Com.X Administrator Guide
Page 139
3.15.1 General
•
Ensure that access to the unit is restricted. Install the Com.X in a secure
server room or locked cabinet. This prevents unauthorized access to the unit
using the serial port or USB keyboard, as well as physical damage to the unit
or its power supply.
•
Change the default password for the comma user.
•
Regularly check the system log files for unauthorized activity (
/var/log/auth*
and
/var/log/syslog*
)
•
Use strong passwords.
•
Regularly backup the system configuration and important data.
3.15.2 Network
•
Preferably allow remote (external) access (VoIP and data) to the Com.X only
by means of a Virtual Private Network (VPN)
•
Configure the Com.X and telephony devices (e.g. iTA or VoIP phones) on a
separate network partition on a managed switched, or a physically separate
network.
•
Assign IP addresses and services on the VoIP network based on a white list
of approved MAC addresses.
•
Place the Com.X behind a firewall.
•
Perform port forwarding on a non-standard port to port 22 on the Com.X for
SSH access. Tunnel HTTP access through the SSH connection.
•
Limit administrator access (SSH and web GUI) to a white list of MAC
addresses, IP addresses or networks.
•
Activate fail2ban (please see section 6.16)
3.15.3 VoIP
•
If the Com.X is accessing external VoIP trunks via a NAT router/firewall, no
special port forwarding is required. If external VoIP agents (e.g. SIP phones)
need to access the Com.X, forward only ports 5060 and 10000-20000 to the
Com.X for VoIP control and voice communication.
•
Configure the firewall to block all incoming VoIP traffic except that from a
white-list of remote extensions.
•
Ensure that all VoIP extensions and trunks have strong (generated)
passwords, different from the extension number.
•
Activate fail2ban (please see section 6.16)
3.15.4 PBX
•
Change the Com.X GUI password from the default.
•
Log the PBX console messages to /var/log/asterisk/messages and monitor
this periodically. A large number of rejected VoIP registrations may indicate an
attack on the system.
©2010 –
2016
Far South Networks
Содержание Com.X
Страница 34: ...Com X Administrator Guide Page 34 Figure 26 Global Settings 2010 2016 Far South Networks ...
Страница 99: ...Com X Administrator Guide Page 99 3 7 4 2 Advanced configuration 2010 2016 Far South Networks ...
Страница 110: ...Com X Administrator Guide Page 110 Figure 92 SIP trunk basic configuration options 2010 2016 Far South Networks ...