Difference between revisions of "Security"

From FusionPBX
Jump to: navigation, search
(General)
(General)
Line 4: Line 4:
 
* Limit Exposure
 
* Limit Exposure
 
** Use FusionPBX/FreeSWITCH behind a firewall.
 
** Use FusionPBX/FreeSWITCH behind a firewall.
** Limit ports exposed to the Internet.
+
===Firewall===
 +
Limit ports exposed to the Internet.
 +
====Ubuntu====
 +
* [[Ubuntu_Firewall]]
 +
===VPN===
 
** Use a VPN for external endpoints.
 
** Use a VPN for external endpoints.
 
*** OpenVPN with a UDP tunnel works great for VOIP.
 
*** OpenVPN with a UDP tunnel works great for VOIP.
* Layered Security
+
===Layered Security===
* Fail2ban - monitor logs then bans ip addresses for those that are found in the log to be abusing the system.
+
====Fail2ban====
 +
monitor logs then bans ip addresses for those that are found in the log to be abusing the system.
 +
* [[Fail2Ban]]
 +
For information about Fail2Ban on FreeSWITCH, [http://wiki.freeswitch.org/wiki/Fail2ban see their wiki]
  
 
==FreeSWITCH==
 
==FreeSWITCH==

Revision as of 14:05, 1 October 2012

A place to share security best practices with the community.

General

  • Limit Exposure
    • Use FusionPBX/FreeSWITCH behind a firewall.

Firewall

Limit ports exposed to the Internet.

Ubuntu

VPN

    • Use a VPN for external endpoints.
      • OpenVPN with a UDP tunnel works great for VOIP.

Layered Security

Fail2ban

monitor logs then bans ip addresses for those that are found in the log to be abusing the system.

For information about Fail2Ban on FreeSWITCH, see their wiki

FreeSWITCH

  • Disable the FreeSWITCH modules you are not using. Below is a list of modules not currently being used. This list is not comprehensive. In FusionPBX the modules are found in the menu in system -> modules.
      • xml rpc (not currently used by FusionPBX)
      • xml curl
      • httapi
  • Fail2ban - use it to watch FreeSWITCH logs and ban