[kwlug-disc] AsteriskNow?
John Van Ostrand
john at netdirect.ca
Sat Jul 31 08:59:21 EDT 2010
----- Original Message -----
> All the Asterisk-based distros I've seen suffer from this near-fatal
> flaw. It is astounding how poor their commitment to system security
> is.
>
> While starting with a bare Debian install and building your own VoIP
> box
> would solve the security problem(s), I think you would be better off
> using a porous distro and adding firewall software. Then you can
> restrict access until you are satisfied. I use Shorewall to give a
> (more) user-friendly interface to iptables. Shorewall has great
> documentation - especially for typical cases. Just open up UDP ports
> 5060-5080 for SIP and 10000-30000 for RTP and you should have a
> functional, secure VoIP system.
I agree with Lori. Starting with the distro and turning off or securing the things you want is a fast way to success. A firewall alone won't work for you if you want one or more of the web-based applications.
Run netstat -a to see which ports are listening and go from there. Then inspect your apache config and see what you have to secure or turn off.
I find turning things off, checking configs and changing passwords is far easier than integrating all that software.
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list