[asterisk-biz] PBX got Hacked

Gregory Boehnlein damin at nacs.net
Fri Feb 13 12:46:12 CST 2009


> > I think most experienced *nix administrators can handle their own
> > IPTables, OpenVPN, and whatever else.
> >
>  I think maybe you misread my post. I don't think it's propaganda at
> all. Switchvox, apparently, instructs you to put their device behind a
> firewall. If you don't, then just like doing a poor plumbing job,
> you're a prime candidate for "leaks" and things that come with "leaks"
> down the line.
> 
>  With regard to your post, "I think most experienced *nix
> administrators can handle their own IPTables, OpenVPN, and whatever
> else.". Yes. I totally agree, but as someone already raised the point,
> how many of the authorized SwitchVox resellers actually have
> "experienced *nix administrators" on staff?   I sincerely doubt that's
> one of their requirements to become a reseller, and while I do
> understand it, I think to not have at least one of those types of
> people on staff with those types of skills *should* be a requirement
> for a good reseller.

I would have to agree with this assessment. Many of the installers that are
out there trying to migrate from the Telephony world to the IP Converged
world have absolutely no concept of Network security. Conversely, a lot of
the Data focused service providers have little understanding of the world of
Telephony.

It is one of the most common problems that I run into in the field..
Resellers and installers that have not done their homework, do not
understand the complex engineering requirements of a Converged IP network
and are just trying to stay afloat in a quickly shifting environment. In
fact, I recently remarked to a co-worker that it seems that the majority of
the consulting work that I'm doing is "Network Janitorial Services" where I
am mopping up the complete messes created by clueless resellers.

That being said, Switchvox is an appliance. Think of it like a toaster that
does one thing really well; make toast. In Switchvox's case, it is designed
to make it easier to deploy IP and PSTN communications. They don't claim the
system to be anything other than a PBX.

Go ask Vodavi or Panasonic if they can provide firewalling services in their
IP PBX products, and tell me what response you get.. More than likely they
will give you a blank stare and ask "what is a firewall?".

Here is the way that I view it. If I install a system for a customer, it is
my obligation to inform the customer of their options and the liabilities
inherent in any choices that they might make. That requires understanding of
the system you are selling, and the architectures under which that system
works best. If I don't know what I'm selling, how to secure it, install it,
adhere to best-practices, then I'm ripping off my customer and shouldn't
really be in the business of installing an IP system in the first place.






More information about the asterisk-biz mailing list