Security issues with Port 5038

citapinc · July 28, 2011, 6:13pm

We recently moved our PiaF server from a local computer to a hosted server due to the expansion of our company.

However in order to have our TAPI drivers work properly, I need to expose port 5038 to the outside world.

I have changed the password within manager.conf so it’s not the default password.

My questions are:

What issues can I encounter by simply exposing port 5038?
Can someone hack into our system using port 5038?
All of our remote offices use Dynamic IP addresses but they all have a unique no-ip dynamic DNS name. Is there a way to just allow these DDNS ip addresses?

Thanks!!!

Dean

obelisk · July 29, 2011, 9:39am

You should check AST-2011-006, AST-2011-005 and AST-2011-003
Manager credentials are sent in the clear, so you should be using VPN.

citapinc · July 29, 2011, 4:18pm

Using a VPN would not work in our case because our remote users are already VPNing into our server in the main office.

Is there a way to setup the CentOS firewall so it only allow connections from our offices and not from anywhere else? Or should I try to get the deny/permit options working for that?