[asterisk-users] Security Architecture or Security Evaluations Docs?

Patrick Laimbock patrick at laimbock.com
Sat Jul 26 08:18:24 CDT 2014

On 26-07-14 14:23, Jeffrey Walton wrote:
> Does anyone know of Security Architecture or Security Evaluations
> documents that I could read?
> Searching is turning up no hits. For example,
> http://www.google.com/#q=security+evaluation+site:asterisk.org and
> http://www.google.com/#q=security+architecture+site:asterisk.org.

Assuming "security+evaluation" refers to Common Criteria, I'm not aware 
of any Common Criteria initiatives in relation to Asterisk (nor 
FreeSWITCH, OpenSIPS, Kamailio, Yate or any other Open Source VoIP 
project I'm aware of). Asterisk is a toolbox with many flexible building 
blocks and not a product like Cisco CallManager with pre-defined 
features set in stone. As such it doesn't really make sense to get 
Asterisk certified, if possible at all. It would be like trying to 
certify C or Python. If EALx certification is your requirement then have 
a look at the CallManager as iirc it's EAL1 certified.

Re "asterisk+architecture", Asterisk Security related best practices are 
described here:


More information about the asterisk-users mailing list