Hi everyone,
I have been tinkering with asterisk now for 3 weeks, and I have it working well so far. I just need to make some further changes to how it handles calls after hours etc.
I just want to check with you guys that have a better working knowledge and experience with asterisk to see if I perhaps missed anything security related.
This is what I have done to secure the system :
1 - Installed a firewall in front of the system, with port forwarding. I only allow port 5060 and the TRP ports I specified at 45000-45050.
2 - I have made sure that no other port is available from the internet. No web management, no SSH nothing.
3 - I have disabled wan ping so that it appears as it is a unused IP
4 - I use fail2ban with a very low threshold for errors (2 wrong attempts within 30 seconds gets you booted for 12.5 days. Any further failed authentication attempt gets you booted for 6 months)
5 - I have used long passwords for the extensions, as a example : 7hdf743df8yt3487g7fd87tf8423gtf342d and this is the shortest one used
6 - I have used different trunk names and passwords for incoming and outgoing calls (I have it working with 2 other Samsung PABX systems, all calling between each other)
7 - I have set the asterisk box to drop all packets not originating from IP addresses allocated to the country where it would work, in this case South Africa. All other packets from everywhere else would silently drop using iptables.
I have remote handsets that needs to register to the system, hence I could not cut access off completely.
I just need to know, what else should I do to secure the system?
I look forward to any feedback.
Thanks and kind regards,
Emil.