[Asterisk-Users] Re: 911 and lawsuits and redundancy

[Rich Adamson]

> On Tue, 2004-01-06 at 21:08, Jonathan Moore wrote:
> > These are good issues, but I am even thinking of something simpler and more
> > common than crises. Such as this scenerio.
> > 
> > I need to update my Asterisk server that runs all my phones inorder to install a
> >  kernel update that fixes a security bug. This is something I would consider
> > happening on a regular basis with a voip enable system, whereas the traditional
> > system might sit in a closet for 10 years never being touched. Let's say I don't
> > want to stay at work until 2 am to reload the system when noone is there. How
> > would you configure and * system(s so that you could take a system offline
> > during working hours without taking out all or parts of the system? 
> 
> Since the current kernel bug release is for a local exploit, you only
> have to worry about it if you have local users on that machine. If
> security was that high on your priority list and you have users logging
> into your PBX machine, you might need to revisit your security
> procedures. 

Not intending to be disrespectful of _any_ on the list (or digress too
much from the original 911 topic), but given the number of * systems that 
have been deployed (and exposed) that still have default values & assumptions 
within their configurations, security at the OS level should be the least 
of one's concerns. In other words, of all the implementations that exist,
how many can truly state they have analyzed/tested their systems to 
ensure exploits of open iax & sip connections have been properly addressed?