On Fri, 6 Feb 2015, rnewton wrote:
I used MAC addresses as that is what we use as an example in our
security best practices document:
http://svnview.digium.com/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt?view=markup
Perhaps this is a moot point. SAC's Asterisk system is behind NAT and
firewall, so we could change the spec to specify that IT has locked down
traffic between Asterisk and the public int ernet to only allow inbound
traffic from the ITSP addresses.
Or, on Asterisk we can use ACL's to limit traffic allowed to the
internal network and ITSP addresses.
With either of those approaches we should be able to use the less secure
extension numbered auth users.
What would be the issues either of these approaches other than an
attacker on the internal network?
The issues are when some admin (through ignorance or mistake)
misconfigures something that lets the 'default' configuration be
exposed. Think security in layers. Each layer (OS, Asterisk, firewall)
should protect itself as best it can.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev