Ron Blizzard wrote:
On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis <brian.mathis@xxxxxxxxx> wrote:
"Not connected to the Internet", and "not connected to a LAN" are very
different things. I doubt VOIP would work if the server was not
connected to a LAN. There could be quite a few things on the LAN,
depending on it's size, such as viruses, malware, and even users doing
scans of the network. Don't assume that "out there" is insecure, and
"in here" is secure. That's one of the biggest mistakes to make when
creating a secure environment.
You're right. I was thinking like a phone tech -- that the VOIP
system's wiring was still separate from the regular LAN.
Just to set your minds at ease (or not).
I have a separate D-Link switch that does PoE (to power the snom phones)
and vlans and set it up so that all the phones are on one vlan called VOIP.
The * server single eth0 is also on this vlan, but does also belong to
the rest of the office on another vlan called LAN.
So - the snom phones (linux based) can only see the * server.
The * server can see the rest of the LAN - so in theory anyone on the
local LAN can scan and see the CentOS based * server.
We are however a very small office and I get to see all connected PCs in
action.
As I have some questions about SIP security I was not prepared to have
the snom phones in any way being accessible to / from the LAN (let alone
the internet).
Tks for comments and suggestions.
Rob
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos