[asterisk-users] allowguest defaults to yes for SIP
Matt Riddell
lists at venturevoip.com
Thu Nov 12 17:21:50 CST 2009
On 13/11/09 8:30 AM, SIP wrote:
> Eh... if VoIP fraud weren't so rampant, and I didn't constantly see
> mailings to the Asterisk list about "How do I secure my system from the
> people who've been costing me tons of money lately," I would say that
> having a lax stance on security in exchange for additional usability
> might be a good thing. But as is, that's simply not the case. The
> 'usability' you get from this is really only questionably essential in
> its ability to save time, but the security one would get from a change
> could save some people actual money -- not just time.
The problem there is normally lax usernames and passwords. Not that
there is default access to the echo test.
> As someone who used to design systems and networks, I would vote for
> security over nebulous desire to keep the status quo.
Because you're already using Asterisk. If it had been too hard at the
start maybe you wouldn't.
> True, you can't keep stupid people from doing stupid things, but given a
> choice between protecting the ignorant from a bad situation or catering
> to those who want to avoid an extra step or two on installation, I'd
> side with protecting the ignorant every time. There's always a trade-off
> between usability and security, and I'm of the opinion that security is
> the more important of the two when dealing with systems connected to the
> Internet. Call me a cynic. :)
The ignorant won't have changed the default context - they likely won't
even know how to edit a config file - so they're safe.
--
Cheers,
Matt Riddell
Director
_______________________________________________
http://www.venturevoip.com/news.php (Daily Asterisk News)
http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)
http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems)
More information about the asterisk-users
mailing list