[asterisk-biz] PBX got Hacked

Andrew M. Lauppe alauppe at anteil.com
Wed Mar 11 14:13:15 CDT 2009 

>
> Despite of all the arguments on other things we could do, why not increase
> the level of security in Asterisk if there is a possibility to do so?
>   
Bottom line here, I think, is that the security holes aren't just in 
Asterisk, they're in SIP, and Asterisk has to support SIP. It is SIP 
that passes the usernames/passwords in plaintext. If SIP supported a 
more secure authentication scheme, Asterisk would support it.

Of course, that said, SIPS exists... I do believe Digium is working on 
SIPS support, no?

Anteil, Inc. <http://www.anteil.com>
------------------------------------------------------------------------

*Andrew M. Lauppe
* /Consultant/
	
	4051B Executive Park Dr.
Harrisburg, PA 17111
------------------------------------------------------------------------
+1 (877) OS-LINUX x23
+1 (484) 421-9919 direct



Remco Barendse wrote:
> Now i read a lot of messages with many arguments stating that we should
> use iptables, fail2ban and some other things as well as that we should use
> secure usernames and passwords.
>
> While this may all be true and valid, obviously there is already an
> authentication scheme implemented in Asterisk checking username and
> password.
>
> If it is difficult to implement what i suggested with all the options and
> configurable settings, why not implement it in a more simple form?
>
> Despite of all the arguments on other things we could do, why not increase
> the level of security in Asterisk if there is a possibility to do so?
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090311/aa0b1d37/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Anteil_email.jpg
Type: image/jpeg
Size: 3436 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-biz/attachments/20090311/aa0b1d37/attachment.jpg

More information about the asterisk-biz mailing list