Advanced Network Security Mitigations

[devopsec]

Right now dSIPRouter implements basic security best practices for networking security but at the current state it is BASIC.
We should gradually more towards more active mitigation such as blocking malicious User Agents, filter on blacklists and whitelist via secfilter module, providing false positives / false negatives for network scanners, DDOS mitigation, SQL injection mitigation, etc...

The kamailio docs provide a good starting point:
https://www.kamailio.org/wiki/tutorials/security/kamailio-security

A list of ways we could implement such mitigations:

• block malicious User Agents at fierwall
• implement blacklisting / whitelisting in secfilter module (or in firewall)
• make firewall return random results to port scanners
• implement topology hiding via topoh module
• switch to XDP/eBPF-based firewall for DDOS mitigation
• perform quarterly / semi-annual code audits to catch insecure code

We should get this on the roadmap, a lot of these security resolutions can be tied into upcoming events on the roadmap, such as:

• refactoring the GUI/API code base
• full B2BUA support
• moving other HTTP services to NGINX sever
• etc...

[devopsec]

Looking for feedback from the community on what features we should focus on here..
The APIBAN / Fail2Ban / FirewallD integrations have had some success.
What are the threat models and attack vectors everyone is planning against?
What solutions are being used currently that we could integrate into the platform?