[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
Jay R. Ashworth
jra at baylink.com
Thu Jun 12 08:25:59 CDT 2008
On Thu, Jun 12, 2008 at 04:23:46AM -0400, Mark Adams wrote:
> My situation seems unique because I am not using a router even at this
> point. I was given a sheet of ip addresses and was told just to provision by
> devices with the given ip's and they would handle the rest. My devices are
> hooked directly to their switch in my location.
>
> This hasn't been an issue up until now because I only had analog (mediatrix
> and audiocodes 24 port gateways x 4) connected to the switch. Now I am going
> to a software based dialer (i.e. asterisk/ vicidial) and have run into these
> problems.
This is one of the reasons why VoIP/Internet can be problematic: even
if you have a firewall, you're required to expose your SIP or IAX ports
to the net at large, whether through a firewall, or some sort of
proxy -- which means you're at the mercy of people finding exploits in
Asterisk that they can use to pwn your machine.
Probably the only *really* good approach to this is the one we use here
at Vici: don't let SIP and IAX out of the building. All of our PSTN
connections are via traditional T-1 trunking to IXCs, and all of our
agents are inside the building as well, on T-1/Zap/DAHDI channelbanks.
If I ever do have to put people outside the building, I'll put them on
secure VPNs, and the same if I have to trunk to commercial VoIP
carriers. At the very least in this latter case, I'll IP lock the
incoming connection, if I can't find a carrier that will do VoIP/VPN/Internet.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
More information about the asterisk-users
mailing list