[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber

Mark Adams admin at infinity-marketing.com
Thu Jun 12 09:02:30 CDT 2008


Thanks for all the help. I have been in this biz for several years using
windows machines and analog dialers. I need to get on top of learning
enhanced networking, linux systems and firewalls.

 

 

Lots of goof information - Much appreciated! 

 

 

Mark Adams

 

 

  _____  

From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Lyle Giese
Sent: Thursday, June 12, 2008 9:41 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] aSTERISK / Vicidial systems over 4MB fiber

 

Tilghman Lesher wrote: 

On Thursday 12 June 2008 03:23:46 Mark Adams wrote:
  

I appreciate the responses thus far but I am looking to find out what type
of security I should implement for the future. Being new to linux, not to
mention asterisk I didn't realize that someone could brute force into the
box and upload crap. With that in mind it seems that I would want to get a
hardware firewall such as a hotbrick or a sonicwall firewall.
    

 
One of the most frequent security issues comes not in the form of a software
flaw, but simply in people choosing easy-to-guess passwords on the root
account.  There are two suggestions I have to reduce the risk of this
brute force.  First, choose a username that is uncommon.  In your case, do
not
use 'root', 'admin', or even 'mark'.  'madams' might be a good choice.  Once
you figure out that username, configure sshd with the AllowUsers directive
to
ONLY allow logins from that user.  If you need root access, install sudo.
If
an attacker cannot figure out what your username is, then it doesn't matter
even if they guess your password, because they aren't getting in.
 
And of course, the second part is choosing a secure password, one that
contains mixed case, numbers, letters, and symbols.  Don't be afraid to
write
down that secure password, as long as you keep it on your person (wallet is
a
good choice).  99% of the attackers who might otherwise compromise your
machine will never come within 1000 miles of you.  However, your wallet
contains things that are far more valuable than your password (your identity
documents, for example), so it is hoped that you will be able to keep that
password away from people who would otherwise do you harm.
 
  

Most recent hacks that I have first or second hand knowledge of came from
ssh issues.  Most inexperienced admins will expose ssh without using the
'allowgroups' option in their sshd_config and will get hacked by someone
logging in via ssh using a system account with no password.

The second thing to do with ssh is to move it to another port to keep the
script kiddies from pounding on it.  If there is a weak or missing password,
they will find it.

An encrypted USB thumbdrive is also a good storage device for passwords.  I
use TrueCrypt and have the executable availble unencrypted on the thumbdrive
so I could plug it into almost any machine and get to the encrypted data.

Lyle Giese
LCR Computer Services, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080612/844e755b/attachment.htm 


More information about the asterisk-users mailing list