Shaun Wingrin
2008-May-20 08:41 UTC
[asterisk-users] (Newbie)How to reduce security risks in opening IAX & Sip Ports
Please direct me to any usefull links to help secure my asterisk server once these ports are opened. Thanks Shaun
Tzafrir Cohen
2008-May-20 09:03 UTC
[asterisk-users] (Newbie)How to reduce security risks in opening IAX & Sip Ports
On Tue, May 20, 2008 at 10:41:28AM +0200, Shaun Wingrin wrote:> Please direct me to any usefull links to help secure my asterisk server once > these ports are opened.http://search.yahoo.com/search?p=secure+asterisk+server http://www.google.com/search?q=secure+asterisk+server Now, do some basic reading and provide us the relevant information so we can give you a more infrmed answer. First and foremost: what are the threats? In what envirnment (LAN/WAN) does it run? How much control do you have over the network? What do you actually need it to do? What extra services must be run on the same box besides Asterisk? What Linux(?) distribution do you use? (read its relevant documentation as well). -- Tzafrir Cohen icq#16849755 jabber:tzafrir.cohen at xorcom.com +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
Raj Jain
2008-May-20 10:46 UTC
[asterisk-users] (Newbie)How to reduce security risks in opening IAX & Sip Ports
One way to make the system more secure would be by not opening these ports statically in Linux iptables. I have not tested this, but Linux iptables have shipped with ip_nat_sip and ip_conntrack_sip modules since kernel version 2.6.18. With these modules, Linux iptables will act as a SIP-aware NAT that opens the ports dynamically depending on what's exchanged in the signaling. -- Raj Jain On Tue, May 20, 2008 at 4:41 AM, Shaun Wingrin <voipsw at gmail.com> wrote:> Please direct me to any usefull links to help secure my asterisk server > once > these ports are opened. > > Thanks > > Shaun > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080520/2996cd19/attachment.htm