On Tue, Dec 6, 2011 at 5:19 AM, Hans Witvliet <aster...@a-domani.nl> wrote: > On Mon, 2011-12-05 at 18:51 -0800, Steve Edwards wrote: > <snip> > >> Your security needs depends on your environment. At this point in time, >> all of the hosts I manage for my clients exist in very limited >> environments and have very small attack surfaces. They are racked in >> secure data centers. They only accept SIP from clients with static IP >> addresses that we have an existing business relationship with. They only >> accept SSH connections from me. They only accept HTTP connections from me >> and my boss. That's about it. I don't see where F2B adds much value for >> me. >> >> *) Lots of admins think they can't limit access to servers because they >> have 'mobile' users. Your users probably don't need to access your servers >> from every single place on the Internet. If your users don't come from >> China, North Korea, Iran, etc, you can block entire regions with a few >> rules and eliminate 80% of probes and attacks from reaching your servers >> in the first place. Apologies in advance if you happen to live in some of >> these regions -- feel free to `s/China, North Korea, Iran/United States, >> Canada, England/g` >> > > Perhaps an other suggestion. > If they are "true road warriors", i presume they are capable of setting > up an vpn to the company. > In that case, only allow registrations/calls through the secured > tunnel. Then it's not any concern to asterisk. > > And if they can breach your tunnel, you have something else to worry > about. > Well, that means opening up VPN connections from everywhere. Thats why I suggested turning off the server completely.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users