On Mon, 2011-12-05 at 18:51 -0800, Steve Edwards wrote: <snip> > Your security needs depends on your environment. At this point in time, > all of the hosts I manage for my clients exist in very limited > environments and have very small attack surfaces. They are racked in > secure data centers. They only accept SIP from clients with static IP > addresses that we have an existing business relationship with. They only > accept SSH connections from me. They only accept HTTP connections from me > and my boss. That's about it. I don't see where F2B adds much value for > me. > > *) Lots of admins think they can't limit access to servers because they > have 'mobile' users. Your users probably don't need to access your servers > from every single place on the Internet. If your users don't come from > China, North Korea, Iran, etc, you can block entire regions with a few > rules and eliminate 80% of probes and attacks from reaching your servers > in the first place. Apologies in advance if you happen to live in some of > these regions -- feel free to `s/China, North Korea, Iran/United States, > Canada, England/g` >
Perhaps an other suggestion. If they are "true road warriors", i presume they are capable of setting up an vpn to the company. In that case, only allow registrations/calls through the secured tunnel. Then it's not any concern to asterisk. And if they can breach your tunnel, you have something else to worry about. hw -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
