[kwlug-disc] AsteriskNow?

John Van Ostrand john at netdirect.ca
Sat Jul 31 08:59:21 EDT 2010


----- Original Message -----

> All the Asterisk-based distros I've seen suffer from this near-fatal
> flaw. It is astounding how poor their commitment to system security
> is.
> 
> While starting with a bare Debian install and building your own VoIP
> box
> would solve the security problem(s), I think you would be better off
> using a porous distro and adding firewall software. Then you can
> restrict access until you are satisfied. I use Shorewall to give a
> (more) user-friendly interface to iptables. Shorewall has great
> documentation - especially for typical cases. Just open up UDP ports
> 5060-5080 for SIP and 10000-30000 for RTP and you should have a
> functional, secure VoIP system.

I agree with Lori. Starting with the distro and turning off or securing the things you want is a fast way to success. A firewall alone won't work for you if you want one or more of the web-based applications.

Run netstat -a to see which ports are listening and go from there. Then inspect your apache config and see what you have to secure or turn off.

I find turning things off, checking configs and changing passwords is far easier than integrating all that software.
-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 





More information about the kwlug-disc mailing list