lightning sysadmin miniconfs

| No Comments | No TrackBacks
Alistair talked about password security with samba and pam.  He installed libpam-samba. This allows samba client machines to do password changes. For password verification you can use sambas policies, but they default to only requiring 5 characters. Basically he just wanted to annouce he's going to file a bug report in debian. Yipeey.

Steve is talking about Enterprise File System, openefs. openefs.org. This is an approach to deploying applications to thousands of hosts, instead of doing package development. It sets up a global /efs name space, and appears to deploy software into a managed namespace underneath that.

Stuart Low is talking about iseek communicatinos, building an ISP using OSS. 99% of their server environments is Linux based. Termination of customers (ie PPP trafic, or DSLAMs into a LAC) is done via cisco gear, such as the CIsco 720 PPP. They have come up with a solution that uses a linux cluster with L2TPNS. http://l2tpns.sf.net/ It was originally written by two optus engineers in mid 2004, and was stable in 2006. iseek is now the developer for it. L2TPNS includes Walled-Garden support, and multicast radius blah.

Craig is talking about defending voip. He says they are always trying to attack you all the time. It's a big business. He suggests don't let udp port 5060 through, as you probably don't need to be allowing SIP on the internet. Consider requiring SIP phones to VPN in. If you do need to be on the internet you must use strong passwords. You should use fail2ban or similar to react to multiple failed attempts. (You should whitelist your office network). There is a iptables rate-limiting module, such as http://bit.ly/sipdos. The script works well for other protocols. Consider limiting the number of simultaneous calls on your trunks. Asking your telco to block all international calls (and get that in writing/email, so you don't wear the cost if they forget). Craig showed a picture of a very large stack of paper, which was an itemized bill for a one month of sip attack. Craig works for netsip.com.au.

No TrackBacks

TrackBack URL: http://geoff-blog.cromp.id.au/cgi-bin/movabletype/mt-tb.cgi/114

Leave a comment

About this Entry

This page contains a single entry by Geoff Crompton published on January 25, 2011 3:47 PM.

DNSSEC at Mozilla was the previous entry in this blog.

secure gateway is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Pages

Powered by Movable Type 4.23-en