[Asterisk-Users] Survey: Grandstream improvements.........

John Todd jtodd at loligo.com
Wed Oct 22 11:06:18 MST 2003 

>Can you _please_ trim the quoted text?  There's absolutely no reason to
>quote the entire post you're replying to, signature lines and all...  +2
>points for bottom-posting though.  :-)
>
>>  I still think HTTP is a better option.. There is far more control
>>  available in terms of securing it especially when the description of the
>>
>  package says " TFTP provides very little security, and should not be
>>  enabled unless it is expressly needed."..
>
>Who in their right mind is putting these phones on the open Internet, and if
>they're not, then why is TFTP that big a problem?  TFTP's actually quite a
>standard option in most networking equipment for pulling down new
>configurations and firmware.  HTTP doesn't offer much in the way of helping
>with that.
>
>What would be nice is perhaps a little DIP switch on the phone to enable LAN
>reconfigure/flash for better security...  but for me anyway being able to
>pull the TFTP server and config filenames (global and per-phone) from
>standard DHCP extensions would be awesome.
>
>Regards,
>Andrew


Anybody running an IPCSP is in their "right mind", and that's 
completely over the "open" Internet.

The argument here is not necessarily one of ease of use, but of 
security.  John Brown said in a later post that TFTP's problem was 
not security, but authentication.  Close, but not quite.

The problem with TFTP is that it is neither authenticated NOR 
encryptable by nature.  I have no issue with the lack of 
authentication if the files moved can be encrypted.  This is a 
critically important point: sending out cleartext TFTP (or HTTP, for 
that matter) files across ANY network is ill-advised.

Grandstream can stick with TFTP, or use HTTP, I don't care which. 
Anyone who has enough of these phones that they're dynamically 
re-configuring them with a file transfer mode will figure out one or 
the other.  The issue is that there MUST (MUST, MUST, MUST) be a way 
to encrypt the files so that someone grabbing them from some non-GS 
client or intercepting the communications on the wire cannot get 
passwords or any useful data from the file.   Otherwise, no IPCSP in 
their "right mind" would ever implement the Grandstream phones, ever, 
in any way, period.  And, while enterprise users are a decent market 
share, I don't think Grandstream would say that IPCSPs (who will be 
ordering 1000's of these at a time) can be ignored.

See the Cisco ATA-186 for a well thought-out implementation of this 
method using TFTP.

JT

More information about the asterisk-users mailing list