Ron Blizzard wrote: > On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis <brian.mathis at gmail.com> wrote: > > >> "Not connected to the Internet", and "not connected to a LAN" are very >> different things. I doubt VOIP would work if the server was not >> connected to a LAN. There could be quite a few things on the LAN, >> depending on it's size, such as viruses, malware, and even users doing >> scans of the network. Don't assume that "out there" is insecure, and >> "in here" is secure. That's one of the biggest mistakes to make when >> creating a secure environment. >> > > You're right. I was thinking like a phone tech -- that the VOIP > system's wiring was still separate from the regular LAN. > > Just to set your minds at ease (or not). I have a separate D-Link switch that does PoE (to power the snom phones) and vlans and set it up so that all the phones are on one vlan called VOIP. The * server single eth0 is also on this vlan, but does also belong to the rest of the office on another vlan called LAN. So - the snom phones (linux based) can only see the * server. The * server can see the rest of the LAN - so in theory anyone on the local LAN can scan and see the CentOS based * server. We are however a very small office and I get to see all connected PCs in action. As I have some questions about SIP security I was not prepared to have the snom phones in any way being accessible to / from the LAN (let alone the internet). Tks for comments and suggestions. Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 121 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20091001/b803b5a9/attachment-0005.vcf>