Secure FusionPBX on Debian

[Fede]

Hello everyone! I'm new here to using Fusionpbx.
Although I am aware of the risk of keeping door 5060 open on the internet, I would like to discuss with you how to best protect it.

Unfortunately for necessity I need to keep the door open and connect many users from zoiper or from unknown networks (smart working).

However, in a few days I would like to avoid finding everything compromised.

So if you like, tell me the additional steps you have taken to secure the system!


Thanks a lot and have a nice day!

 

[Adrian Fretwell]

We could write a whole book about securing a hosted PBX, so it is very difficult to answer your question with a simple forum post, here are a few pointers...

By default FusionPBX protects itself quite well, but improvements can be made, this is true of any system and often what you actually do will depend on your specific requirements.

You need to build an understanding of firewalls, specifically Iptables and fail2ban. Your basic IPv4 firewall rules are located in /etc/iptables/rules.v4. Configuration for Fail2ban is found in /etc/fail2ban.

Fail2ban local rules are found in /etc/fail2ban/jail.local. You will see that some of them are commented out, I tend to enable them all, but again, it will depend on your specific requirements.

Having port 22 (SSH) open to all can be a potential security problem if not managed correctly. With the FusionPBX default installation, login failures for SSH are monitored by Fail2Ban but if you don't need port 22 open to the world then restrict it to your (or your businesses) IP address.

I hope that helps a little.

 

[Fede]

Thanks a lot for your reply!