[Freeswitch-users] Brute-force attack

Peter Olsson peter.olsson at visionutveckling.se
Thu Jun 14 10:16:04 MSD 2012


I use both Windows and Linux systems. As long as you know how to manage both systems, there is not a big difference when it comes to exploits and general security (not anymore anyway, if you use current versions). I would say that the biggest issue here is the knowledge of the people managing the systems. And it's usually more secure to manage a system that you know, then a system you don't know much about, even though that system is considered to be more secure.

Lots has happened since Windows 95 :)

Anyway, for this kind of setup I would also prefer Linux, but mostly for the possibilites with fail2ban etc, which doesn't exist on Windows. I'm thinking of writiling something similar for Windows, hopefully I get som time for that soon...

/Peter

14 jun 2012 kl. 07:51 skrev "Muhammad Shahzad" <shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>>:

I would strongly suggest to move your production system to Linux, which is by far secure and controllable then Windows. Right now, if somebody does not breaks into your voip setup using some bruteforce / DOS attack, s/he can still exploit some hole in Windows to crack your security. Windows is simply not secure enough to production grade performance.

Thank you.


On Thu, Jun 14, 2012 at 6:39 AM, Avi Marcus <avi at avimarcus.net<mailto:avi at avimarcus.net>> wrote:
That's not necessarily the best kind of password... see http://xkcd.com/936/ and then http://tech.dropbox.com/?p=165

-Avi



On Thu, Jun 14, 2012 at 6:23 AM, jay binks <jaybinks at gmail.com<mailto:jaybinks at gmail.com>> wrote:
> Strong passwords are a great start, but fail2ban does a little more than
> this.
>
> you could move off port 5060 to something un-conventional, meaning your less
> likely to get scanned / brute forced.
>
> Jay
>
> On 14 June 2012 12:27, ocset <ocset at the800group.com<mailto:ocset at the800group.com>> wrote:
>>
>> Hi
>>
>> I have deployed Freeswiitch on windows 7 and since there is no fail2ban
>> on windows, I was wondering what the real risk is with opening it up to
>> the internet. If I was to ensure that all users and passwords were
>> extremely difficult to guess (passwords like "2$53E_d7?^2!3s$"), what
>> are the risks that I am exposing myself to? Is there a type of DoS for
>> voip where hackers can just flood my system with requests simply to be
>> malicious?
>>
>> There are VB windows scripts available that emulate what fail2ban does
>> on Linux but I was just wondering whether I really need to implement
>> this level of security if I can control the password complexity in
>> Freeswitch.
>>
>> Thanks
>> O
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
>
> --
> Sincerely
>
> Jay
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




--
Muhammad Shahzad
-----------------------------------
CISCO Rich Media Communication Specialist (CRMCS)
CISCO Certified Network Associate (CCNA)
Cell: +92 334 422 40 88
MSN: shari_786pk at hotmail.com<mailto:shari_786pk at hotmail.com>
Email: shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>
!DSPAM:4fd978c432761360223007!
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


!DSPAM:4fd978c432761360223007!



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list