NEW Asterisk Servers Need Firewall

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
And the type of FUD you get from the FreePBX Community Manager:


Pass the popcorn...

george-castanza-eating-popcorn-seinfeld-animated_zps8jbumanq.gif
 

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
760
Reaction score
199
And the type of FUD you get from the FreePBX Community Manager:


if you follow the link it's not helpful, and csf is not easily explained, you may as well sell ufw and the simplicity it offers over csf
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
As usual, a serious bug in their own code is always translated into an end-of-the-world scenario if folks are using another approach that happens to still be secure.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
Hi


"Run, don’t walk, to your nearest electronics store (including WalMart and BestBuy) and purchase one of the dozens of inexpensive NAT-based routers."



Although I agree with the principle of this advice, I have doubts about the method of execution ever since I read this article - http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers

I'd add "...that can be flashed with OSS firmware"

TLDR: It seems that much router firmware is riddled with insecurities, it's not being fixed in a timely manner, if at all.

I've implemented DD-WRT recently, replacing the existing firmware. I have more confidence in DD-WRT than I do with proprietary manufacturer's software because of it's open source nature and if vulnerabilities are found, they are generally fixed quickly, and firmware updates will be available after the manufacturers product is obsolete and no longer releasing bug fixes.

DD-WRT happens to be the firmware I use, but there are other OSS firewalls available, as well as pfSense.

The Netgear Nighthawk router linked to in the article is a great candidate for DD-WRT, I have one similar, and it extends the functionality no end beyond the stock firmware.

I applaud and look forward to seeing the continued development on a firewall on PiaF, because sometimes, you can't put the PBX behind a firewall, or ports do have to be exposed to the Internet simply because of the exigencies of your business, and iptables can help mitigate the risk using techniques such as rate limiting and geographic firewalls to limit the number of people who can access your systems.

Joe




 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top