[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default
Tilghman Lesher
tlesher at digium.com
Thu Nov 12 12:48:00 CST 2009
On Thursday 12 November 2009 11:11:41 Alexander Harrowell wrote:
> On Thursday 12 November 2009 16:59:40 Alexandre Cavalcante Alencar wrote:
> > It will be very welcome to change the default insecure behavior to a
> > more secure one. But it's not the solution for all the security
> > problems out there.
>
> Look at the impact Microsoft's decisions to leave various things in an
> insecure state by default had on the global Internet community. How many
> major botnets would there be had XP shipped with WinFirewall set ON?
>
> Arguably, shipping software designed to be connected to the Internet at one
> end and possibly to a telecomms network which is both metered and
> considered safety critical at the other without leaving its defaults in a
> secure state is irresponsbile.
I agree with you 100%. But the point is that the defaults are ALREADY in a
safe state. Once you start modifying configurations, you can make millions
of unsafe configurations, none of which we can really prevent without
significantly limiting the functionality.
--
Tilghman Lesher
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list