[asterisk-users] How are you using Asterisk at Home ?

Steve Totaro stotaro at mail.schoffstall.com
Wed Oct 10 17:29:50 CDT 2007 

If all the services are for internal use and authorized external use 
then there would be no problem with doing this.  Deny all ports on the 
external facing interface except 1194  or whatever you want to run 
OpenVPN on and you can connect remotely over the VPN and be totally safe 
from the outside world.  You could also open up SSH and use tunneling 
for your needs.

Thanks,
Steve

SIP wrote:
> Nonsense! I'm a Security Expert (TM) and I say run EVERYthing on your  
> firewall....
>
> And...uh... what was your IP again? ;)
>
> N.
>
>
> Steve Prior wrote:
>   
>>> GNUbie wrote:
>>>
>>>     
>>>       
>>>> By the way, my Asterisk PBX server is also my wireless access point, 
>>>> web server, file server, music server, VPN server, database server, 
>>>> firewall and router.
>>>>
>>>>       
>>>>         
>> Repeat after me - NEVER NEVER NEVER run other servers on your
>> router/firewall machine!!!  That machine needs to be a maximum security
>> low vulnerability box and running all sorts of stuff on it conflicts
>> with that.  Your web server is probably your weakest link in security,
>> so I wouldn't put your file server, music server, or database server on
>> that same box because if someone hacks through some webapp you've
>> installed (it's happened to me with both the TWiki and awstats packages)
>> then if they've got root on your web server box you don't want them
>> messing with the other stuff.
>>
>> I know it sounds like overkill, but I see three boxes here:
>>
>> 1 - firewall/router
>> 2 - web server and other public facing services (sendmail for example)
>> 3 - internal facing services - database, asterisk, file/music server
>>
>> Some day when box #2 gets rooted (and it will eventually) you'll thank
>> me...
>>
>> Steve
>>
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>   
>>     
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>

More information about the asterisk-users mailing list