisk-biz] 87.230.80.186
Chris Bagnall
uknot at lists.minotaur.cc
Sun Jun 27 09:10:03 CDT 2010
> If you're running an ITSP with a bunch of end users out there, are you
> seriously going to want to create a firewall rule for everyone's dynamic
> IP?
vs.
> Yes. Just because it take more time / resources to manage a network
> ,it's no reason to be lazy and let security lapse.
I think for most people the reality is probably somewhere between the two.
Yes, there are certain endpoints that should only ever come from one or two
IPs, so it's feasible to create rules to only allow connections from certain
locations.
Equally, there are likely certain endpoints for softphones, etc. which
really could connect from any IP address, in any country. It's all very well
asking a client to provide you with a list of IP addresses to expect
connections from, but when they're in a hotel in China and can't make a call
from their softphone because the IP is unknown, no matter how strong your
security argument, they're still a dissatisfied customer.
Regards,
Chris
More information about the asterisk-biz
mailing list