I agree.
While I am a believer of turning off any service you do not use, it
is not quite that simple with CGP. Simply turning off a service (or
just the listener for that service) may in fact impact you in areas
you did not expect. I regularly read through the logs and add IPs to
denied IPs. I look at what service they were trying to access and
determine whether I can turn it off or not. In the case of the SIP
listener, I had frequently seen access requests. Simply turning this
service off may have caused other issues I am unaware of, hence the
original question.
The thoughtful answers persuaded me to disable the listeners instead
of the service. I have not seen any problems so far.
On 14/06/2016 12:52 AM, James Roman
wrote:
That is a fine strategic objective, however the
complexities of developing a comprehensive security plan for a
server that supports as many protocols and is used to facilitate
communications between a broad and sometimes differing audiences
for each of those services normally requires a bit more
consideration than the binary "turn it off if you’re not using
it” decisions. Many of the questions fielded by this list are
submitted by individuals who may have never had to protect such
a robust system. Securing CommuniGate presents some unique
challenges compared to any other communications platform I have
ever supported, primarily because the application is so robust
that I am not encouraged by resource needs or license structure
to spread the services among multiple servers, which might allow
me to more easily focus the security plan to just one or two
services at a time.
When you do decide to offer one of the many
CommuniGate services to your users, you are often challenged
with a decision about where to enforce the security for that
service. What is nice about this solution is that it nicely
provides a way to add a layer of protection across all the
services offered by CommuniGate, which may be easier to
implement when you have an environment with multiple firewalls.
Subject: Re:
Spamhaus DROP. Re: SIP attacks
Date: June 12, 2016 at
9:36:46 AM EDT
I think the biggest takeaway lesson from this
is
1) If you are not using certain features, turn
them off
2) Put some sort of firewall in place between
your server and the world to control ports if you are
too lazy to turn off those unused features.
Robert
On Sun, 12 Jun 2016 14:09:43 +0300
"Technical Support, Stalker Labs" <support@stalker.com>
wrote:
Hello,
On 09.06.2016 11:39, Gib Henry wrote:
You might consider using the Spamhaus DROP
and EDROP lists
<https://www.spamhaus.org/drop/>.
They eliminate a great deal of spam
and probably a lot of those SIP fishing
expeditions.
I think it
should be a good idea to add these lists to
CommuniGate's "Denied IP Addresses" and update them
regularly; so I wrote a script to automate that, see
"spamhaus_drop.sppr" in <http://www.communigate.com/ScriptRepository/>
--
Shaun
Fitzroy Island <http://www.fitzroyisland.com>
Destination Darwin NT <http://www.destinationnt.com>
MOM Backpackers <http://www.momdarwin.com>
Value Inn Hotel <http://www.valueinn.com.au>
Please do not send any unsolicited email. It is not wanted.
|