[svn-commits] russell: branch group/security_events r191693 - /team/group/security_events/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Sat May 2 08:50:18 CDT 2009
Author: russell
Date: Sat May 2 08:50:06 2009
New Revision: 191693
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=191693
Log:
Add notes from security events discussion
Added:
team/group/security_events/security_events.txt (with props)
Added: team/group/security_events/security_events.txt
URL: http://svn.digium.com/svn-view/asterisk/team/group/security_events/security_events.txt?view=auto&rev=191693
==============================================================================
--- team/group/security_events/security_events.txt (added)
+++ team/group/security_events/security_events.txt Sat May 2 08:50:06 2009
@@ -1,0 +1,104 @@
+-------------------------------------------------------------------------------
+--- Random Thoughts -----------------------------------------------------------
+-------------------------------------------------------------------------------
+
+ - Try to detect if an auth attack is trying different passwords by using the
+ same nonce after some number of unsuccessful auth attempts
+
+ - Log Subscribe to invalid exten?
+ -> request not allowed with meta data
+
+ - RTP
+ -> invalid payload?
+ -> unexpected source addr?
+
+ - Differentiate between security error events and informational events
+
+ - Events must all be individually interpretable
+
+-------------------------------------------------------------------------------
+--- Events to log -------------------------------------------------------------
+-------------------------------------------------------------------------------
+
+(-) required
+(+) optional
+
+Failed ACL match
+ (-) Local address family/IP/addr/port/transport
+ (-) Remote address family/IP/addr/port/transport
+ (-) Service (SIP, AMI, IAX2, ...)
+ (-) System Name
+ (+) Module
+ (+) Account ID (username, etc)
+ (+) Session ID (CallID, etc)
+ (+) Session timestamp (required if Session ID present)
+ (+) Name of ACL (when we have named ACLs)
+ (-) Event timestamp (sub-second precision)
+
+Failed ACL match
+ (-) Local address family/IP/addr/port/transport
+ (-) Remote address family/IP/addr/port/transport
+ (-) Service (SIP, AMI, IAX2, ...)
+ (-) System Name
+ (+) Module
+ (-) Account ID (username, etc)
+ (+) Session ID (CallID, etc)
+ (+) Session timestamp (required if Session ID present)
+ (-) Event timestamp (sub-second precision)
+
+Invalid Account ID
+ (-) Local address family/IP/addr/port/transport
+ (-) Remote address family/IP/addr/port/transport
+ (-) Service (SIP, AMI, IAX2, ...)
+ (-) System Name
+ (-) Account ID
+ (+) Session ID (CallID, etc)
+ (+) Session timestamp (required if Session ID present)
+ (-) Event timestamp (sub-second precision)
+
+Invalid Challenge/Response
+ -> everything from invalid account ID
+ (-) Challenge
+ (-) Response
+ (-) Expected Response
+
+Successful Auth
+ -> informational event
+ -> everything from inval account ID
+
+Invalid formatting of Request
+ -> everything from inval account ID
+ -> account ID optional
+ (+) reason (free form text for why it failed) (defined list of reasons?)
+
+Call Limit Reached
+ -> everything from inval account ID
+
+Mem Limit Reached
+ -> everything from inval account ID
+
+Max Load Avg Reached
+ -> everything from inval account ID
+
+Request Not Allowed
+ -> everything from inval account ID
+ (-) Request Type
+ (+) Request parameters
+
+Request Not Supported
+ -> everything from inval account ID
+ (-) Request Type
+
+Unacceptable auth method
+ -> everything from inval account ID
+ (-) Auth Method attempted
+
+Custom Events (from dialplan)
+ -> driven by config file?
+
+In dialog message from unexpected host
+ -> everything from inval account ID
+ (-) expected host
+
+-------------------------------------------------------------------------------
+-------------------------------------------------------------------------------
Propchange: team/group/security_events/security_events.txt
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: team/group/security_events/security_events.txt
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Propchange: team/group/security_events/security_events.txt
------------------------------------------------------------------------------
svn:mime-type = text/plain
More information about the svn-commits
mailing list