Every now and then I hear questions on how to secure servers and especially how to secure voice traffic. We hear lots of myths from our customers :).

Most people feel more secure if they have a simple firewall installed.

While firewalls are good, having a firewall to protect closed ports usually doesn’t help. I mean for VoipNow you will probably leave opened all ports for VoIP services and close most of the others. My question is: what is the point of doing this at server level, if the ports are closed anyway? This makes sense on a consumer desktop, but on a server it usually does not help much.

Always close unneeded services! If you want to use a firewall, use it the smart way. Enforce rate limitations per IP, restrict access to specific services from IP, block malformed packets.

Always keep your server updated at the distribution level and for any other 3rd party software you might have installed.

Third party software is sometimes the Achilles’ heel, because it’s not updated by the OS update manager. Also, packages compiled from source are pretty hard to track, that’s why it’s a smart move to use RPMs or any other form of package management offered by the OS.

Don’t log in as root and never allow root login on the server.

While I agree that 90% of this is true, there are some cases (like when you’re asking for help from the support team) that would delay the actual support process and most of the times it’s even less secure. The reason is that most people scared of direct root access usually log in with a user having a very weak password. Do you really think that someone will be able to break into your server using an unknown SSH key? It’s much easier to brute force the password for user “supportteam” or “support” and then to use the same password for sudo.

Limit the number of users, if possible permit only key based access, and if you don’t need to access your server from any location, limit the SSH access using the firewall. Also, limit the number of attempts to prevent brute force attacks.

My server is behind NAT because it’s more secure this way.

NAT is desired on some cloud deployments, due to management issues. But from the security perspective, NAT is just a statefull firewall with IP translation; it’s no better than a simple firewall. Keeping your server behind NAT with all ports opened is actually a recipe for disaster. NAT brings some complications on the service level, therefore it must be avoided.

I want to create secured tunnels on my server to provide a secure connection to my customers.

Secured tunnels are a good idea. The only problem I have with this approach is that you should never do it on the server you provide services from :). Put a router/server in front of your VoipNow server and one on your client’s network to create secured tunnels. This way, the tunnel can be used by your entire infrastructure and you do not over-complicate your setup.

Securing signaling and media traffic with SIP TLS + SRTP is a good choice also, unfortunately there are lots of issues with devices implementing the standards in different ways or incompletely.

One more thing to consider is that not only connections between you and your customers must be secured, but also between you and your carriers. At some point, 99% of the calls are unsecured, depending who’s trying to listen.

In the end, I only have a few simple advices for you:

Keep it simple. If it’s too complicated, then most likely you’re going to make a mistake at some point and mess it up even harder.
Don’t do it just because a guy on a forum recommends it. Try to understand the reasons behind and always ask for a second opinion.
Never assume your system is safe. Most likely it is not. Check it periodically. And always keep logs. If you ever get hacked, at least you’ll know who they did it (and maybe why).

[youtube]http://www.youtube.com/watch?v=gDmlld1TAQ4[/youtube]

And remember that safety does not really exist, it is mostly the short version of “feeling safe” 🙂 .