[App_rpt-users] Security Issues

[Robert A. Poff WB3AWJ]

And of course, simple things like: 

Don't allow the root user to login via ssh. Hey, doing the su/sudo thing from a different login account doesn't take all the much time. 
Change the ssh port to something oddball. I've even stopped using 222 as it's somewhat common. 
When setting a password, if it tells you it's in the dictionary, use something else. No matter how "cool" or "easy" it is. 
At the very least, close off ALL the normal SIP ports. If you MUST use SIP for some god forsaken reason, move it to oddball ports. 
Consider moving your IAX port to something non-standard. 
Even with a router with appropriate security, I've considered putting up an RPi as a site SSH gateway. So that the Asterisk boxes are only exposed to the outside world on the IAX port. Forward whatever port I'm using for SSH to the RPi, log into it, and from there to the other machines at the site. Might even be a convenient place to run AllMon.... 

Why do I say all this..... I violated all of those suggestions due to over confidence, and laziness. It took them several years, but they got in. At first "all" they did was disable cron, and later remove it. Further on, they changed the root password. Still not sure what they were up to. They did nothing to Asterisk. When building the new machine, I took better precautions. 

In the long view... it's kind of like what a cop told us when he came to investigate a break in at our club site years ago. 
"You can't keep them out. So do all you can to slow them down.... 


Robert A. Poff 
Loganville, PA. 

1983 Hunter 34 
Havre de Grace, MD 

"Lieutenant, target the offending power boat and launch photon torpedoes" 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20140925/47982098/attachment.html>