[Freeswitch-users] Lock down default config

Ben Naylor bnaylor at sirran.com
Tue Oct 18 18:27:24 MSD 2011

Hi Avi


Thanks for the info, I will certainly look into using fail2ban for failed
SIP attempts.

For the other items I should be covered ok.  Iptables is already restricted
to what I will be using on the server, and I am using software called
'denyhosts' which blocks hosts based on failed SSH login attempts.


No other services run on the server which could compromise the system, so
hopefully I should be fairly safe!






From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Avi
Sent: 18 October 2011 12:46
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] Lock down default config


Here's a start:

-fail2ban on DDOS and excessive attempts to register with the wrong
password. See the wiki page on fail2ban.

-ufw or similar to manage iptables, or iptables (or it's bsd equivalent) to
drop everything but these ports: http://wiki.freeswitch.org/wiki/Firewall

-ssh - if  you use ssh, use keys (with a passphrase?) rather than just plain
passwords. I rarely get sip-attacks, but my logs show several SSH brute
force attempts each day.

-Do you have any other users or services running on the server? if they have
access to config files, or just to using resources that FS needs, it can
compromise the security or just the quality of the call.



On Tue, Oct 18, 2011 at 1:37 PM, Ben Naylor <bnaylor at sirran.com> wrote:

Hi All


I am going live with a Freeswitch server in a couple of weeks, and it will
be using a public IP.  I am a bit concerned that I may not have tightened
security on the box enough to protect it (as best I can) from attack.


I have had a look online for something similar to this but a freeswitch
version, but can't find anything -


Can anyone suggest a list of things I should check before I go live with
this server?  I have already changed the default password, removed the
default user accounts/passwords and removed the external SIP account.


Any ideas  are greatly appreciated, also any links to websites that I may
not have found yet.


Thanks for your help!


Kind regards



FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111018/fb40b10b/attachment.html 

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list