[asterisk-users] Asterisk Security: Allow only one phone per sip registration

Muro, Sam research at businesstz.com
Fri Oct 14 06:25:13 CDT 2011


Thanks A.J

I know and I can assure you no one will get that physical access to the
system.

A J Stiles wrote:
> On Friday 14 October 2011, Muro, Sam wrote:
>> Hi there
>>
>> Consider this. You have three SIP extension 200, 201 and 202 and you
>> have
>> configured your phones, say Polycom 331 to those accounts. 200 being one
>> very sensitive individual.
>>
>> Lets say, an insider, get a new phone or perhaps an xlite and configure
>> it
>> with the same extension, 200. Asterisk will register it as 200 to the
>> new
>> IP address.  Now extension 202 call 200. The hacker answers it and
>> pretend
>> is the same person. Do what he want to do and thats it.
>>
>> Question;
>> How can i stop this type of threat
>
> Be careful who you employ and how you treat them  :)
>
> Once someone has physical access to your equipment, all bets are off .....
>
> --
> AJS
>
> Answers come *after* questions.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>




More information about the asterisk-users mailing list