[asterisk-bugs] [JIRA] (ASTERISK-21460) New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack

Matt Jordan (JIRA) noreply at issues.asterisk.org
Tue May 28 14:10:04 CDT 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-21460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan reassigned ASTERISK-21460:
--------------------------------------

    Assignee: Joshua Colp
    
> New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-21460
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21460
>             Project: Asterisk
>          Issue Type: New Feature
>      Security Level: None
>          Components: Channels/chan_gulp
>            Reporter: Matt Jordan
>            Assignee: Joshua Colp
>              Labels: Asterisk12, NewSIP
>
> Currently, the SIP Security Event Framework exists in a separate file from {{chan_sip}} (yay!) and provides function calls that raise security events when something goes suspiciously. While it may seem like the best approach is to refactor this out as a separate module, there's a few reasons to not do so:
> # Most of the SIP security framework exists as a very thin wrapper over the more generic Asterisk Security Event Framework. As such, there's limited benefit in making this code itself a separate resource module
> # The non-generic portion of the code is specific to how {{chan_sip}} performs authentication, which is less than ideal
> Instead, we should provide a new resource module that does two things:
> # During authentication, inspects requests/responses and raises the appropriate events
> # Provides facilities that other modules can use to raise security events
> At a minimum, the following should be covered:
> * An invalid endpoint was requested
> * An ACL was violated
> * An invalid password was provided
> * An authentication occurred successfully
> * A session limit violation occurred
> * A challenge response failed
> * A challenge response was sent

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list