[Asterisk-Users] Security audit scripts

[Rich Adamson]

> > Are there security concerns with the * application software?
> > I know there are with the Linux installation.
> 
> :-)
> 
> You should always be concerned with security.  Not to say that Asterisk 
> has any security problems (it is audited regularly).
> 
> If you are administering network boxes you should really read up on 
> network security.
> 
> That said, most of your security concerns are going to come from 
> applications which are running by default on your distro.
> 
> You should really go through every application running on your box and 
> decide a) whether you need it and b) what settings you really need.

This has sort of been discussed before on the list, but I'd suggest
there is a much larger security issue running asterisk resulting
from the implementor not understanding "contexts". I'm not talking
about problems with the code, but rather experience level.

Those with a fair amount of * experience know/understand the use of
default contexts, however the list has seen many many posts where
the implementor is having trouble making things work as expected
and a fair number of those have something to do with the proper
use of contexts.

As with any I/T system, layered security is important including the
underlying OS, apps (including *), the network itself, etc. However,
there are many systems residing directly on the Internet and none
of us have any issues when the systems are properly secured.