[asterisk-users] Asterisk Security

Tom mlist at doublevision.gotdns.com
Sat Apr 4 22:09:39 CDT 2009 

Since we are talking about security, if I am using * to talk to a cisco
gateway via SIP, is there some sort of encryption you can use?  Like a 
vpn tunnel?  

Can someone capture packets and re-assemble to make out a conversation?



-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Martin
Sent: Saturday, April 04, 2009 7:20 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Security

Lets not be that paranoid. If you have these ports open to the internet then
from time to time someone will check if your default unsecured context
can dial out to PSTN...

with sip.conf you can add

allowguest=no

With IAX2 there's no allowguest but I believe you have to have a guest
username in iax.conf with no password to access
the unsecured context.

Martin

On Sat, Apr 4, 2009 at 3:42 PM, Todd Reese <treese65 at gmail.com> wrote:
> Hi All,
>
> Coming in to day, the logs on the asterisk server showed several entries
> such as:
>
> [Apr  4 15:25:16] NOTICE[9280]: chan_sip.c:14627 handle_request_invite:
> Call from '' to extension '9810380487965419' rejected because extension
> not found.
>
> This has gotten me to thinking about security of this box.
>
> 1. Currently the box sits behind a firewall with iax and sip ports
> pointing to it for the ip phones that are offsite.  There isn't any
> other access through the firewall to this box.
> 2. All devices have an extension assigned to them in sip.conf and
> extensions.conf.  i.e. supra ATA, Grandstream GXP-2000
> 3. The box is fed via Les.net and Voicepluse.  All other feeds are
> shutoff when not active.
>
> I'm looking for ideas to tighten up on the security so that this won't
> happen again.
>
> TIA,
>
> Todd Reese
>
>
>
>
>
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.0.238 / Virus Database: 270.11.41/2040 - Release Date: 04/04/09
16:53:00

More information about the asterisk-users mailing list