[Freeswitch-users] Lock down default config

Avi Marcus avi at avimarcus.net
Tue Oct 18 15:45:33 MSD 2011 

Here's a start:
-fail2ban on DDOS and excessive attempts to register with the wrong
password. See the wiki page on fail2ban.
-ufw or similar to manage iptables, or iptables (or it's bsd equivalent) to
drop everything but these ports: http://wiki.freeswitch.org/wiki/Firewall
-ssh - if  you use ssh, use keys (with a passphrase?) rather than just plain
passwords. I rarely get sip-attacks, but my logs show several SSH brute
force attempts each day.
-Do you have any other users or services running on the server? if they have
access to config files, or just to using resources that FS needs, it can
compromise the security or just the quality of the call.

-Avi


On Tue, Oct 18, 2011 at 1:37 PM, Ben Naylor <bnaylor at sirran.com> wrote:

> Hi All****
>
> ** **
>
> I am going live with a Freeswitch server in a couple of weeks, and it will
> be using a public IP.  I am a bit concerned that I may not have tightened
> security on the box enough to protect it (as best I can) from attack.****
>
> ** **
>
> I have had a look online for something similar to this but a freeswitch
> version, but can’t find anything -
> http://blogs.digium.com/2009/03/28/sip-security/****
>
> ** **
>
> Can anyone suggest a list of things I should check before I go live with
> this server?  I have already changed the default password, removed the
> default user accounts/passwords and removed the external SIP account.****
>
> ** **
>
> Any ideas  are greatly appreciated, also any links to websites that I may
> not have found yet.****
>
> ** **
>
> Thanks for your help!****
>
> ** **
>
> Kind regards****
>
> ** **
>
> Ben****
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111018/bf93f61b/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list