Re: [asterisk-users] Securing Asterisk

Thu, 28 Jul 2011 13:50:36 -0700 

On 7/28/2011 11:31 AM, Bruce B wrote:

Hmmm, if alwaysauthreject is already breaking RFC rules then why not
break another rule for the greater good? It would only add another layer
of security.

Maybe: *alwaysregreject=yes*
*
*
*To drop SIP packets for both unauthorized registers and anonymous
calls. Keep it off by default and then allow users to turn it on if they
want to.

To be fair to OP, using Asterisk with open ports to the world is a legit
use of Asterisk even if most of us don't employ it that way or use it
solely with closed networks (VPN, etc...). There are many people who
would benefit from a security feature that would simply ignore
unauthorized registers and anonymous calls.

OP is suggesting an improvement to Asterisk; maybe people should weigh
options and see if it's time to act more on the security side or not.
There is no question that if a hacker knows there is a SIP server then
they will keep the IP on the list for later use or share it
with colleagues even if it seems secure right now. A DDoS is always a
possibility and that you can't save yourself from at all.

Right now the situation is more like this:

*Knock Knock:*
*Owner: *Whose there?
*Thief:* This is Mr. X from China, and I am here to steal your TV.
*Owner: *Hi, I am James Smith, 45, 190lbs and I have a nice laptop as
well but I am home now and I can't let you in.
*Thief (laughing):* No problem, I will come back at midnight when you
are sleeping :-)

- Bruce
What I didn't tell you Mr thief is I sleep very lightly, Have a shotgun, a shovel and 20 acres of back yard and I know how to use all three!
Why is there such an aversion to using the right tool for the job? Asterisk is not the security tool it is the voice tool! 

JohnM


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
              http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to