[asterisk-bugs] [JIRA] (ASTERISK-21460) New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Oct 21 12:46:20 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-21460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-21460:
-----------------------------------
Target Release Version/s: 1.8.24.0
> New SIP Channel Driver - create a SIP Security Event module suitable for consumption in the new SIP stack
> ---------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-21460
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-21460
> Project: Asterisk
> Issue Type: New Feature
> Security Level: None
> Components: Channels/chan_pjsip
> Reporter: Matt Jordan
> Assignee: Joshua Colp
> Labels: Asterisk12, NewSIP
> Target Release: 1.8.24.0
>
>
> Currently, the SIP Security Event Framework exists in a separate file from {{chan_sip}} (yay!) and provides function calls that raise security events when something goes suspiciously. While it may seem like the best approach is to refactor this out as a separate module, there's a few reasons to not do so:
> # Most of the SIP security framework exists as a very thin wrapper over the more generic Asterisk Security Event Framework. As such, there's limited benefit in making this code itself a separate resource module
> # The non-generic portion of the code is specific to how {{chan_sip}} performs authentication, which is less than ideal
> Instead, we should provide a new resource module that does two things:
> # During authentication, inspects requests/responses and raises the appropriate events
> # Provides facilities that other modules can use to raise security events
> At a minimum, the following should be covered:
> * An invalid endpoint was requested
> * An ACL was violated
> * An invalid password was provided
> * An authentication occurred successfully
> * A session limit violation occurred
> * A challenge response failed
> * A challenge response was sent
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list