[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber

Jay R. Ashworth jra at baylink.com
Thu Jun 12 08:25:59 CDT 2008


On Thu, Jun 12, 2008 at 04:23:46AM -0400, Mark Adams wrote:
> My situation seems unique because I am not using a router even at this
> point. I was given a sheet of ip addresses and was told just to provision by
> devices with the given ip's and they would handle the rest. My devices are
> hooked directly to their switch in my location. 
> 
> This hasn't been an issue up until now because I only had analog (mediatrix
> and audiocodes 24 port gateways x 4) connected to the switch. Now I am going
> to a software based dialer (i.e. asterisk/ vicidial) and have run into these
> problems. 

This is one of the reasons why VoIP/Internet can be problematic: even
if you have a firewall, you're required to expose your SIP or IAX ports
to the net at large, whether through a firewall, or some sort of
proxy -- which means you're at the mercy of people finding exploits in
Asterisk that they can use to pwn your machine.

Probably the only *really* good approach to this is the one we use here
at Vici: don't let SIP and IAX out of the building.  All of our PSTN
connections are via traditional T-1 trunking to IXCs, and all of our
agents are inside the building as well, on T-1/Zap/DAHDI channelbanks.

If I ever do have to put people outside the building, I'll put them on
secure VPNs, and the same if I have to trunk to commercial VoIP
carriers.  At the very least in this latter case, I'll IP lock the
incoming connection, if I can't find a carrier that will do VoIP/VPN/Internet.

Cheers,
-- jra

-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)



More information about the asterisk-users mailing list