[asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism
A J Stiles
asterisk_list at earthshod.co.uk
Fri Sep 19 04:51:20 CDT 2014
On Thursday 18 Sep 2014, motty cruz wrote:
> Hello, I would to allow users to place calls overseas such as India and
> Malaysia but only with a security code. if they don't have a security code
> I want to be able to drop the calls.
>
> can someone point me to a right direction to achieve this goal?
>
> Thanks,
> Motty
Not many people are going to want to answer this definitively, I suspect, for
fear of being blamed if you copy what they did, it doesn't work for you and
you get landed with huge bills for calls you didn't make. Securing Asterisk
is never as easy as you think.
However, if you look back through my own posts, I did post some dialplan code
a short while ago, relating to a PIN entry. Feel free to borrow that and play
around with it; but note, I will not accept any responsibility for it not
being as secure as you thought!
Another thing to consider would be only allowing overseas calls from a
particulat context; any extension that does not require the ability to call
abroad should be placed in a different default context. If you know you will
only ever need to call a restricted range of foreign numbers, consider giving
them "short codes" -- endpoints effectively within your own internal numbering
scheme -- and sending calls to _00X. to a recorded message.
[overseas-offices]
; this context is only for phones which need the ability to call overseas
; 8000 is office in France
exten => 8000,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8000,n,Dial(${OUT_TRUNK}/0033251478820,180)
exten => 8000,n,Hangup()
; 8010 is office in India
exten => 8010,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8010,n,Dial(${OUT_TRUNK}/00918322494200,180)
exten => 8010,n,Hangup()
; .....
[default]
; play suitably sarchastic announcement to chancers
_00X.,1,Play(ajs-not_allowed)
_00X.,n,Hangup()
Basically, be paranoid; and even then, don't forget, you probably aren't being
paranoid enough.
--
AJS
Note: Originating address only accepts e-mail from list! If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .
More information about the asterisk-users
mailing list