On Fri, 2006-01-13 at 17:08 -0500, smbPBX wrote: > I have shied away from Thirdlane becuause I recall that some Asterisk > gurus have stated that it is *NOT* a good idea to run webmin on the > same server as production Asterisk. > > Any truth to that claim?
Generally it is not a good idea to not run more than you have to on any production server. One of the first rules of security is to try to turn off everything that isnt used, then lock down everything that has to run. There are some performance issues that might arise if you are running everything on the same box. anything you run needs to be checked for security problems not just at install but throughout the life of the system. You need to reasonably configure the system to help prevent such attacks, systrace can be helpful for that, its BSD licensed (unsure if its 3 or 4 clause though) so you should be able to find it, there are even some tools to help configure it. In general, if it doesnt need remote access dont give it remote access, bind network services only to the interface that is required, if it doesnt have to run, dont run it, if it has modules and you dont use a specific module, disable it (goes for apache, asterisk and anything else). Use reasonably secure passwords, etc. At that point the only problem I see is that of capacity, by running other services you can limit the capacity of the system, in terms of memory and cpu (and potentially bandwidth). Plan for that as part of the spec and you should be fine. Dont plan and just guess what you can do on what hardware and you may have some problems in the future. -- Trixter http://www.0xdecafbad.com Bret McDanel UK +44 870 340 4605 Germany +49 801 777 555 3402 US +1 360 207 0479 or +1 516 687 5200 FreeWorldDialup: 635378 http://www.sacaug.org/ Sacramento Asterisk Users Group
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
