TIPS Freepbx security measures

Thanks for the tips and yes, I am monthly refilling SIP prepaids, however I was considering some trunks that are postpaid.
Would a VPN between server and client be the ultimate safe solution?
 
If it were me doing it, I would do it the following ways in order of preference:
1) Firewall/Router to Firewall/Router VPN(site to site)
2) Client to Router (road warrior style) VPN
3) Client to Server VPN
4) Firewall/Router NAT with whitelisting ACLs
5) Server with IPtables Whitelisting. *

The Firewall/Router can be another Linux, I just prefer 1 layer of separation between the Internet and the service provided (DMZ style)

* The trouble of server whitelisting:
Imagine if you were playing around with the server, and something went wrong with IP tables? your directly attached server would be naked to the internet.
IP tables has an extremely stupid policy of being fully open by default, so if you have a configuration file error, it fails unconfigured and OPEN... sigh.
With a separate server running IP tables acting as a NAT firewall however, it would fail open.. but also *without* NAT, and thereby protecting your internal assets.
 
You must log in or register to reply here.

Members online

Total: 77 (members: 1, guests: 76)

Latest Posts

Forum statistics

Threads
26,687
Messages
174,411
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top