[asterisk-users] Asterisk Security: Allow only one phone per sip registration

A J Stiles asterisk_list at earthshod.co.uk
Fri Oct 14 06:09:09 CDT 2011


On Friday 14 October 2011, Muro, Sam wrote:
> Hi there
> 
> Consider this. You have three SIP extension 200, 201 and 202 and you have
> configured your phones, say Polycom 331 to those accounts. 200 being one
> very sensitive individual.
> 
> Lets say, an insider, get a new phone or perhaps an xlite and configure it
> with the same extension, 200. Asterisk will register it as 200 to the new
> IP address.  Now extension 202 call 200. The hacker answers it and pretend
> is the same person. Do what he want to do and thats it.
> 
> Question;
> How can i stop this type of threat

Be careful who you employ and how you treat them  :)

Once someone has physical access to your equipment, all bets are off .....

-- 
AJS

Answers come *after* questions.



More information about the asterisk-users mailing list