On Wed, Feb 08, 2006 at 10:38:33AM -0500, Technical Support wrote: > I think that some people try to make their asterisk box a do-everything > super server. Can you image a traditional PBX with direct access via the > internet, serving web pages via apache, running sendmail, etc. > > Our approach has been keep it simple. We lock each Asterisk PBX down has > hard as possible. This includes no direct internet connection (it should > sit behind a real firewall), minimal services running, etc. With this > philosophy, one can treat the PBX as an appliance: don't touch it if it's > working.
Then I suppose your PBX does not do direct voip. All voip is proxied by the firewall (with a special voip "anti-virus" to keep the bad guys from exploiting you through there). This also applies to whaever other voice channels you use. And also to some overly-complicated IVRs that may allow unintended privileges escalation: you wanted to avoid a clear and simple web interface, so you opted for a complicated phone interface. > > If you must run host web pages, run mail servers, offer SQLnet connections, > make visible to the internet, Actually if a mail/SQL server is used it is either only availble to localhost. > etc. then other users are correct - you better > continually patch/update ASAP. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
