[Freeswitch-users] SBC

Mon Dec 12 18:56:40 MSK 2016

I've given everyone the opportunity to get involved in the new 1.8 configs,
So far very few people have stepped up to assist me in this task.

It should be hardened by default, or have a way to toggle the hardened
configs on.

https://freeswitch.org/stash/projects/FS/repos/fs18configs/browse

If you wish to review.

/b

On Mon, Dec 12, 2016 at 9:30 AM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> I'm just thinking out loud, but maybe it'd be a good idea to have 2
> default configs somehow. 1 which is the current one, and the second would
> be a ver-very-hardened one.
> I usually start-off with https://github.com/voxserv/freeswitch_conf_
> minimal or https://github.com/mx4492/freeswitch-minimal-conf which are
> very basic, but it would be a great idea to have available a "hardened" one.
>
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
> On Mon, Dec 12, 2016 at 4:22 PM, Brian West <brian at freeswitch.org> wrote:
>
>> Kamil,
>>
>> The security model of FreeSWITCH can be quite complex, To blame
>> FreeSWITCH itself for your misconfiguration is downright FUD, If you have
>> issues or questions on how to properly configure FreeSWITCH for this
>> specific role you can just ask, many of us will help you create a
>> configuration that would be robust and secure.  If you would have set
>> 'disable-transfer', to true, and possibly 'disable-register' it would also
>> help lower your attack surface, In addition you shouldn't open your system
>> to the planet, thats irresponsible on your part for doing so.
>>
>> FreeSWITCH isn't a firewall, so of course its weak because its NOT a
>> firewall.
>>
>> And these are in the configs:
>>
>>
>>     <!-- disable register and transfer which may be undesirable in a
>> public switch -->
>>
>>     <!--<param name="disable-transfer" value="true"/>-->
>>
>>     <!--<param name="disable-register" value="true"/>-->
>>
>> Thanks,
>> /b
>>
>>
>> On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
>> kamil.nigmatullin at gmail.com> wrote:
>>
>>> I love freeswitch, but frankly I would not recomend to set it as SBC. I
>>> personally faced two attacks where FS was not good at. And we lost a lot of
>>> money. It works perfectly as NAT between internal and extenal networks,
>>> actually in everything but it is weak as a firewall. Stanislav knows that,
>>> he helped me to resolve the problem first time when it happend. I cannot go
>>> into details as this is open forum. You need to put either kamailio or
>>> opensips in front of FS.
>>>
>>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
>> https://www.gofundme.com/freeswitch_ubuntu
>>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
>> | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

-- 

*Brian West*
brian at freeswitch.org

*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/49804508/attachment-0001.html 