[Asterisk-Users] Internet Dial-in security questions
Skuse, Phil
Phil.Skuse at vicorp.com
Fri Apr 25 03:29:27 MST 2003
Hi,
My company wants to put a SIP address on their website. The idea is that
potential customers can call that address and will be forwarded to our main
switchboard.
It's fairly easy in theory because my asterisk server has a real IP address,
so any calls to
sip:<number>@asterisk-server.mycompany.com
should connect just fine (except currently it will be blocked by the
firewall). Our firewall knows nothing about SIP, so presumably I have to
open port 5060 and all UDP high ports (in and out)?
What are the security implications of doing this? Do I need to secure the
asterisk server in the same way that I would for other publically accessible
servers? (grsecurity + closing all non-essential ports + removing all suid
programs and unnecessary daemons)
Presumably I also need to setup proper contexts so that internet callers
cannot access the PSTN or voicemail? Anybody have an example of this?
Are there any particular security risks that I need to defend against?
Would it be better to put a secured asterisk server outside the firewall and
connect it to the internal one with IAX? Does this require less ports open
on the firewall?
Phil Skuse <phil.skuse at vicorp.com>
****************************************************
Unix System Administrator, Vicorp Group Limited.
Tel +44 (0)1753 660523 Fax +44 (0)1753 660501
The Telephony Engine Company http://www.vicorp.com
****************************************************
More information about the asterisk-users
mailing list