On 11-07-26 02:33 PM, Bruce B wrote:
I would have to err on the side of CDR to say that the only difference in
analogy you provided (SSH vs Asterisk) is that people lose much more
$$$$$$$$ in VoIP than they ever did in SSH hacking. So, if this is an
exceptional case bending a rule or two of RFC in favor of security won't
harm specially if it's provided as an option. After-all, RFC does stand for
Referral For Comment as in always open to be improved. Secondly, there is no
trade off with the responses as local and private IP networks are well know
from the public range so the option for such a security measure can be tuned
to be smart to that end.
The only thing I like about MS OSs is that it's secure out of box and that
is really what a Linux OS should be as well but it's not and so it's not
solely Digium's issue and I see your point giving the analogy.
I think it's a good idea if such a security "option" is provided by default
in Asterisk knowing it can save a lot of headache. If budget is an issue
maybe make it a bounty and watch support pouring in...........
ProTip: Nothing is 'secure out of box' and believe this marketing
tag-line only provides a false sense of security.
Even if the community does as you ask, it would not guarantee security.
Good security required upkeep and maintenance.
As an example, what version of Asterisk are you running on your
production sites?
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
