When we designed our systems on asterisk we designed it to me multi-tenant.
Se we use customer prefixes on all extensions. This allows us to have
multiple customers using the same extension pools. It also reduces the hack
foot print as hackers must know the prefix for a customer to try and brute
force things. All passwords use 8+ characters with alfa/numeric and special
As I see it Asterisk does very good keeping out the hackers if you use a
solid design in your peer and dialplans. At the least put an alpha
character post or pre other wise you are just asking for it. Use your head
you can be smarter then they are.
We are looking into ipban as well. If any one has an example of ipban I
would love to see how best to implement it. In a 4 year period we have not
had a breach but we do get about 10 to 15 hack attempts a week. We have
blocking scripts that block ip’s at the primary firewall but I would like
to trigger the ipban at each switch level. Could I also use the ipban
method to trigger the audo updates to our primary firewalls? Any advice is