Securing the server

arya6000 · **Joined:** Thu Feb 01, 2007 6:13 pm **Posts:** 67

Hello

I have A2Billing installed and I'm using DMZ on the router with no firewall. Is there any security risks without a firewall?

Thank You

JustMe · **Joined:** Wed Dec 13, 2006 9:06 pm **Posts:** 94

maybe a DOS attack on your sip ports from an unhappy customer?

microcosmic · **Posted:** Wed Mar 14, 2007 6:10 pm

i think the best way is using iptables.

if possible use suse 10.1 or 10.2 because of the apparmor.

just open port 80 (HTTP), 443 (HTTPS), 5060 (SIP), 4569 (IAX2) and the ports you need for SSH (do NOT use standard port 22) and maybe webmin (do NOT use standard port 10000).

then you can also install Suhosin -http://www.hardened-php.net/suhosin/index.html

crshman · **Posted:** Wed Mar 14, 2007 9:46 pm

Yes, if u are running trixbox there are quite a few security holes (the trixbox teams acknowledges this), however rightly so....their platform is designed to be deployed as a PBX which sites FULLY protected behind a firewall of some type....

microcosmic · **Posted:** Wed Mar 14, 2007 9:49 pm

hello crshman

can we hire you for a big project ? ;-)

crshman · **Posted:** Wed Mar 14, 2007 9:52 pm

Haha.....unfortunately i've been busy with stuff of my own lately (hence my lack of activity)...my latest task has been trying to integrate OpenSER and A2Billing seamlessly

xrg · **Posted:** Wed Mar 14, 2007 10:27 pm

crshman wrote:

..FULLY protected behind a firewall of some type....

I disagree.. You couldn't possibly fully protect (by blocking) some box until you actually pulled the network plug completely. Indeed, asterisk 1.4.0 suffered some SIP problem (security related - I won't go into details here)..
So any firewalls IMHO are useless: if you need some service, open its port, if not, just don't run the service! (some may also be configured only to listen on local interfaces/addresses)

Security comes when you carefully set up the linux box, you audit it and keep everything simple (so that it's easier to check). Then, you make sure you apply any patches once they come out.

crshman · **Posted:** Wed Mar 14, 2007 10:56 pm

By fully protected i meant from the big bad internet....any competent systems administrator would not have the need to firewall boxes on the corporate lan.....

gineta · **Joined:** Tue Dec 04, 2007 12:05 am **Posts:** 295

microcosmic wrote:

i think the best way is using iptables.

if possible use suse 10.1 or 10.2 because of the apparmor.

just open port 80 (HTTP), 443 (HTTPS), 5060 (SIP), 4569 (IAX2) and the ports you need for SSH (do NOT use standard port 22) and maybe webmin (do NOT use standard port 10000).

then you can also install Suhosin -http://www.hardened-php.net/suhosin/index.html

Hi now I am writing one manual for how to make the perfect centos and a2billing

and is very help full is you give me the correct setup for Suhosin and a2billing

thanks in advance

hellbound · **Joined:** Sun Aug 17, 2008 1:52 pm **Posts:** 93

hi,

have you written the guide for perfect centos?

Can I know where to read it ?

thanks

kingtux · **Joined:** Thu Aug 02, 2007 2:02 pm **Posts:** 26

Yes sounds interesting

provided by Star2Billing S.L.

Securing the server

Who is online