[asterisk-dev] Asterisk Network Security Idea (using tcp_wrappers)

Steve Edwards asterisk.org at sedwards.com
Sun Mar 29 16:31:56 CDT 2009


On Sun, 29 Mar 2009, Joseph Benden wrote:

> I also don't think that we can accept the blame for system admins who
> have not properly learned who to take care of their machines. If they
> are broken into because they left Rsh exposed; is it really our fault?
> If they leave SIP wide open with no password and default context can
> place international calls; is it our fault?

I disagree here.

If some of the recent posts to this list are any indication, Asterisk is 
being deployed by people who have no effing clue.

While, distributing default open and vulnerable configurations *may* not 
carry any legal responsibility, I feel an ethical responsibility not to 
hand out the pointy scissors to children.

Part of the acceptance factor of an IT product is how it's security is 
perceived in the "press." If every Asterisk server is vulnerable to script 
kiddies "out of the box," it will earn a reputation that will be difficult 
to overcome.

Thanks in advance,
------------------------------------------------------------------------
Steve Edwards      sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                             Fax: +1-760-731-3000



More information about the asterisk-dev mailing list