Access from anywhere: securing FOP2

sub0sub0
in Support
We have a customer that needs access to FOP2 from any public IP. They have been using Fonality's HUD and would like a similar experience..

Apart from strong passwords, what are the best practices for securing FOP2?

Comments

  • nicolasnicolas
    you can use https and strong passwords. You can limit access to /fop2/admin via .htaccess or similar as you might probably do not want access to the manager from everywhere.

    Best regards,
  • AlexRSAlexRS
    Try to use fail2ban if FOP2 write bad auth in log.
  • sub0sub0
    AFAIK FOP2 does not write bad auth anywhere. Does it?

    Also AFAIK, fop2 auth occurs over port 4445 so https would not encrypt those passwords.

    Thanks for great support as always.
  • nicolasnicolas
    FOP2 does write an audit log if you enable it via the -a command line parameter, including Bad authentication attempts. Try adding -a /var/log/fop2_audit.log to the startup parameters in the /etc/sysconfig/fop2 file if you want.

    As for passwords on the wire, they are hashed/encrypted, they are not transferred plain text.

    Best regards,
  • JSANCHEZ1008JSANCHEZ1008
    edited September 2020

    Hi Nicolas. FOP2 writes bad authentication attempts logs only for regular user https://mypbx.com/fop2 but not for admin user https://mypbx.com/fop2/admin

    Thanks in advance.

Sign In or Register to comment.

© Asternic Corp 2024