We are a bit worried about vb having port 10000/4443 open to the world and wonder how this is secured? Can someone point us to a document describing how this works?
Why are you worried? RTP media expected in thoe ports, protectd with DTLS-SRTP. What threat model do you have in mind?
Thanks for the DTLS-SRTP hint. I’ll read up on that.
I’m worried about DDOS and any kind of exploiting the server. We want to run a setup for corporate only.
We haven’t seen any problems of that sort and have been operating a production service for years, FWIW.
Under the default Jitis model, you’re in charge of securing the server. I highly recommend using fail2ban on ssh (and prosody if you’re using host authentication). For assistance with the latter… Fail2ban with Prosody