Hi all ,
some explain with examples for below 2 points .
Thanks in advance …
Allow only one or two calls at a time per SIP entity, where possible. At the worst, limiting your exposure to toll fraud is a wise thing to do. This also limits your exposure when legitimate password holders on your system lose control of their passphrase – writing it on the bottom of the SIP phone, for instance, which I’ve seen.
Make your SIP usernames different than your extensions. While it is convenient to have extension “1234″ map to SIP entry “1234″ which is also SIP user “1234″, this is an easy target for attackers to guess SIP authentication names. Use the MAC address of the device, or some sort of combination of a common phrase + extension MD5 hash (example: from a shell prompt, try “md5 -s
5 set5 a call limit on anything that isn’t logically a trunk
6 don’t make the authentication name you configure into your SIP phones be the same as the extension number you use forthem.
//6 don’t make the authentication name you configure into your SIP phones be the same as the extension number you use forthem//
practical examples really good
You need to understand what you are doing if you want a secure system. Following cook-book examples won’t achieve that. Following them exactly will make a very insecure one!
I agree david55,
but here is at least another example with some help
Really i did following already
Fail2 ban --Really i am addict in this application,not only Asterisk even for all my linux box .
So, i feel i am pretty much good shape .