Darrick, interesting point about the VPN. I have to have three classes of port opened up for my AstLinux to work on the internet. A VPN solution would certainly simplify things in this respect.
However, in reality, how ubiquitous is VPN support on VOIP phones. I use three types of phone (two PolyCom models and a Snom model) and none of them seem to offer any VPN client support. The other point is that steam encryption is going to slow down transmission of the media stream (to some extent anyway). I have experienced some bad degradation running a couple of phones with Asterisk through a PIX hardware VPN over a residential ADSL line. Stuttery MOH is not nice. How practical is the VPN suggestion, does anyone actually use this. What steps are others taking to secure AstLinux/Asterisk on public networks. It would be useful if we could get a list of ideas together. My very short and inadequate list so far is as follows: -Limit the number of ports available -Use UnionFS and change the root password -Use hashed secrets -Disable allowguest if using SIP Thoughts anyone? Thanks, Mart Darrick Hartman wrote: > David, > > You could use openvpn to secure the connection. MAC address > restrictions are pretty weak and easy to spoof. > > Darrick > > David Kerr wrote: >> I would like to permit a softphone on my laptop to connect to my >> astlinux box from anywhere in the world. This would mean keeping port >> 5060 open, which is a potential security risk? Is there a way to >> restrict access by mac address? so that my softphone on *my* laptop can >> connect, but no one else's can (even if they know the extension/password. >> >> Thanks. >> David >> >> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]> >> wrote: >> >> Hi Darrick, >> >> You right, I had miss-configured my Firewall: I open the voip ports when >> I initially was try to my Asterisk trunk working. As I now know, the >> trunk goes through a tunnel so I closed them just after my last post and >> everything still works (no duh). >> >> I still need to dig into my config (Firewall and Asterisk), I'm sure I >> have other doors wide open why I tried to get things working. >> >> Many thanks for the reply though. >> >> Daniel >> >> >> >> Darrick Hartman a écrit : >> > Daniel, >> > >> > Not necessarily. It sounds like you have the firewall misconfigured. >> > What ports are you opening? You should really only have your ssh >> port >> > and vpn port open. All others should be closed. How are these >> people >> > getting in? >> > >> > Darrick >> > >> > Daniel Aeberli wrote: >> > >> >> Sorry, just realised this is more an Astersik general question >> than a >> >> ASTLinux one ... of to search other forums... >> >> >> >> Daniel Aeberli a écrit : >> >> >> >>> Well after the brute force attack ssh login attempts, last >> month, I have >> >>> an undesirable outsider that successfully made calls from my >> ASTlinux >> >>> box. I locked out the brute force, by disabling WAN requests, >> turning of >> >>> WAN ping response and turning off ssh access, but obviously my >> box is >> >>> not secure. >> >>> >> >>> I'm not savvy enough to know how to secure by AstLinux box from >> outside >> >>> callers (hackers). I only use AstLinux to call my parents >> AstLinux box >> >>> via a VPN trunk over our ADSL lines. All my local calls go via >> ISDN line >> >>> (since I have to have it for the ADSL link and local call are >> free). >> >>> >> >>> Could someone tell me how to lock outside calls (internet / >> ADSL) from >> >>> using my ISDN lines? >> >>> >> >>> Thanks >> >>> >> >>> Daniel >> >>> >> >>> >> ------------------------------------------------------------------------- >> >>> This SF.Net email is sponsored by the Moblin Your Move >> Developer's challenge >> >>> Build the coolest Linux based applications with Moblin SDK & >> win great prizes >> >>> Grand prize is a trip for two to an Open Source event anywhere >> in the world >> >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> <http://moblin-contest.org/redirect.php?banner_id=100&url=/> >> >>> _______________________________________________ >> >>> Astlinux-users mailing list >> >>> Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >>> >> >>> Donations to support AstLinux are graciously accepted via >> PayPal to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >> >>> >> >>> >> >> >> ------------------------------------------------------------------------- >> >> This SF.Net email is sponsored by the Moblin Your Move >> Developer's challenge >> >> Build the coolest Linux based applications with Moblin SDK & win >> great prizes >> >> Grand prize is a trip for two to an Open Source event anywhere >> in the world >> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> <http://moblin-contest.org/redirect.php?banner_id=100&url=/> >> >> _______________________________________________ >> >> Astlinux-users mailing list >> >> Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> >> >> Donations to support AstLinux are graciously accepted via PayPal >> to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >> >> >> > >> > >> > >> ------------------------------------------------------------------------- >> > This SF.Net email is sponsored by the Moblin Your Move >> Developer's challenge >> > Build the coolest Linux based applications with Moblin SDK & win >> great prizes >> > Grand prize is a trip for two to an Open Source event anywhere in >> the world >> > http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> <http://moblin-contest.org/redirect.php?banner_id=100&url=/> >> > _______________________________________________ >> > Astlinux-users mailing list >> > Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> > https://lists.sourceforge.net/lists/listinfo/astlinux-users >> > >> > Donations to support AstLinux are graciously accepted via PayPal >> to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >> > >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win >> great prizes >> Grand prize is a trip for two to an Open Source event anywhere in >> the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> <http://moblin-contest.org/redirect.php?banner_id=100&url=/> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. >> >> >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to [EMAIL >> PROTECTED] > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to [EMAIL > PROTECTED] > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]