wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,170
- Reaction score
- 5,199
SECURITY: $100,000 Phone Bill
If you couldn't tell from reading this week's Nerd Vittles article, we are headed in a new direction with respect to Asterisk security now that we have Asterisk functioning reliably from behind a hardware-based firewall WITH NO HOLES punched for SIP, IAX, or Web traffic.
In short, we now have Asterisk working the same way that Skype works on your Desktop. You can call people and people can call you with no Internet vulnerability on your computer or your server in the case of PIAF. This is extremely secure with very few tradeoffs.
In coming week's we're going to start building tools to let you lock down all necessary SIP, IAX, and Web traffic using IPtables. The victim of this lockdown will be outside devices with dynamic IP addresses. If anyone has suggestions/concerns, now's the time to suggest/ask.
If you couldn't tell from reading this week's Nerd Vittles article, we are headed in a new direction with respect to Asterisk security now that we have Asterisk functioning reliably from behind a hardware-based firewall WITH NO HOLES punched for SIP, IAX, or Web traffic.
In short, we now have Asterisk working the same way that Skype works on your Desktop. You can call people and people can call you with no Internet vulnerability on your computer or your server in the case of PIAF. This is extremely secure with very few tradeoffs.
In coming week's we're going to start building tools to let you lock down all necessary SIP, IAX, and Web traffic using IPtables. The victim of this lockdown will be outside devices with dynamic IP addresses. If anyone has suggestions/concerns, now's the time to suggest/ask.