In addition, Port 10000 is used for webmin (a tool that can be used to make substantial configuration changes on your machine using a web browser). Even if they don't succeed in obtaining a valid password, they can interfere with legitimate users (or crash asterisk) and thus cause your PBX to become inoperative. If these hacking attacks succeed in obtaining a valid user/extension number and password, the hacker can use your system to place calls at your expense. Port 5060 is widely used for VOIP services, and there are a number of hacking programs in the wild that scan for computers that have port 5060 open, and then attempt hack into any available PBX. Third, you may wish to consider changing the default SIP Signaling Port from 5060 to an alternative. A strong password is composed of random letters (upper and lower case), numbers, and symbols, and is at least 15 characters long. Second, make sure that all of your extensions are secured with a strong password. Fail2Ban is a program that monitors your PBX logs and temporarily bans people who are attempting to guess the passwords. IPTables is a firewall and can be configured to only allow certain traffic into your PBX. Before you begin, you MUST IMPLEMENT several security measures.įirst, ensure that IPTables and Fail2Ban are installed and properly configured to protect Asterisk and FreePBX. If you can access your system from the internet, so can anyone else. Secure Your SystemĪnytime you access your PBX using a remote extension, you are exposing your PBX to the public internet. In order to accomplish the above we need to apply some configuration information into FreePBX, some Asterisk configuration files and on your firewall/router. Configure the Extensions for External Use Forward the required ports from your firewall to your PBX Configure Asterisk so that it knows which IP addresses are inside your network and which ones are on the public internet Ensure that your PBX is as secure as it can possibly be The four key considerations in setting up remote extensions are: This article does not address the potential security implications involved in such a setup. If you are relying on this article to set-up your system, DO NOT place your system on a public IP address or a DMZ zone. This HOWTO assumes that your FreePBX system is sitting behind a NATed firewall with no direct connection to the outside world and it is NOT in the DMZ zone. conf files may now also be found within the FreePBX GUI. Some of the settings that required manually editing. The screenshots shown reflect a much older version of FreePBX. However, the layout of FreePBX has changed dramatically since this guide was written, and so you will have to search in order to find the correct location for the settings. The concepts and specific settings are still correct.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |