[asterisk-biz] PBX got Hacked

Remco Barendse asterisk at barendse.to
Wed Mar 11 14:03:22 CDT 2009


Now i read a lot of messages with many arguments stating that we should
use iptables, fail2ban and some other things as well as that we should use
secure usernames and passwords.

While this may all be true and valid, obviously there is already an
authentication scheme implemented in Asterisk checking username and
password.

If it is difficult to implement what i suggested with all the options and
configurable settings, why not implement it in a more simple form?

Despite of all the arguments on other things we could do, why not increase
the level of security in Asterisk if there is a possibility to do so?




More information about the asterisk-biz mailing list