I personally think firewalls are a stopgap measure for the real problem. A firewall and VPN are not a fool proof method of protection. Fix the real problem instead of hiding it. I usually dont use a real firewall but ACLs and other similar methods to lock down where/who can access a box. As for cisco routers we use ACL's to lock those where the asterisk box is the only one that can access it.
bkw > Doug, > > I don't believe that it would be a good idea to leave the Asterisk box > unprotected (without any firewall). This would leave you wide open for > people to access your internal system through the Asterisk box. We have > all been participating in a discussion about an article written by the > ingenious Mr. Jim Louderback, technology writer for Ziff Davis, regarding > the security risk of IP Telephony. As far as the cost of vpning the > phones, maybe you could use LinkSys vpn routers ($129.00 / each) and cut > the cost in half. > If you didn't want to go the VPN route, you could setup access-list on > your 3810 to only accept traffic from the known IP addresses of your home > warriors. This is not the most secure, but it does provide some security > and would probably block most half hearted attempts from wannabe hackers. > You could sell your Cisco phones, install X-Lite (free softphone) and > put the money from the Cisco phones toward vpning your network. There > are several ways to go, I just wouldn't leave it wide open. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
