[Freeswitch-users] FreeSWITCH Security Hardening Project

Josh mojo1736 at privatedemail.net
Sat Feb 18 18:57:43 MSK 2012


> I'm talking more of an OS level security protocol... best practice guide.
If it is of any help, on all my systems here, I deploy SELinux - a 
security framework I am extremely happy with. All my system components 
(packages, programs etc) are confined in their own security realms by 
deploying appropriate security policies.

Most of these policy were designed from scratch - by myself, other were 
changed from the "standard" ones provided by my distro to reflect the 
particular settings of my host environment. I have been using SELinux 
for years and I can vouch for it - it provides sufficiently good 
(understand deep) level of security - it goes to the Linux core.

As I am fairly new to FS (until about a month ago I didn't even know it 
existed and initially wanted to use and deploy Asterisk, but soon 
realised the error in my ways ;-) ), I am in a process of writing one 
such security policy for FS, which, after the appropriate testing and 
possible tweaking, will be deployed on the system I intend to use FS on. 
If there is a sufficient interest I will provide this new policy to 
everyone interested - as I already pointed out, SELinux provides a very 
good level of security when deployed properly, so it is capable of 
confining packages/applications where they belong - in their own 
security realm.

As far as the non-OS level of security goes (i.e. securing FS itself 
from internal exploits of the protocol(s) it uses, including toll fraud 
etc) then I won't be of much use until I know more about FS - something 
I am in a process of correcting as I do read up about how FS works from 
various sources, including the FS book (and soon to get hold of the 
cookbook as well).



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list