How can you set up a firewall if you have some users on dynamic IP addresses?
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
Its called a VPN. Other Solutions include TLS, IPSEC, or even private line
~
Andrew lathama Latham
lath...@gmail.com
* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux http://en.wikipedia.org/wiki/Linux
* Learn more about Tux
If you're running an ITSP with a bunch of end users out there, are you
seriously going to want to create a firewall rule for everyone's dynamic
IP?
vs.
Yes. Just because it take more time / resources to manage a network
,it's no reason to be lazy and let security lapse.
I think for most
-Original Message-
From: asterisk-biz-boun...@lists.digium.com [mailto:asterisk-biz-
boun...@lists.digium.com] On Behalf Of Andrew Latham
Sent: Sunday, June 27, 2010 3:31 PM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: Re: [asterisk-biz] 87.230.80.186
Its
SIP TLS or a nice SNOM phone with VPN will do the trick...
First time you see a bill for a few thousand USD in toll fraud things
will change..
~
Andrew lathama Latham
lath...@gmail.com
* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux
From an intra-industrial perspective, unless you're providing
end-to-end managed connections and hardware or software packaging,
you're obviously not going to limit SIP to particular IP addresses,
though you will most certainly, most emphatically restrict SSH and
other services that way.
As
Andrew Latham wrote:
SIP TLS or a nice SNOM phone with VPN will do the trick...
No it won't. Transport layer encryption won't solve the problem of
brute forcing weak passwords, which is what I believe this whole
discussion started with.
The SNOM phone is a little stronger, but only through
On Sun, 2010-06-27 at 15:53 -0400, James Sharp wrote:
Andrew Latham wrote:
SIP TLS or a nice SNOM phone with VPN will do the trick...
No it won't. Transport layer encryption won't solve the problem of
brute forcing weak passwords, which is what I believe this whole
discussion started
Dear friends, like someone said before me in the list : neither of both extrems
could be pretty good!!
one for dangerous the other for heavy dutty requeirements in maintenance for
users changes...
thus leave the system open with out Firewall+ IDS system this will be
dangerous
,
Dear Brett
Many thanks for your comment.
any method that reads logs to detect a failrude auth , may be suitable ,
fail2ban make this
or just reading files from logs directory ( register and messages files ).
to know if were any intents refused and then block the src ip..
10 matches
Mail list logo
