As I have already written, fail2ban is an excellent tool to fill the gap between layer 7 exposures and layer 3 controls. One of the most common configuration you will need to do is the SSH protection against brute attacks. Some security experts recommend moving SSH out of port 22/tcp, but in my opinion, that is not a good idea. You are just filling a hole by doing a new one. Anyone can do a port scan with Nmap and find the new port.
Because of this, I will give a recipe here. Note that I have tested without using the firewalld daemon.
For some quite time, I have been visiting Packt to get a new eBook each day. Books are related to IT in the cookbook way. You can download them as PDF, ePub or Mobi format. I always download the ePub format and upload it into Google Books.
These days, VoIP is very complex. It is hard for some people to make a difference where some elements start their role and when others end it. This is the case of provisioning; provisioning is the fact of letting the SIP Endpoints to pull the needed information (SIP credentials, contacts, buttons actions and more).
Usually, an IP telephone tries to pull the information using a file storage protocol like FTP, TFTP or HTTP. HTTP (or HTTPS) is the most common. I will talk about it because FusionPBX supports it out of the box, however, you are free to use whatever you want. This call depends on your IP phone brand.