ldpaniak at fourpisolutions.com
Sat Jul 31 08:38:05 EDT 2010
On Sat, 2010-07-31 at 00:56 -0400, Paul Nijjar wrote:
> On Sun, Jul 25, 2010 at 05:11:13PM -0400, Chris Irwin wrote:
> > On Sun, 2010-07-25 at 15:16 -0400, unsolicited wrote:
> > > Was bopping about the web and came across
> > > http://www.asterisk.org/asterisknow.
> > >
> > > Can someone remind me: there is Asterisk, TrixBox, who knows what else?
> > There is also AskoziaPBX.
> > I haven't used any of them, and can't really tell you the difference...
> Does anybody know which of these is most amenable to a "secure by
> default" installation? I downloaded one of these distros (Elastix, I
> think?) and it had all of these web components that came with
> (independently-defined) default web passwords. This also made me break
> out in hives. I hope my experience was atypical, but it scared me into
> thinking I should probably forget the Asterisk distros and work from a
> bare Debian install. Am I wrong?
> - Paul
All the Asterisk-based distros I've seen suffer from this near-fatal
flaw. It is astounding how poor their commitment to system security is.
While starting with a bare Debian install and building your own VoIP box
would solve the security problem(s), I think you would be better off
using a porous distro and adding firewall software. Then you can
restrict access until you are satisfied. I use Shorewall to give a
(more) user-friendly interface to iptables. Shorewall has great
documentation - especially for typical cases. Just open up UDP ports
5060-5080 for SIP and 10000-30000 for RTP and you should have a
functional, secure VoIP system.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the kwlug-disc