vicidial.org

[B.lee2]

...for other people?

I can install vici but I must admit I don't have a lot of experience espescially in linux security. Plus my knowledge of networking is kind of limited, I know the basics but I don't know how to program a cisco switch or router.I can get people who can do it for me, but it's really not my forte.

I have confidence in my sales ability, that's not the problem. I know people in telemarketing that even if I setup something really basic without a PBX or fancy features, they'll be real happy. Simply because they don't know squat about computers.

I can follow the instructions about hardening vici on this forum,

but to paraphrase Donald Rumsfeld

beyond this, "I don't know what I don't know".

So what should I be really be comfortable in before doing this for other people? And (most importantly) how can I cover my behind if something goes wrong or some superhacker for some reason gets past the switch/router security and start messing around the LAN?

Honestly, I kind of like goofing around with vicidial, I am considering it as a sideline but I just want to know if it's something that I can realistically pursue or if I have the time to do so

[Vince-0]

As with any F/LOSS project, get budget to include commercial support. That way you have an escalation point if you get stuck. Get the manuals, especially the manager's manual for functionality.

Core competencies should include Asterisk troubleshooting, security as well as MySQL scaling troubleshooting. The easiest way to get hacked is to have an open Asterisk server exposed to the Internet and so your SIP accounts will start being brute-forced - get to know your firewall/network, logs and fail2ban.
You should be comfortable with backups and restoring so that you have something to fall back on should there be a problem with the data.
--
Vin

[williamconley]

Security is simple: Whitelist access. This requires closing all the ports opened by the installer (yast firewall, be sure to close the individual ports opened in "Advanced"). Then you add "approved IPs" in the "custom" section. At that point, only users with authorized IPs can SEE the server. It is also a good idea to use the configuration files to disable PING and port 113. I've posted these instructions a few times.

We also have a product called "Dynamic Good Guys", which we need to sell only one more time before we have our investment back and can release it to the Vicidial forums. We'll give a copy to Kumba and see if he will include it, but our installer is fairly simple to use even if it isn't included. This app allows easy addition of IPs to the allowed list as well as "Dynamic" remote agent access with a (required) special link (Ideal for iPad access from Starbucks as well as home-based agents whose IP address changes regularly).