[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber

Jay R. Ashworth jra at baylink.com
Thu Jun 12 08:33:27 CDT 2008 

On Thu, Jun 12, 2008 at 08:02:24AM -0500, Tilghman Lesher wrote:
> On Thursday 12 June 2008 03:23:46 Mark Adams wrote:
> > I appreciate the responses thus far but I am looking to find out
> > what type of security I should implement for the future. Being new
> > to linux, not to mention asterisk I didn't realize that someone
> > could brute force into the box and upload crap. With that in mind
> > it seems that I would want to get a hardware firewall such as a
> > hotbrick or a sonicwall firewall.
>
> One of the most frequent security issues comes not in the form of a
> software flaw, but simply in people choosing easy-to-guess passwords
> on the root account. There are two suggestions I have to reduce the
> risk of this brute force. First, choose a username that is uncommon.
> In your case, do not use 'root', 'admin', or even 'mark'. 'madams'
> might be a good choice. Once you figure out that username, configure
> sshd with the AllowUsers directive to ONLY allow logins from that
> user.

Your phrasing, here, Tilghman, suggests that you mean that the
administrative account should be renamed from root to madams, and I'm
fairly sure you don't actually mean that.  

You actually mean "create a regular user, and lock the machine down so
that's the only thing that can be used to log into it, at which point,
when and 

>                                    If you need root access, install
> sudo. If an attacker cannot figure out what your username is, then it
> doesn't matter even if they guess your password, because they aren't
> getting in.

...you can use sudo to get it.

> And of course, the second part is choosing a secure password, one that
> contains mixed case, numbers, letters, and symbols. Don't be afraid to
> write down that secure password, as long as you keep it on your person
> (wallet is a good choice). 99% of the attackers who might otherwise
> compromise your machine will never come within 1000 miles of you.
> However, your wallet contains things that are far more valuable than
> your password (your identity documents, for example), so it is hoped
> that you will be able to keep that password away from people who would
> otherwise do you harm.

Two memorable words separated by 2 or 3 digits, with at least one odd
capital, is my usual protocol.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)

More information about the asterisk-users mailing list