VoIP and FreeSWITCH security is a multi-layered area. You need to take care of all and each of those layers, because it is the weakest link that defines the strength of the chain.
We will not touch here on the issues related to general computer security. We will focus instead only on specific FreeSWITCH and VoIP best practices. Please note that if you have root access to your server via the Internet with a password "12345678", all the following specific measures will do little good.
In this chapter, we will cover:
- Best practices to secure and protect FreeSWITCH
- Fail2ban configuration
- Encryption of SIP signaling, fraud prevention
- Encryption of RTP audio, privacy, and confidentiality
- Certificates in WebRTC and WebSockets (DTLS, mod_verto)
It's of paramount importance to update immediately not only FreeSWITCH, but all your software and your devices' firmware to the latest versions, as soon as they are released.
Specifically, pay attention to the new releases of phones' firmware; they close security bugs and add security features. When a new version of a software or firmware is released, the security bugs that are fixed become the "features" that attackers are looking for in systems that have not been updated.