Hi Gary,
I went through this process a few times over the past few years. Theres a few short guides for securing Asterisk, but much of it depends on your design. If it's a traditional POTs-type PBX then locking down IPs using firewalls is a great thing, however if you make use of inbound-SIP calls from end-user PC clients on the Internet then that's not always possible. So heres my recommendations: 1) Change the default context name to something like "publicinbound". 2) Create a context called publicinbound that does basically nothing. 3) Setup a different context for an peer or friend IAX or SIP, or whatever. That way you can see which connection the hackers coming in from. 4) If you don't want to firewall off the whole internet, then at least make use of fail2ban - it's a free scripted addon that watches for hacking attempts and firewalls them off. 5) Really really long passwords and usernames - this ones pretty key. My first task was in going through and understanding where all the passwords were and changing them. I now make mine completely random and a min of 30 chars. 6) IP restrictions. If a peer or user does have a fixed IP, then define it in the appropriate config file. 7) The alwaysauthreject is good.. helps fumble the hackers. Thanks, Adrian
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users