Attackers are clients.
And my read is that the clients will need to verify the server’s cert before being allowed access.
Verifying the client is much more (if not totally) secure but it takes a lot more effort to upload your certs to all the allowed client endpoint on and off line , further complicated as you need to that every-time the cert is updated or compromised.
gonna be “That Guy”, but why the everloving ($#&$( are you opening your PBX to the internet at large?
SangomaConnect is a softphone. you can easily set up a VPN (such as OpenVPN Cloud) to allow remote users to Safely authenticate and connect to your on-prem PBX without opening it to the wild wide world.
Do you use Sangoma Connect?? This is a requirement. No, a VPN will not work. It requires you to open ports… Outside of Sangoma Connect, there is no reason to open any ports…
I will admit, i do not.
because that sounds like a Horrible implementation and a terrible way to do network security.
Grab a better softphone?
Sangoma Connect is a mobile soft client. While can you can use a mobile vpn client to register Sangoma Connect to avoid allowing untrusted access to signaling ports, I’ve yet to encounter an end user who’ll tolerate such a configuration, and in my experience vpn clients on mobile are a battery drain.
3 Likes
Only TLS requests are being listened to on port 5061 on the pbx, the firewall is working, fail2ban is working, try as they might they are not getting in.
Attack all you like but it’s pointless……
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.