[SR-Users] Security hygiene for Kamailio

Hi all, we all enjoy our FAIL2BAN and snippets of our Kamailio config when we see it successfully fight off the "friendly-scanner", and multiple futile attempts to fool our systems. But it got me thinking… What is a sufficient level of security on our Kamailio machinery… ? Are we all just doing whatever, or is the nature of the beast, that every setup is different? Eventually while having a beer, we will end up in the discussion Kamailio is as good (and even much better) as most of the commercially available SBCs. But, imho, that all depends on the configuration. There are a few good reads available, and on the security front I personally love Pike, Topoh, Dnssec, Htable and recently I think I'm doing rather clever stuff with CNXCC… And I do feel comfortable on my setups, them won't be hacked… But do we have a-sort -of stake in the ground example configuration which we can consider as being more than sufficiently secure? Some config where we can tick off all the known security risks for SIP (as chapter 26 of rfc3261 gives a state of the art back in 2002) Or would that be a nice idea for a micro project? Grtz, Davy