Yes it all makes sense, I left it all open so sip traffic could pass. My experience has only been with analog gateways which well no one would wasn't to break into or do any of these things too.
Thanks for the sonicwall tip, that was what I was about to buy. Mark Adams -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee Howard Sent: Thursday, June 12, 2008 11:16 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] aSTERISK / Vicidial systems over 4MB fiber Jay R. Ashworth wrote: > On Thu, Jun 12, 2008 at 08:02:24AM -0500, Tilghman Lesher wrote: > >> One of the most frequent security issues comes not in the form of a >> software flaw, but simply in people choosing easy-to-guess passwords >> on the root account. There are two suggestions I have to reduce the >> risk of this brute force. First, choose a username that is uncommon. >> In your case, do not use 'root', 'admin', or even 'mark'. 'madams' >> might be a good choice. Once you figure out that username, configure >> sshd with the AllowUsers directive to ONLY allow logins from that >> user. >> > > Your phrasing, here, Tilghman, suggests that you mean that the > administrative account should be renamed from root to madams, and I'm > fairly sure you don't actually mean that. > > You actually mean "create a regular user, and lock the machine down so > that's the only thing that can be used to log into it, at which point, > when and > > >> If you need root access, install >> sudo. If an attacker cannot figure out what your username is, then it >> doesn't matter even if they guess your password, because they aren't >> getting in. >> > > ...you can use sudo to get it. Never, ever, ever, expose sshd to the public internet without firewalling. Only let trusted IPs reach sshd. The risk of brute force success, however small, is still far too great. Again, do not expose sshd to the general public. And for that matter... it's generally unwise to expose any service to the general public when the general public has no business using that service. A little bit of time learning some iptables basics will go a long way here. Thanks, Lee. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users