[Freeswitch-users] Brute-force attack

ocset ocset at the800group.com
Thu Jun 14 14:29:50 MSD 2012


Anton

I know nothing about ext-rtp-ip and ext-sip-ip. Could you please explain 
how this will help in making the system more secure?

Thanks
O

On 14/06/12 16:27, Anton Kvashenkin wrote:
> I would suggest to create separate profile for remote workers. For 
> example, external-road-warrios. So you can play with ext-rtp-ip and 
> ext-sip-ip.
>
> 2012/6/14 Peter Olsson <peter.olsson at visionutveckling.se 
> <mailto:peter.olsson at visionutveckling.se>>
>
>     I use both Windows and Linux systems. As long as you know how to
>     manage both systems, there is not a big difference when it comes
>     to exploits and general security (not anymore anyway, if you use
>     current versions). I would say that the biggest issue here is the
>     knowledge of the people managing the systems. And it's usually
>     more secure to manage a system that you know, then a system you
>     don't know much about, even though that system is considered to be
>     more secure.
>
>     Lots has happened since Windows 95 :)
>
>     Anyway, for this kind of setup I would also prefer Linux, but
>     mostly for the possibilites with fail2ban etc, which doesn't exist
>     on Windows. I'm thinking of writiling something similar for
>     Windows, hopefully I get som time for that soon...
>
>     /Peter
>
>     14 jun 2012 kl. 07:51 skrev "Muhammad Shahzad"
>     <shaheryarkh at googlemail.com
>     <mailto:shaheryarkh at googlemail.com><mailto:shaheryarkh at googlemail.com
>     <mailto:shaheryarkh at googlemail.com>>>:
>
>     I would strongly suggest to move your production system to Linux,
>     which is by far secure and controllable then Windows. Right now,
>     if somebody does not breaks into your voip setup using some
>     bruteforce / DOS attack, s/he can still exploit some hole in
>     Windows to crack your security. Windows is simply not secure
>     enough to production grade performance.
>
>     Thank you.
>
>
>     On Thu, Jun 14, 2012 at 6:39 AM, Avi Marcus <avi at avimarcus.net
>     <mailto:avi at avimarcus.net><mailto:avi at avimarcus.net
>     <mailto:avi at avimarcus.net>>> wrote:
>     That's not necessarily the best kind of password... see
>     http://xkcd.com/936/ and then http://tech.dropbox.com/?p=165
>
>     -Avi
>
>
>
>     On Thu, Jun 14, 2012 at 6:23 AM, jay binks <jaybinks at gmail.com
>     <mailto:jaybinks at gmail.com><mailto:jaybinks at gmail.com
>     <mailto:jaybinks at gmail.com>>> wrote:
>     > Strong passwords are a great start, but fail2ban does a little
>     more than
>     > this.
>     >
>     > you could move off port 5060 to something un-conventional,
>     meaning your less
>     > likely to get scanned / brute forced.
>     >
>     > Jay
>     >
>     > On 14 June 2012 12:27, ocset <ocset at the800group.com
>     <mailto:ocset at the800group.com><mailto:ocset at the800group.com
>     <mailto:ocset at the800group.com>>> wrote:
>     >>
>     >> Hi
>     >>
>     >> I have deployed Freeswiitch on windows 7 and since there is no
>     fail2ban
>     >> on windows, I was wondering what the real risk is with opening
>     it up to
>     >> the internet. If I was to ensure that all users and passwords were
>     >> extremely difficult to guess (passwords like
>     "2$53E_d7?^2!3s$"), what
>     >> are the risks that I am exposing myself to? Is there a type of
>     DoS for
>     >> voip where hackers can just flood my system with requests
>     simply to be
>     >> malicious?
>     >>
>     >> There are VB windows scripts available that emulate what
>     fail2ban does
>     >> on Linux but I was just wondering whether I really need to
>     implement
>     >> this level of security if I can control the password complexity in
>     >> Freeswitch.
>     >>
>     >> Thanks
>     >> O
>     >>
>     >>
>     >>
>     _________________________________________________________________________
>     >> Professional FreeSWITCH Consulting Services:
>     >> consulting at freeswitch.org
>     <mailto:consulting at freeswitch.org><mailto:consulting at freeswitch.org <mailto:consulting at freeswitch.org>>
>     >> http://www.freeswitchsolutions.com
>     >>
>     >> 
>     >> 
>     >>
>     >> Official FreeSWITCH Sites
>     >> http://www.freeswitch.org
>     >> http://wiki.freeswitch.org
>     >> http://www.cluecon.com
>     >>
>     >> Join Us At ClueCon - Aug 7-9, 2012
>     >>
>     >> FreeSWITCH-users mailing list
>     >> FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org><mailto:FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>>
>     >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     >>
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     >> http://www.freeswitch.org
>     >
>     >
>     >
>     >
>     > --
>     > Sincerely
>     >
>     > Jay
>     >
>     >
>     _________________________________________________________________________
>     > Professional FreeSWITCH Consulting Services:
>     > consulting at freeswitch.org
>     <mailto:consulting at freeswitch.org><mailto:consulting at freeswitch.org <mailto:consulting at freeswitch.org>>
>     > http://www.freeswitchsolutions.com
>     >
>     > 
>     > 
>     >
>     > Official FreeSWITCH Sites
>     > http://www.freeswitch.org
>     > http://wiki.freeswitch.org
>     > http://www.cluecon.com
>     >
>     > Join Us At ClueCon - Aug 7-9, 2012
>     >
>     > FreeSWITCH-users mailing list
>     > FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org><mailto:FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>>
>     > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     >
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     > http://www.freeswitch.org
>     >
>
>     _________________________________________________________________________
>     Professional FreeSWITCH Consulting Services:
>     consulting at freeswitch.org
>     <mailto:consulting at freeswitch.org><mailto:consulting at freeswitch.org <mailto:consulting at freeswitch.org>>
>     http://www.freeswitchsolutions.com
>
>     
>     
>
>     Official FreeSWITCH Sites
>     http://www.freeswitch.org
>     http://wiki.freeswitch.org
>     http://www.cluecon.com
>
>     Join Us At ClueCon - Aug 7-9, 2012
>
>     FreeSWITCH-users mailing list
>     FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org><mailto:FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>>
>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     http://www.freeswitch.org
>
>
>
>
>     --
>     Muhammad Shahzad
>     -----------------------------------
>     CISCO Rich Media Communication Specialist (CRMCS)
>     CISCO Certified Network Associate (CCNA)
>     Cell: +92 334 422 40 88
>     MSN: shari_786pk at hotmail.com
>     <mailto:shari_786pk at hotmail.com><mailto:shari_786pk at hotmail.com
>     <mailto:shari_786pk at hotmail.com>>
>     Email: shaheryarkh at googlemail.com
>     <mailto:shaheryarkh at googlemail.com><mailto:shaheryarkh at googlemail.com
>     <mailto:shaheryarkh at googlemail.com>>
>     !DSPAM:4fd978c432761360223007!
>     _________________________________________________________________________
>     Professional FreeSWITCH Consulting Services:
>     consulting at freeswitch.org
>     <mailto:consulting at freeswitch.org><mailto:consulting at freeswitch.org <mailto:consulting at freeswitch.org>>
>     http://www.freeswitchsolutions.com
>
>     
>     
>
>     Official FreeSWITCH Sites
>     http://www.freeswitch.org
>     http://wiki.freeswitch.org
>     http://www.cluecon.com
>
>     Join Us At ClueCon - Aug 7-9, 2012
>
>     FreeSWITCH-users mailing list
>     FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org><mailto:FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>>
>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     http://www.freeswitch.org
>
>
>     !DSPAM:4fd978c432761360223007!
>
>     _________________________________________________________________________
>     Professional FreeSWITCH Consulting Services:
>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>     http://www.freeswitchsolutions.com
>
>     
>     
>
>     Official FreeSWITCH Sites
>     http://www.freeswitch.org
>     http://wiki.freeswitch.org
>     http://www.cluecon.com
>
>     Join Us At ClueCon - Aug 7-9, 2012
>
>     FreeSWITCH-users mailing list
>     FreeSWITCH-users at lists.freeswitch.org
>     <mailto:FreeSWITCH-users at lists.freeswitch.org>
>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>     http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120614/cf1d72d0/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list