Colin Anderson wrote:

>>I am not sure that the security guy for this network will allow me to put
>>    
>>
>up the asterisk box dual homed to the public IP and the LAN.  
>
>Your security guy needs to go back to school. If eth0 is on the LAN and eth1
>is on the WAN, and the WAN connection is properly secured with only the
>ports you need, and your SIP passwords arent 1234 or something that can be
>guessed, what difference is there between this configuration and port
>forwarding? The footprint you are exposing to the public internet is exactly
>the same. The only thing that I can think of is for IDS, you may have a
>firewall that does this. Optionally, one could run a "soft" firewall on the
>WAN side that supports IDS if that is the issue. Otherwise, why not? 
>  
>
The security guy probably doesn't know how to do things like enable ICMP
but limit the rate for an IP. He also might need to know more about
intrusion detection options. A lot of networks need that added even if
they have nothing from third party vendors on the inside.


_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to