Https provisioning over Internet warning


(tato386) #1

In the firewall/extra services screen under http and https provisioning settings there is a note that says: “It is NOT ADVISED to expose this port to the public internet, as SIP Secrets will be available to a knowledgeable attacker”. I totally understand this for http but what exactly is the risk if using https with valid cert, strong pwd, etc?

Thanks
Diego


(Lorne Gaetz) #2

If you’re using strong Apache credentials, then the risk is very low. A suitably configured fail2ban (such as is done with System Admin) will block anyone attempting to brute force it.


(tato386) #3

That’s what I was thinking. Thanks for the feedback!

Diego


(Jared Busch) #4

You must have the purchased version of SysAdmin in order to get the ability to require credentials for HTTP(S) provisioning.


(system) closed #5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.