[Freeswitch-users] general question about phone provisioning
Nick Vines
jnvines at gmail.com
Mon Nov 12 04:03:49 MSK 2012
I used to use HTTP with no auth, but changed for a bit more security. When
I used basic HTTP, here are some of the things I did:
1. Only leave config files on server when something needs to be changed.
After device has synced, the file gets taken off public access.
2. Files are encrypted per device settings (I know Grandstream and Cisco
support some instance of this, I expect most do).
3. Random path and prefix that I already gave to device in pre-provisioning
before sent to customer.
4. Make sure you don't have indexes enabled on your webserver. For example,
see here <http://wiki.apache.org/httpd/DirectoryListings>. If you can type
in myserver.com/blah404_not_valid and see a list of the files and folders,
you need to change that.
But, if you want more, you could enable authentication for your devices and
have the certificate/username/password already loaded on the device (first
provision before you send it out). That will be more specific to your
device.
I'm sure other have more suggestions, but the above should help you stay
relatively secure. Keeping files off the server, with random paths, and
prefixes, should help prevent a brute force scan being successful.
Nick
On Sun, Nov 11, 2012 at 6:35 PM, Abaci <abaci64 at gmail.com> wrote:
> This question is not specific to FreeSWITCH, just a general question
> that I would like to get feedback from other FreeSWITCH users.
> I'm thinking of setting up phone provisioning via http, my question is
> how to make this setup secure. say my provisioning server will listen on
> https://myserver.com and a phone with the mac address 00-15-65-22-F4-23
> will try to pull the config as https://myserver.com /00156518425Dhow do
> I prevent hackers from trying to get config files using a brute force
> attack. is there any standard way of securing against these types of
> attacks?
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121111/3c9b8d0f/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list