[Freeswitch-users] FreeSWITCH Security Hardening Project
Josh
mojo1736 at privatedemail.net
Sat Feb 18 18:57:43 MSK 2012
> I'm talking more of an OS level security protocol... best practice guide.
If it is of any help, on all my systems here, I deploy SELinux - a
security framework I am extremely happy with. All my system components
(packages, programs etc) are confined in their own security realms by
deploying appropriate security policies.
Most of these policy were designed from scratch - by myself, other were
changed from the "standard" ones provided by my distro to reflect the
particular settings of my host environment. I have been using SELinux
for years and I can vouch for it - it provides sufficiently good
(understand deep) level of security - it goes to the Linux core.
As I am fairly new to FS (until about a month ago I didn't even know it
existed and initially wanted to use and deploy Asterisk, but soon
realised the error in my ways ;-) ), I am in a process of writing one
such security policy for FS, which, after the appropriate testing and
possible tweaking, will be deployed on the system I intend to use FS on.
If there is a sufficient interest I will provide this new policy to
everyone interested - as I already pointed out, SELinux provides a very
good level of security when deployed properly, so it is capable of
confining packages/applications where they belong - in their own
security realm.
As far as the non-OS level of security goes (i.e. securing FS itself
from internal exploits of the protocol(s) it uses, including toll fraud
etc) then I won't be of much use until I know more about FS - something
I am in a process of correcting as I do read up about how FS works from
various sources, including the FS book (and soon to get hold of the
cookbook as well).
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list