Once our system is physically protected, we will cover the most important facts and give recommendations for securing our system at software level.
Use VLANS to separate the voice traffic from the data traffic.
If convenient, set a password for the BIOS. This action will prevent any user from modifying our system's hardware, or changing the booting options.
We recommend setting a password in the
/etc/grub.conf
file to prevent users from modifying Linux's kernel options and booting the system into Single User Mode. More information is given here: http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s3-bootloader-grub.htmlAvoid the use of the user root when logging in remotely via ssh. Create a user and a password with the
useradd
andpasswd
commands.Edit the
/etc/ssh/sshd_config
file by changing the PermitRootLogin yes option to PermitRootLogin no. Reload the ssh service after saving the changes with the service...