[asterisk-users] Security Architecture or Security Evaluations Docs?
Patrick Laimbock
patrick at laimbock.com
Sat Jul 26 08:18:24 CDT 2014
On 26-07-14 14:23, Jeffrey Walton wrote:
> Does anyone know of Security Architecture or Security Evaluations
> documents that I could read?
>
> Searching is turning up no hits. For example,
> http://www.google.com/#q=security+evaluation+site:asterisk.org and
> http://www.google.com/#q=security+architecture+site:asterisk.org.
Assuming "security+evaluation" refers to Common Criteria, I'm not aware
of any Common Criteria initiatives in relation to Asterisk (nor
FreeSWITCH, OpenSIPS, Kamailio, Yate or any other Open Source VoIP
project I'm aware of). Asterisk is a toolbox with many flexible building
blocks and not a product like Cisco CallManager with pre-defined
features set in stone. As such it doesn't really make sense to get
Asterisk certified, if possible at all. It would be like trying to
certify C or Python. If EALx certification is your requirement then have
a look at the CallManager as iirc it's EAL1 certified.
Re "asterisk+architecture", Asterisk Security related best practices are
described here:
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
HTH,
Patrick
More information about the asterisk-users
mailing list