[asterisk-users] Auto provisioning from public server
Danny Nicholas
danny at debsinc.com
Tue Oct 26 10:47:43 CDT 2010
On Tue, Oct 26, 2010 at 12:31 PM, Jonas Kellens
<jonas.kellens at telenet.be> wrote:
> Hello,
>
> has anyone experience with auto provisioning IP-phones on different
> locations through a central public provisioning server ? You use http or
> https ?
>
> Is there a danger that one uses a different MAC-address in the
provisioning
> link to obtain SIP username / password settings ?
>
>
> Kind regards,
> Jonas.
>
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Andrew Latham
Sent: Tuesday, October 26, 2010 10:41 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Auto provisioning from public server
You can provision over a WAN and access-lists or iptables can limit
the networks allowed. Define what level of security you need first.
For further security you can use an inbound proxy and check the http
headers for agent identification. This can also be faked.
Practice layers of security...
~
Andrew "lathama" Latham
lathama at gmail.com
To second Andrew's reply - Auto-provisioning is "generally" done in a
TFTP/HTTP environment. So you will want to set up a "layered-vlan"
environment using IPTABLES or whatever so you can "poke freely with
constraints".
The "phone" is dumb, so your network needs to be "smart"...
More information about the asterisk-users
mailing list