diff options
author | Mark Spencer <markster@digium.com> | 2005-10-18 21:06:38 +0000 |
---|---|---|
committer | Mark Spencer <markster@digium.com> | 2005-10-18 21:06:38 +0000 |
commit | b1cee61174a2c7b648293916da0bb417c4af0001 (patch) | |
tree | 189d43d5c3d0515293aa03bdab11f71e039083ad /SECURITY | |
parent | 65cb05b658e7469fad48f00ff7deb61380f46375 (diff) |
Fix various documentation issues (bugs #5464-5467)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6826 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'SECURITY')
-rwxr-xr-x | SECURITY | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -4,6 +4,32 @@ PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION. IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES. +Asterisk security involves both network security (encryption, authentication) +as well as dialplan security (authorization - who can access services in +your pbx). If you are setting up Asterisk in production use, please make +sure you understand the issues involved. + +* NETWORK SECURITY + +If you install Asterisk and use the "make samples" command to install +a demonstration configuration, Asterisk will open a few ports for accepting +VoIP calls. Check the channel configuration files for the ports and IP addresses. + +If you enable the manager interface in manager.conf, please make sure that +you access manager in a safe environment or protect it with SSH or other +VPN solutions. + +For all TCP/IP connections in Asterisk, you can set ACL lists that +will permit or deny network access to Asterisk services. Please check +the "permit" and "deny" configuration options in manager.conf and +the VoIP channel configurations - i.e. sip.conf and iax.conf. + +The IAX2 protocol supports strong RSA key authentication as well as +AES encryption of voice and signalling. The SIP channel does not +support encryption in this version of Asterisk. + +* DIALPLAN SECURITY + First and foremost remember this: USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY @@ -38,4 +64,4 @@ exten => 6123,Dial(Zap/1) DON'T FORGET TO TAKE THE DEMO CONTEXT OUT OF YOUR DEFAULT CONTEXT. There isn't really a security reason, it just will keep people from wanting to -play with your asterisk setup remotely. +play with your Asterisk setup remotely. |