[asterisk-biz] Query about Asterisk / Database / Internet Security Consultancy
Carlos Ruiz Díaz
carlos.ruizdiaz at gmail.com
Thu Apr 4 10:55:13 CDT 2013
SIP Server:
- Don't put your Asterisk server in the same host as your web portal.
- Enforce strong password policies for users.
- If you accept INVITES for unauthenticated users, make sure you properly
configure its host IP and prefix.
- Put a Kamailio/openSIPS in front of both Asterisk and FS to better handle
security and attacks attempts (pike module)
Web Portal:
- Update to the latest Apache and PHP.
- If you're using an CMS, update to the latest stable version.
- If it's your own development. Check for sql injection/XSS, etc. This is
specially difficult because it depends on the developer programming skills.
Database:
- Your database shouldn't be publicly accessible, unless is strictly
necessary (I shouldn't be).
On Thu, Apr 4, 2013 at 12:46 PM, Matthew J. Roth <mroth at imminc.com> wrote:
> Gerrit Jacobsen wrote:
> >
> > You misunderstood. The idea is to put a honey-trap into the wild which
> cannot
> > make charged calls. Of course you must isolate it from the rest of your
> > network.
> >
> > Eventually he will anyway put the system into the wild, so better do it
> when
> > there is no risk of damage.
>
> I'm not opposed to the idea of a honeypot as an additional layer of
> security,
> but it's not what I would suggest as the first line of defense to someone
> looking for a consultant to secure their Asterisk deployment. Locking it
> down
> properly would require the same knowledge as securing the production setup
> and
> the risk is high if they make a mistake.
>
> Regards,
>
> Matthew Roth
> InterMedia Marketing Solutions
> Software Engineer and Systems Developer
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
--
Carlos
http://caruizdiaz.com
+595981146623
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-biz/attachments/20130404/7ddef369/attachment.htm>
More information about the asterisk-biz
mailing list