[asterisk-bugs] [JIRA] (ASTERISK-21460) New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack

Matt Jordan (JIRA) noreply at issues.asterisk.org
Tue Apr 16 14:22:01 CDT 2013 

Matt Jordan created ASTERISK-21460:
--------------------------------------

             Summary: New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack
                 Key: ASTERISK-21460
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21460
             Project: Asterisk
          Issue Type: New Feature
      Security Level: None
          Components: Channels/chan_gulp
            Reporter: Matt Jordan


Currently, the SIP Security Event Framework exists in a separate file from {{chan_sip}} (yay!) and provides function calls that raise security events when something goes suspiciously. While it may seem like the best approach is to refactor this out as a separate module, there's a few reasons to not do so:
# Most of the SIP security framework exists as a very thin wrapper over the more generic Asterisk Security Event Framework. As such, there's limited benefit in making this code itself a separate resource module
# The non-generic portion of the code is specific to how {{chan_sip}} performs authentication, which is less than ideal

Instead, we should provide a new resource module that does two things:
# During authentication, inspects requests/responses and raises the appropriate events
# Provides facilities that other modules can use to raise security events

At a minimum, the following should be covered:
* An invalid endpoint was requested
* An ACL was violated
* An invalid password was provided
* An authentication occurred successfully
* A session limit violation occurred
* A challenge response failed
* A challenge response was sent


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list