[Asterisk-Users] Security audit scripts
Rich Adamson
radamson at routers.com
Fri Jan 14 05:34:53 MST 2005
> > Are there security concerns with the * application software?
> > I know there are with the Linux installation.
>
> :-)
>
> You should always be concerned with security. Not to say that Asterisk
> has any security problems (it is audited regularly).
>
> If you are administering network boxes you should really read up on
> network security.
>
> That said, most of your security concerns are going to come from
> applications which are running by default on your distro.
>
> You should really go through every application running on your box and
> decide a) whether you need it and b) what settings you really need.
This has sort of been discussed before on the list, but I'd suggest
there is a much larger security issue running asterisk resulting
from the implementor not understanding "contexts". I'm not talking
about problems with the code, but rather experience level.
Those with a fair amount of * experience know/understand the use of
default contexts, however the list has seen many many posts where
the implementor is having trouble making things work as expected
and a fair number of those have something to do with the proper
use of contexts.
As with any I/T system, layered security is important including the
underlying OS, apps (including *), the network itself, etc. However,
there are many systems residing directly on the Internet and none
of us have any issues when the systems are properly secured.
More information about the asterisk-users
mailing list