[Freeswitch-users] Lock down default config

curriegrad2004 curriegrad2004 at gmail.com
Tue Oct 18 18:09:56 MSD 2011


Remove those default users! At least that's what FusionPBX does (I'm
talking about users from 1000-1019)

On Tue, Oct 18, 2011 at 4:45 AM, Avi Marcus <avi at avimarcus.net> wrote:
> Here's a start:
> -fail2ban on DDOS and excessive attempts to register with the wrong
> password. See the wiki page on fail2ban.
> -ufw or similar to manage iptables, or iptables (or it's bsd equivalent) to
> drop everything but these ports: http://wiki.freeswitch.org/wiki/Firewall
> -ssh - if  you use ssh, use keys (with a passphrase?) rather than just plain
> passwords. I rarely get sip-attacks, but my logs show several SSH brute
> force attempts each day.
> -Do you have any other users or services running on the server? if they have
> access to config files, or just to using resources that FS needs, it can
> compromise the security or just the quality of the call.
> -Avi
>
> On Tue, Oct 18, 2011 at 1:37 PM, Ben Naylor <bnaylor at sirran.com> wrote:
>>
>> Hi All
>>
>>
>>
>> I am going live with a Freeswitch server in a couple of weeks, and it will
>> be using a public IP.  I am a bit concerned that I may not have tightened
>> security on the box enough to protect it (as best I can) from attack.
>>
>>
>>
>> I have had a look online for something similar to this but a freeswitch
>> version, but can’t find anything -
>> http://blogs.digium.com/2009/03/28/sip-security/
>>
>>
>>
>> Can anyone suggest a list of things I should check before I go live with
>> this server?  I have already changed the default password, removed the
>> default user accounts/passwords and removed the external SIP account.
>>
>>
>>
>> Any ideas  are greatly appreciated, also any links to websites that I may
>> not have found yet.
>>
>>
>>
>> Thanks for your help!
>>
>>
>>
>> Kind regards
>>
>>
>>
>> Ben
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list