[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
Tzafrir Cohen
tzafrir at cohens.org.il
Fri Feb 10 01:39:42 MST 2006
On Wed, Feb 08, 2006 at 10:38:33AM -0500, Technical Support wrote:
> I think that some people try to make their asterisk box a do-everything
> super server. Can you image a traditional PBX with direct access via the
> internet, serving web pages via apache, running sendmail, etc.
>
> Our approach has been keep it simple. We lock each Asterisk PBX down has
> hard as possible. This includes no direct internet connection (it should
> sit behind a real firewall), minimal services running, etc. With this
> philosophy, one can treat the PBX as an appliance: don't touch it if it's
> working.
Then I suppose your PBX does not do direct voip. All voip is proxied by
the firewall (with a special voip "anti-virus" to keep the bad guys from
exploiting you through there).
This also applies to whaever other voice channels you use.
And also to some overly-complicated IVRs that may allow unintended
privileges escalation: you wanted to avoid a clear and simple web
interface, so you opted for a complicated phone interface.
>
> If you must run host web pages, run mail servers, offer SQLnet connections,
> make visible to the internet,
Actually if a mail/SQL server is used it is either only availble to
localhost.
> etc. then other users are correct - you better
> continually patch/update ASAP.
--
Tzafrir Cohen | tzafrir at jbr.cohens.org.il | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
ICQ# 16849755 | | friend
More information about the asterisk-users
mailing list