[asterisk-users] best practice

Matt Riddell matt at venturevoip.com
Sun Mar 9 22:31:51 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

desrae at wildblue.net wrote:
> I am setting up an Asterisk server to provide voice messaging in a campus
> setting.  I am interested in how others have Asterisk set up in regards to
> firewalls and web interface access to minimize security risks.

:)

Best practice would be to lock it down - allow nothing in or out.

Then work your way back if anything is required.

If it is only needed by you, run it across an OpenVPN tunnel.

If needed by others, require authentication.

If you really need SSH without a VPN, at least move it to a different port.

Bear in mind that any open port will probably get hammered and at some
stage will probably have a security vulnerability.

Don't load modules you don't need (modules.conf)

- --
Kind Regards,

Matt Riddell
Director
_______________________________________________

http://www.venturevoip.com (Great new VoIP end to end solution)
http://www.venturevoip.com/news.php (Daily Asterisk News - html)
http://www.venturevoip.com/newrssfeed.php (Daily Asterisk News - rss)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH1KumDQNt8rg0Kp4RAjJ9AJ9fHfuR3WnFmfdLYt3UOGnDuYUJyACggYFB
tiBLgsjb4mvZ3XtpJQxaoAY=
=csgx
-----END PGP SIGNATURE-----



More information about the asterisk-users mailing list