Security
This section provides general security recommendations for your JeraSoft Billing installation. These measures should complement your organization's existing security policies. Since network environments vary, adapt these guidelines to fit your specific requirements.
Firewall configuration
Start by configuring the firewall (typically using iptables). Adjust the configuration to match your network policy, including the following:
- Allow access to ports
tcp/22andtcp/443exclusively from trusted IP addresses. Include following addresses for JeraSoft support team access:178.63.67.91/3234.22.222.43/32
- Grant access to ports
udp/1812,udp/1813andudp/5060from the IP addresses of your equipment, such as switches, SBCs, gateways, etc. - Ensure that ports
tcp/22,tcp/5432,tcp/6379andtcp/873are accessible across all JeraSoft nodes for synchronization purposes. - If utilizing the Client Portal, open ports
tcp/9080andtcp/9090to public.
Adjust these settings according to your network policy and security requirements.
SSH access
For better security, disable root user login. Instead, use individual accounts for each user with sudo privileges when necessary.
For JeraSoft support and upgrades, maintain a dedicated jerasupport account with a strong password. We recommend disabling this account when not in use.
Web access
We recommend disabling the admin account in the web interface. Instead, create individual accounts for each user with appropriate permission levels.
For JeraSoft support and upgrades, maintain a dedicated jerasupport account with a strong password. Disable this account when not in use.