Difference between revisions of "Security"

From FusionPBX
Jump to: navigation, search
(General)
(General)
Line 7: Line 7:
 
** Use a VPN for external endpoints.
 
** Use a VPN for external endpoints.
 
*** OpenVPN with a UDP tunnel works great for VOIP.
 
*** OpenVPN with a UDP tunnel works great for VOIP.
 +
* Layered Security
 
* Fail2ban - monitor logs then bans ip addresses for those that are found in the log to be abusing the system.
 
* Fail2ban - monitor logs then bans ip addresses for those that are found in the log to be abusing the system.
  

Revision as of 20:58, 29 September 2012

A place to share security best practices with the community.

General

  • Limit Exposure
    • Use FusionPBX/FreeSWITCH behind a firewall.
    • Limit ports exposed to the Internet.
    • Use a VPN for external endpoints.
      • OpenVPN with a UDP tunnel works great for VOIP.
  • Layered Security
  • Fail2ban - monitor logs then bans ip addresses for those that are found in the log to be abusing the system.

FreeSWITCH

  • Disable the FreeSWITCH modules you are not using. Below is a list of modules not currently being used. This list is not comprehensive. In FusionPBX the modules are found in the menu in system -> modules.
      • xml rpc (not currently used by FusionPBX)
      • xml curl
      • httapi
  • Fail2ban - use it to watch FreeSWITCH logs and ban