[asterisk-dev] Asterisk Network Security Idea (using tcp_wrappers)

Joseph Benden joe at thrallingpenguin.com
Sun Mar 29 17:00:47 CDT 2009 

On Mar 29, 2009, at 5:31 PM, Steve Edwards wrote:

> On Sun, 29 Mar 2009, Joseph Benden wrote:
>
>> I also don't think that we can accept the blame for system admins who
>> have not properly learned who to take care of their machines. If they
>> are broken into because they left Rsh exposed; is it really our  
>> fault?
>> If they leave SIP wide open with no password and default context can
>> place international calls; is it our fault?
>
> I disagree here.
>
> If some of the recent posts to this list are any indication,  
> Asterisk is
> being deployed by people who have no effing clue.
>
> While, distributing default open and vulnerable configurations  
> *may* not
> carry any legal responsibility, I feel an ethical responsibility  
> not to
> hand out the pointy scissors to children.
>
> Part of the acceptance factor of an IT product is how it's security is
> perceived in the "press." If every Asterisk server is vulnerable to  
> script
> kiddies "out of the box," it will earn a reputation that will be  
> difficult
> to overcome.
>

Yes, to an extent. I do believe that the system shouldn't "out of the  
box" be insecure to a point of having a tremendous number of security  
holes. In fact, it should default to being impossible to receive or  
place ANY calls, manager connections, etc. I think the model of deny- 
all is absolutely the best default. This is really something we all  
should consider for Asterisk. (eg: even the default sample "demo"  
context shouldn't be enabled.)

However, I do not think that Asterisk should come, by default, set up  
to receive distributed lists of IP addresses and subnets to block,  
nor default to altering peoples IPTables lists, or refuse any  
connections, etc.

I feel it should default to using a common, very usable via regular  
expression parsing, logging format for tools like DenyHosts and  
others. Following this up with usage of libraries like tcp_wrappers  
for allowing and denying connections.

If the system accepts nothing from the network by default - it's  
secure. People MUST learn how to allow "stuff".

If it additionally has /etc/hosts.{allow,deny} for ACL management, a  
common logging format for network connections, and documentation (how- 
to guide) on using tcp_wrappers with DenyHosts; we've then solved the  
remaining security problems related to network security - after  
Asterisk is opened slightly (from the above, default deny-all) we can  
manage outside users "poking" at it.

Thanks,
-Joseph Benden

More information about the asterisk-dev mailing list