diff options
author | Russell Bryant <russell@russellbryant.com> | 2007-10-15 13:12:51 +0000 |
---|---|---|
committer | Russell Bryant <russell@russellbryant.com> | 2007-10-15 13:12:51 +0000 |
commit | 4765cf4553924050a3c0bfa581efaba8ffc50c55 (patch) | |
tree | 10e1f9eaad925e0834d16a91560765b0c2259636 /doc/tex/security.tex | |
parent | 27031927cf43efe9922557c011d282a0486d40aa (diff) |
Another major doc directory update from IgorG. This patch includes
- Many uses of the astlisting environment around verbatim text to ensure that
it gets properly formatted and doesn't run off the page.
- Update some things that have been deprecated.
- Add escaping as needed
- and more ...
(closes issue #10978)
Reported by: IgorG
Patches:
texdoc-85542-1.patch uploaded by IgorG (license 20)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@85547 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'doc/tex/security.tex')
-rw-r--r-- | doc/tex/security.tex | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/doc/tex/security.tex b/doc/tex/security.tex index 188f42cab..4eb4e1095 100644 --- a/doc/tex/security.tex +++ b/doc/tex/security.tex @@ -1,11 +1,11 @@ \subsection{Introduction} -PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION. +PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION. IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES. Asterisk security involves both network security (encryption, authentication) -as well as dialplan security (authorization - who can access services in +as well as dialplan security (authorization - who can access services in your pbx). If you are setting up Asterisk in production use, please make sure you understand the issues involved. @@ -37,7 +37,7 @@ INCOMING CONNECTIONS. You should consider that if any channel, incoming line, etc can enter an extension context that it has the capability of accessing any extension -within that context. +within that context. Therefore, you should NOT allow access to outgoing or toll services in contexts that are accessible (especially without a password) from incoming @@ -46,12 +46,15 @@ stations within you network. In particular, never ever put outgoing toll services in the "default" context. To make things easier, you can include the "default" context within other private contexts by using: +\begin{astlisting} \begin{verbatim} include => default \end{verbatim} +\end{astlisting} in the appropriate section. A well designed PBX might look like this: +\begin{astlisting} \begin{verbatim} [longdistance] exten => _91NXXNXXXXXX,1,Dial(Zap/g2/${EXTEN:1}) @@ -64,13 +67,14 @@ include => default [default] exten => 6123,Dial(Zap/1) \end{verbatim} +\end{astlisting} DON'T FORGET TO TAKE THE DEMO CONTEXT OUT OF YOUR DEFAULT CONTEXT. There -isn't really a security reason, it just will keep people from wanting to +isn't really a security reason, it just will keep people from wanting to play with your Asterisk setup remotely. \subsection{Log Security} Please note that the Asterisk log files, as well as information printed to the -Asterisk CLI, may contain sensitive information such as passwords and call +Asterisk CLI, may contain sensitive information such as passwords and call history. Keep this in mind when providing access to these resources. |