Yajie wrote: > 1. Use a decent SIP password And try to limit accounts to a single IP where possible.
> 2. Use a decent unix account password. Disable passwords and use ssh keys or some other kind of two factor authentication, no one serious about security should still be using one factor authentication. > 3. Disable calling out via voice mail system. You should prevent calling out via all sections of the dial plan, not just voicemail. Someone commented about people asking to be transferred to extension 9011. > 4. Use different SIP port other than 5060 if you can. This may reduce brute force attempts, but doesn't replace having good security. 5. If you are truly worried about VoIP security, don't use asterisk, it's poorly written especially from a security point of view, and you can't do advanced security like SIPS to encrypt the data channel. -- Best regards, Duane http://www.freeauth.org - Enterprise Two Factor Authentication http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Global Communication for the 21st Century "In the long run the pessimist may be proved right, but the optimist has a better time on the trip."
signature.asc
Description: OpenPGP digital signature
