> If you're running an ITSP with a bunch of end users out there, are you > seriously going to want to create a firewall rule for everyone's dynamic > IP? vs. > Yes. Just because it take more time / resources to manage a network > ,it's no reason to be lazy and let security lapse.
I think for most people the reality is probably somewhere between the two. Yes, there are certain endpoints that should only ever come from one or two IPs, so it's feasible to create rules to only allow connections from certain locations. Equally, there are likely certain endpoints for softphones, etc. which really could connect from any IP address, in any country. It's all very well asking a client to provide you with a list of IP addresses to expect connections from, but when they're in a hotel in China and can't make a call from their softphone because the IP is unknown, no matter how strong your security argument, they're still a dissatisfied customer. Regards, Chris -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
