[Freeswitch-users] SBC

David Villasmil david.villasmil.work at gmail.com
Mon Dec 12 18:30:26 MSK 2016


I'm just thinking out loud, but maybe it'd be a good idea to have 2 default
configs somehow. 1 which is the current one, and the second would be a
ver-very-hardened one.
I usually start-off with https://github.com/voxserv/freeswitch_conf_minimal
or https://github.com/mx4492/freeswitch-minimal-conf which are very basic,
but it would be a great idea to have available a "hardened" one.

Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337

On Mon, Dec 12, 2016 at 4:22 PM, Brian West <brian at freeswitch.org> wrote:

> Kamil,
>
> The security model of FreeSWITCH can be quite complex, To blame FreeSWITCH
> itself for your misconfiguration is downright FUD, If you have issues or
> questions on how to properly configure FreeSWITCH for this specific role
> you can just ask, many of us will help you create a configuration that
> would be robust and secure.  If you would have set 'disable-transfer', to
> true, and possibly 'disable-register' it would also help lower your attack
> surface, In addition you shouldn't open your system to the planet, thats
> irresponsible on your part for doing so.
>
> FreeSWITCH isn't a firewall, so of course its weak because its NOT a
> firewall.
>
> And these are in the configs:
>
>
>     <!-- disable register and transfer which may be undesirable in a
> public switch -->
>
>     <!--<param name="disable-transfer" value="true"/>-->
>
>     <!--<param name="disable-register" value="true"/>-->
>
> Thanks,
> /b
>
>
> On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
> kamil.nigmatullin at gmail.com> wrote:
>
>> I love freeswitch, but frankly I would not recomend to set it as SBC. I
>> personally faced two attacks where FS was not good at. And we lost a lot of
>> money. It works perfectly as NAT between internal and extenal networks,
>> actually in everything but it is weak as a firewall. Stanislav knows that,
>> he helped me to resolve the problem first time when it happend. I cannot go
>> into details as this is open forum. You need to put either kamailio or
>> opensips in front of FS.
>>
>>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
> https://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/f3507f17/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list