<div dir="ltr"><div style>SIP Server:</div><div style><br></div>- Don't put your Asterisk server in the same host as your web portal. <div>- Enforce strong password policies for users.</div><div>- If you accept INVITES for unauthenticated users, make sure you properly configure its host IP and prefix.</div>
<div>- Put a Kamailio/openSIPS in front of both Asterisk and FS to better handle security and attacks attempts (pike module)</div><div><br></div><div>Web Portal:</div><div><br></div><div>- Update to the latest Apache and PHP.</div>
<div>- If you're using an CMS, update to the latest stable version.</div><div>- If it's your own development. Check for sql injection/XSS, etc. This is specially difficult because it depends on the developer programming skills.<br>
<div><br></div><div style>Database:</div><div style><br></div><div style>- Your database shouldn't be publicly accessible, unless is strictly necessary (I shouldn't be).</div></div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Thu, Apr 4, 2013 at 12:46 PM, Matthew J. Roth <span dir="ltr"><<a href="mailto:mroth@imminc.com" target="_blank">mroth@imminc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">Gerrit Jacobsen wrote:<br>
><br>
> You misunderstood. The idea is to put a honey-trap into the wild which cannot<br>
> make charged calls. Of course you must isolate it from the rest of your<br>
> network.<br>
><br>
> Eventually he will anyway put the system into the wild, so better do it when<br>
> there is no risk of damage.<br>
<br>
</div>I'm not opposed to the idea of a honeypot as an additional layer of security,<br>
but it's not what I would suggest as the first line of defense to someone<br>
looking for a consultant to secure their Asterisk deployment. Locking it down<br>
properly would require the same knowledge as securing the production setup and<br>
the risk is high if they make a mistake.<br>
<br>
Regards,<br>
<br>
Matthew Roth<br>
InterMedia Marketing Solutions<br>
<div class="HOEnZb"><div class="h5">Software Engineer and Systems Developer<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-biz mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-biz" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-biz</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Carlos<div><a href="http://caruizdiaz.com" target="_blank">http://caruizdiaz.com</a></div><div>+595981146623</div>
</div>