[Freeswitch-users] SBC

David Villasmil david.villasmil.work at gmail.com
Mon Dec 12 19:01:32 MSK 2016


Is there a thread to discuss this or should I just fork and propose as
always?

Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337

On Mon, Dec 12, 2016 at 4:59 PM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> Sounds good, I'll take a look.
>
> Thanks
>
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337 <+34%20669%2044%2083%2037>
>
> On Mon, Dec 12, 2016 at 4:56 PM, Brian West <brian at freeswitch.org> wrote:
>
>> I've given everyone the opportunity to get involved in the new 1.8
>> configs, So far very few people have stepped up to assist me in this task.
>>
>> It should be hardened by default, or have a way to toggle the hardened
>> configs on.
>>
>> https://freeswitch.org/stash/projects/FS/repos/fs18configs/browse
>>
>> If you wish to review.
>>
>> /b
>>
>>
>> On Mon, Dec 12, 2016 at 9:30 AM, David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> I'm just thinking out loud, but maybe it'd be a good idea to have 2
>>> default configs somehow. 1 which is the current one, and the second would
>>> be a ver-very-hardened one.
>>> I usually start-off with https://github.com/voxser
>>> v/freeswitch_conf_minimal or https://github.com/mx4492/f
>>> reeswitch-minimal-conf which are very basic, but it would be a great
>>> idea to have available a "hardened" one.
>>>
>>> Regards,
>>>
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>>
>>> On Mon, Dec 12, 2016 at 4:22 PM, Brian West <brian at freeswitch.org>
>>> wrote:
>>>
>>>> Kamil,
>>>>
>>>> The security model of FreeSWITCH can be quite complex, To blame
>>>> FreeSWITCH itself for your misconfiguration is downright FUD, If you have
>>>> issues or questions on how to properly configure FreeSWITCH for this
>>>> specific role you can just ask, many of us will help you create a
>>>> configuration that would be robust and secure.  If you would have set
>>>> 'disable-transfer', to true, and possibly 'disable-register' it would also
>>>> help lower your attack surface, In addition you shouldn't open your system
>>>> to the planet, thats irresponsible on your part for doing so.
>>>>
>>>> FreeSWITCH isn't a firewall, so of course its weak because its NOT a
>>>> firewall.
>>>>
>>>> And these are in the configs:
>>>>
>>>>
>>>>     <!-- disable register and transfer which may be undesirable in a
>>>> public switch -->
>>>>
>>>>     <!--<param name="disable-transfer" value="true"/>-->
>>>>
>>>>     <!--<param name="disable-register" value="true"/>-->
>>>>
>>>> Thanks,
>>>> /b
>>>>
>>>>
>>>> On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <
>>>> kamil.nigmatullin at gmail.com> wrote:
>>>>
>>>>> I love freeswitch, but frankly I would not recomend to set it as SBC.
>>>>> I personally faced two attacks where FS was not good at. And we lost a lot
>>>>> of money. It works perfectly as NAT between internal and extenal networks,
>>>>> actually in everything but it is weak as a firewall. Stanislav knows that,
>>>>> he helped me to resolve the problem first time when it happend. I cannot go
>>>>> into details as this is open forum. You need to put either kamailio or
>>>>> opensips in front of FS.
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> *Brian West*
>>>> brian at freeswitch.org
>>>>
>>>>
>>>> *Twitter: @FreeSWITCH , @briankwest*
>>>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>>>> http://www.freeswitchcookbook.com (50% Discount using code
>>>> FreeSwitch50)
>>>> https://www.gofundme.com/freeswitch_ubuntu
>>>>
>>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>>
>>>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002
>>>> <(918)%20420-9002> | *M:*+1918424WEST (9378)
>>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
>> https://www.gofundme.com/freeswitch_ubuntu
>>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
>> | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/c93f9812/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list