At 9:43 AM on 13 May 2008, Lee, John (Sydney) wrote: > In "The future of Telephony", it says "... We should also note for > security's sake you should always make sure that your [incoming] > context never allows outbound dialing. (If by chance it did, people > could dial into your system and make outbound toll calls that would > be charged to you!) > > The book was demonstrating using a PSTN environment and the > zapata.conf was something like: > context=internal > signaling=fxo_ks > channel=>1 > > context=incoming > signaling=fxs_ks > channel=>2 > > In PRI environment, does it mean that we have to purposely separate > the say ISDN 20 channels into [internal] and [incoming] as well? > This would not make sense to me as ISDN uses a one port card to > contain multiple channels while the ports of a say TDM400P refer to > each channel. > > If I just define a [default] context for a PRI environment, is this > insecure? > > Can someone please enlighten me on this?
In the example you quoted, channel 1 is an FXS port, which would be an internal extension--a phone--from which someone would be allowed to make an outbound call. Channel 2 is an FXO port, which is connected to the PSTN, and would take incoming calls from "the wild". So in that example, you wouldn't want the "incoming" context to be allowed to make outbound calls. In your case, I'm guessing all your Zap channels come from the PRI, which is connected to the PSTN. If so, then you're right--you just need one context for your zapata.conf which you would use on all your ISDN channels. Just don't let that context dial out. I don't know if you'd want to call that context "default"... because that one seems to be "special" in Asterisk. But maybe I'm just being superstitious. :-) -- C. Chad Wallace, B.Sc. The Lodging Company http://www.skihills.com/ OpenPGP Public Key ID: 0x262208A0 Debian Hint #14: If you would like to follow things happening to a package (for example, if you want to see bug reports, release notices, and other similar things), consider subscribing to it on the Package Tracking System. You can find out more about the PTS at: http://www.debian.org/doc/manuals/developers-reference/ch-resources.en.html (Section 4.10) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
