stotaro at totarotechnologies.com
Fri Mar 9 15:40:26 CST 2012
On Fri, Mar 9, 2012 at 4:10 PM, Kevin P. Fleming <kpfleming at digium.com>wrote:
> On 03/09/2012 02:56 PM, Josh Freeman wrote:
>> The most current patched Asterisk, along with the most current app_rpt,
>> can be found at
> I'm really trying to avoid fanning the flames here, but if that code is
> *really* based on 1.4.23, and hasn't been kept up to date with the Asterisk
> 1.4 releases, then that means it contains a number of security
> vulnerabilities that users should be aware of. Some of them are user
> enumeration vulnerabilities, but others (like AST-2011-010, AST-2011-005,
> AST-2011-001, and maybe more) are more serious.
> Kevin P. Fleming
> Digium, Inc. | Director of Software Technologies
> Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at www.digium.com & www.asterisk.org
You are not fanning any flames, that is a good point and anyone that
deploys this technology should have to read a disclaimer as
to vulnerabilities. I am well aware that there have been some serious
security issues in those earlier versions.
As for an Asterisk Box, or probably better described by what It is used
for, a Repeater or Base Station Controller Boxen, I have them locked down
in IPTables and in Asterisk. There are usually not more then a dozen or so
RoIP conncted repeaters.
In my case, I only open one port for OpenVPN and I define the other
repeaters by host=IP. As far as "Soft Radios and Autopatch" that function
is taken care of by a "real" Asterisk server that is more of a PBX and
faces the world, not the "Repeater Controller", again, one entry defined by
IP over OpenVPN. Bridged or routed, they non-routeable IPs. The RoIP VPN
is only accessible through that tunnel, which is dedicated for that purpose.
I am very mindful of security, especially dealing with DoD, but pretty much
apply the same kind of security on any implementation.
Obviously, these security issues should be patched, but I feel that in my
implementations, things are very secure.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users