SIP Server: - Don't put your Asterisk server in the same host as your web portal. - Enforce strong password policies for users. - If you accept INVITES for unauthenticated users, make sure you properly configure its host IP and prefix. - Put a Kamailio/openSIPS in front of both Asterisk and FS to better handle security and attacks attempts (pike module)
Web Portal: - Update to the latest Apache and PHP. - If you're using an CMS, update to the latest stable version. - If it's your own development. Check for sql injection/XSS, etc. This is specially difficult because it depends on the developer programming skills. Database: - Your database shouldn't be publicly accessible, unless is strictly necessary (I shouldn't be). On Thu, Apr 4, 2013 at 12:46 PM, Matthew J. Roth <[email protected]> wrote: > Gerrit Jacobsen wrote: > > > > You misunderstood. The idea is to put a honey-trap into the wild which > cannot > > make charged calls. Of course you must isolate it from the rest of your > > network. > > > > Eventually he will anyway put the system into the wild, so better do it > when > > there is no risk of damage. > > I'm not opposed to the idea of a honeypot as an additional layer of > security, > but it's not what I would suggest as the first line of defense to someone > looking for a consultant to secure their Asterisk deployment. Locking it > down > properly would require the same knowledge as securing the production setup > and > the risk is high if they make a mistake. > > Regards, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > -- Carlos http://caruizdiaz.com +595981146623
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
