[Freeswitch-users] SBC

Mon Dec 12 18:59:04 MSK 2016

Sounds good, I'll take a look.

Thanks

Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337

On Mon, Dec 12, 2016 at 4:56 PM, Brian West <brian at freeswitch.org> wrote:

> I've given everyone the opportunity to get involved in the new 1.8
> configs, So far very few people have stepped up to assist me in this task.
>
> It should be hardened by default, or have a way to toggle the hardened
> configs on.
>
> https://freeswitch.org/stash/projects/FS/repos/fs18configs/browse
>
> If you wish to review.
>
> /b
>
>
> On Mon, Dec 12, 2016 at 9:30 AM, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> I'm just thinking out loud, but maybe it'd be a good idea to have 2
>> default configs somehow. 1 which is the current one, and the second would
>> be a ver-very-hardened one.
>> I usually start-off with https://github.com/voxser
>> v/freeswitch_conf_minimal or https://github.com/mx4492/f
>> reeswitch-minimal-conf which are very basic, but it would be a great
>> idea to have available a "hardened" one.
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337
>>
>> On Mon, Dec 12, 2016 at 4:22 PM, Brian West <brian at freeswitch.org> wrote:
>>
>>> Kamil,
>>>
>>> The security model of FreeSWITCH can be quite complex, To blame
>>> FreeSWITCH itself for your misconfiguration is downright FUD, If you have
>>> issues or questions on how to properly configure FreeSWITCH for this
>>> specific role you can just ask, many of us will help you create a
>>> configuration that would be robust and secure.  If you would have set
>>> 'disable-transfer', to true, and possibly 'disable-register' it would also
>>> help lower your attack surface, In addition you shouldn't open your system
>>> to the planet, thats irresponsible on your part for doing so.
>>>
>>> FreeSWITCH isn't a firewall, so of course its weak because its NOT a
>>> firewall.
>>>
>>> And these are in the configs:
>>>
>>>
>>>     <!-- disable register and transfer which may be undesirable in a
>>> public switch -->
>>>
>>>     <!--<param name="disable-transfer" value="true"/>-->
>>>
>>>     <!--<param name="disable-register" value="true"/>-->
>>>
>>> Thanks,
>>> /b
>>>
>>>
>>> On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
>>> kamil.nigmatullin at gmail.com> wrote:
>>>
>>>> I love freeswitch, but frankly I would not recomend to set it as SBC. I
>>>> personally faced two attacks where FS was not good at. And we lost a lot of
>>>> money. It works perfectly as NAT between internal and extenal networks,
>>>> actually in everything but it is weak as a firewall. Stanislav knows that,
>>>> he helped me to resolve the problem first time when it happend. I cannot go
>>>> into details as this is open forum. You need to put either kamailio or
>>>> opensips in front of FS.
>>>>
>>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>>> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
>>> https://www.gofundme.com/freeswitch_ubuntu
>>>
>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>
>>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002
>>> <(918)%20420-9002> | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
> https://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/5d350b34/attachment.html 