I have a question about Asterisk security.
If Asterisk and the telecommunications company connect using the SIP trunk method and
only use the SSH port,
If I do [transport-udp]
bind = 200.200.200.200:5060
, wouldn’t it be impossible to connect except for calls from the telecommunications company?
And if I connect using the authentication key method instead of the ID/PWD method for SSH, do I not have to worry about security?
I will only open 5060 and 22 (ssh) on the firewall.
Good choice, but anything that can reach 200.200.200.200 is something to be concerned with. You can further limit things if you know your telecommunications company IP(s).
Maybe semantics but please accept the advice to be concerned about security as long as you run this system – the subject is often said to be more of a process.
Opening 5060 and 22 to the world is probably not what you want and almost certainly not the best course of action without several more mitigations in place eg. fail2ban, hardware firewall, IP ACLs for your region, rate limiting, more sshd.conf adjustments, etc.
Overall, there is more you can do here. The related Important Security Considerations in the Asterisk documentation cover more topics and offer some videos.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.