If you are using SIP you should also be paranoid and set allowguest=no, as this defaults to yes.
Mart Philip Prindeville wrote: > You can also use a shared secret for authentication with an MD5 digest > exchange. > > That's reasonably secure. > > -Philip > > > Darrick Hartman wrote: >> David, >> >> You could use openvpn to secure the connection. MAC address >> restrictions are pretty weak and easy to spoof. >> >> Darrick >> >> David Kerr wrote: >> >>> I would like to permit a softphone on my laptop to connect to my >>> astlinux box from anywhere in the world. This would mean keeping port >>> 5060 open, which is a potential security risk? Is there a way to >>> restrict access by mac address? so that my softphone on *my* laptop can >>> connect, but no one else's can (even if they know the extension/password. >>> >>> Thanks. >>> David >>> >>> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]> >>> wrote: >>> >>> Hi Darrick, >>> >>> You right, I had miss-configured my Firewall: I open the voip ports when >>> I initially was try to my Asterisk trunk working. As I now know, the >>> trunk goes through a tunnel so I closed them just after my last post and >>> everything still works (no duh). >>> >>> I still need to dig into my config (Firewall and Asterisk), I'm sure I >>> have other doors wide open why I tried to get things working. >>> >>> Many thanks for the reply though. >>> >>> Daniel >>> >>> >>> >>> Darrick Hartman a écrit : >>> > Daniel, >>> > >>> > Not necessarily. It sounds like you have the firewall misconfigured. >>> > What ports are you opening? You should really only have your ssh >>> port >>> > and vpn port open. All others should be closed. How are these >>> people >>> > getting in? >>> > >>> > Darrick >>> > >>> > Daniel Aeberli wrote: >>> > >>> >> Sorry, just realised this is more an Astersik general question >>> than a >>> >> ASTLinux one ... of to search other forums... >>> >> >>> >> Daniel Aeberli a écrit : >>> >> >>> >>> Well after the brute force attack ssh login attempts, last >>> month, I have >>> >>> an undesirable outsider that successfully made calls from my >>> ASTlinux >>> >>> box. I locked out the brute force, by disabling WAN requests, >>> turning of >>> >>> WAN ping response and turning off ssh access, but obviously my >>> box is >>> >>> not secure. >>> >>> >>> >>> I'm not savvy enough to know how to secure by AstLinux box from >>> outside >>> >>> callers (hackers). I only use AstLinux to call my parents >>> AstLinux box >>> >>> via a VPN trunk over our ADSL lines. All my local calls go via >>> ISDN line >>> >>> (since I have to have it for the ADSL link and local call are >>> free). >>> >>> >>> >>> Could someone tell me how to lock outside calls (internet / >>> ADSL) from >>> >>> using my ISDN lines? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Daniel >>> >>> >>> > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to [EMAIL > PROTECTED] > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
