Access from anywhere: securing FOP2

We have a customer that needs access to FOP2 from any public IP. They have been using Fonality's HUD and would like a similar experience..

Apart from strong passwords, what are the best practices for securing FOP2?

Comments

  • you can use https and strong passwords. You can limit access to /fop2/admin via .htaccess or similar as you might probably do not want access to the manager from everywhere.

    Best regards,
  • Try to use fail2ban if FOP2 write bad auth in log.
  • AFAIK FOP2 does not write bad auth anywhere. Does it?

    Also AFAIK, fop2 auth occurs over port 4445 so https would not encrypt those passwords.

    Thanks for great support as always.
  • FOP2 does write an audit log if you enable it via the -a command line parameter, including Bad authentication attempts. Try adding -a /var/log/fop2_audit.log to the startup parameters in the /etc/sysconfig/fop2 file if you want.

    As for passwords on the wire, they are hashed/encrypted, they are not transferred plain text.

    Best regards,
  • edited September 2020

    Hi Nicolas. FOP2 writes bad authentication attempts logs only for regular user https://mypbx.com/fop2 but not for admin user https://mypbx.com/fop2/admin

    Thanks in advance.

Sign In or Register to comment.