Agreed! sometime you just need to RTFM
~Benjamin On Sun, 2014-03-16 at 21:30 -0400, Kristian Kielhofner wrote: > "RSA" is secure. However, there are an unlimited number of ways to > mess it up. That's the problem. > > On Sunday, March 16, 2014, Benjamin L. Naber <[email protected]> > wrote: > RSA is used by some of the governments and top companies in > the world as > a means of security. > > if you are using Asterisk on the Astlinux box, then you should > have the > IDS and adaptive ban enabled to stop brute force SIP > registrations. > > Also, use security through obscurity, and change the SIP > control port to > something else other than 5060. > > ~Benjamin > > > On Sun, 2014-03-16 at 13:46 -0400, Kristian Kielhofner wrote: > > If that's your concern then the alternate methods of > authentication > > offered by IAX should be adequate. > > > > On Saturday, March 15, 2014, Michael Knill > > <[email protected]> wrote: > > Thanks Kristian > > > > > > Is it just the encryption that is not secure? If I > am not > > looking at encrypting media but using RSA for > authentication, > > is this also insecure? > > My concern is not call eavesdropping but instead > unauthorised > > use through SIP brute force registration. > > > > > > I would like to use TLS but my understanding is that > you > > currently cannot enforce client certificate > verification > > (tlsverifyclient=yes). Is this still the case? Do > any clients > > even support this? > > > > > > > https://issues.asterisk.org/jira/browse/ASTERISK-17856 > > > > > > The only option I have left is VPN really. > > > > Regards > > Michael Knill > > > > > > > > > > > > > > On 16/03/2014, at 3:41 AM, Kristian Kielhofner > > <[email protected]> wrote: > > > > > IAX encryption should not be trusted for anything > deemed > > > important. > > > > > > > > > Even basic reviews have uncovered several security > issues > > > and it hasn't been well studied beyond that. > > > > > > > > > If it must be secure use SIP over strong TLS with > good keys, > > > cipher suites, etc or use a VPN. > > > > > > On Saturday, March 15, 2014, Benjamin L. Naber > > > <[email protected]> wrote: > > > Not yet. > > > > > > I called the folks who make Zoiper to > inquire when a > > > feature like that > > > would be available, and it was stated they > are > > > working on it. > > > > > > Not only does IAX2 support RSA > authentication, it > > > also supports stream > > > encryption. > > > > > > > > > > > > On Sat, 2014-03-15 at 16:08 +1100, Michael > Knill > > > wrote: > > > > Hi group > > > > > > > > > > > > I have been looking at secure remote > telephony > > > access solutions for > > > > Astlinux. > > > > I found that IAX supports RSA > authentication which > > > looks great but I > > > > cant seem t > > > -- > Sent from mobile device > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to > support AstLinux are graciously accepted via PayPal to [email protected].
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech
_______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
