[asterisk-users] asterisk and fail2ban

Andrew Latham lathama at gmail.com
Wed Mar 30 07:48:29 CDT 2011


On Wed, Mar 30, 2011 at 9:38 AM, vip killa <vipkilla at gmail.com> wrote:
> so does anyone use fail2ban w/ asterisk or most people use sshguard?

Vip, the overall message is that it takes layers of
settings/configurations to "secure" an installation.

Simple Guide
1. alwaysauthreject = yes in
http://svn.asterisk.org/svn/asterisk/trunk/configs/sip.conf.sample
2. Static firewall rules
2.1 Drop invalid traffic
2.2 Slow ICMP and TCP Reset attacks
2.3 Disable unneeded services
3. Dynamic firewall rules
3.1 Fail2ban (works ok, but you should test it)
3.2 Portscanning Block
(http://www.newartisans.com/2007/09/neat-tricks-with-iptables.html)
3.3 Other solutions
3.4 Bad Network Lists (http://www.spamhaus.org/drop/)
4. Auditing.   None of the above will work if not audited or reviewed
on a regular basis.
5. Reporting.  With Monthly reporting you can see trends and make good choices.


-- 
~~~ Andrew "lathama" Latham lathama at gmail.com ~~~



More information about the asterisk-users mailing list