[asterisk-users] Asterisk Security: Allow only one phone per sip registration
A J Stiles
asterisk_list at earthshod.co.uk
Fri Oct 14 06:09:09 CDT 2011
On Friday 14 October 2011, Muro, Sam wrote:
> Hi there
>
> Consider this. You have three SIP extension 200, 201 and 202 and you have
> configured your phones, say Polycom 331 to those accounts. 200 being one
> very sensitive individual.
>
> Lets say, an insider, get a new phone or perhaps an xlite and configure it
> with the same extension, 200. Asterisk will register it as 200 to the new
> IP address. Now extension 202 call 200. The hacker answers it and pretend
> is the same person. Do what he want to do and thats it.
>
> Question;
> How can i stop this type of threat
Be careful who you employ and how you treat them :)
Once someone has physical access to your equipment, all bets are off .....
--
AJS
Answers come *after* questions.
More information about the asterisk-users
mailing list