[Asterisk-Users] Plugging Asterisk Security Holes....

andrewg at felinemenace.org andrewg at felinemenace.org
Wed Mar 24 17:39:54 MST 2004

On Wed, Mar 24, 2004 at 08:54:44AM -0800, Asterisk wrote:
> Hello Andrew, 
> Thanks a lot for the detailed response. It's deffinately informative. 
> I was wondering if you could discuss the IAX -- Ipsec setup you have?
> Do you have a box outside of the Asterisk that takes care of the
> business
> or you have a PCI card of some kind? If so, did you have to muck with
> the asterisk core in order to setup and tear down IPSec tunnels?

The IPSec setup was setup host to host to the two systems. Nothing
special about the setup iirc, bar allowing the ToS bit to be 
set on outgoing packets.

> Sorry, lot of questions but my curiousity I building up more and more.
> Security (specially in voice business) is another hot topic of interest

No problems. Security is a very wide and very interesting field :)

> These days and I would love to know more about the process of (best)
> securing voice channels.

What are you doing for the client ends?

As general best practices go, setting up another wired network with
switches that can do QoS would be good... A while ago I was looking for
a voip phone which supported 802.1X, IPSec and VLAN support would of
been "nice". I don't recall ever finding one, however.

If anyone is feeling up to it, it'd be good to write some documents
specifically relating to asterisk installations.. I'd be interested
in contributing to them / testing out ideas etc. 

> Thanks to everyone who is participating in this discussion.
> James

Andrew Griffiths

More information about the asterisk-users mailing list