Hi all,
lately I read many articles regarding security of asterisk servers.
Almost everywhere it was advised to have asterisk behind NAT which is not usuable for MTE.
MTE needs to have public IP and at least ports 5060 for SIP and for example 10000-20000 for RTP opened. Isn't this insecure?
How do you deal with this? Does all your customers have static IP and you setup separate rules in firewall for every customer?
Please let me know.
Thanks
Peter
Submitted by eeman on Tue, 10/20/2009
Permalink
SIP behind NAT is NOT recomended by digium. those articles you read are not the opinion of digium. For MTE I just leave port 5060 udp and 10000-20000 udp open. The only security you have to worry about is remote crashes or brute force attempts at login credentials. Keep up with changelog to see if new updates address security issues and if you are doing flow collecting setup traps to notify you of repeated authentication failures.