[Freeswitch-users] SBC

Brian West brian at freeswitch.org
Mon Dec 12 18:22:58 MSK 2016


Kamil,

The security model of FreeSWITCH can be quite complex, To blame FreeSWITCH
itself for your misconfiguration is downright FUD, If you have issues or
questions on how to properly configure FreeSWITCH for this specific role
you can just ask, many of us will help you create a configuration that
would be robust and secure.  If you would have set 'disable-transfer', to
true, and possibly 'disable-register' it would also help lower your attack
surface, In addition you shouldn't open your system to the planet, thats
irresponsible on your part for doing so.

FreeSWITCH isn't a firewall, so of course its weak because its NOT a
firewall.

And these are in the configs:


    <!-- disable register and transfer which may be undesirable in a public
switch -->

    <!--<param name="disable-transfer" value="true"/>-->

    <!--<param name="disable-register" value="true"/>-->

Thanks,
/b


On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
kamil.nigmatullin at gmail.com> wrote:

> I love freeswitch, but frankly I would not recomend to set it as SBC. I
> personally faced two attacks where FS was not good at. And we lost a lot of
> money. It works perfectly as NAT between internal and extenal networks,
> actually in everything but it is weak as a firewall. Stanislav knows that,
> he helped me to resolve the problem first time when it happend. I cannot go
> into details as this is open forum. You need to put either kamailio or
> opensips in front of FS.
>
>

-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/8766d0e5/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list