[asterisk-dev] Asterisk Network Security Idea (using tcp_wrappers)
Steve Edwards
asterisk.org at sedwards.com
Sun Mar 29 16:31:56 CDT 2009
On Sun, 29 Mar 2009, Joseph Benden wrote:
> I also don't think that we can accept the blame for system admins who
> have not properly learned who to take care of their machines. If they
> are broken into because they left Rsh exposed; is it really our fault?
> If they leave SIP wide open with no password and default context can
> place international calls; is it our fault?
I disagree here.
If some of the recent posts to this list are any indication, Asterisk is
being deployed by people who have no effing clue.
While, distributing default open and vulnerable configurations *may* not
carry any legal responsibility, I feel an ethical responsibility not to
hand out the pointy scissors to children.
Part of the acceptance factor of an IT product is how it's security is
perceived in the "press." If every Asterisk server is vulnerable to script
kiddies "out of the box," it will earn a reputation that will be difficult
to overcome.
Thanks in advance,
------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-dev
mailing list