Asterisk security
Created by: oej,Last modification on Tue 29 of Apr, 2008 [23:52 UTC] by JustRumours
Asterisk security
Security in a complex piece of software like Asterisk is not a simple thing. Help us collect information on the subject:
- Information on Asterisk and Security, including a presentation from AstriCon 2006
- Asterisk Security White Paper: A white paper written by Zone24x7 Inc about how to configure Asterisk to be secure
- Astricon Europe Powerpoint presentation about asterisk security and stability
- SIP security: What security functions are implemented for SIP in asterisk
- Asterisk security coding: Any thoughts on secure coding, buffer overflows etc?
- Firewalls and Asterisk: What ports are involved and how do I set up a firewall to protect Asterisk?
- Linux security and Asterisk: Any special considerations when installing your Linux platform?
- Asterisk security iax
- Asterisk security mgcp
- Asterisk security ISDN
- Ranch Networks Configuration for MIDCOM with IP-PBX Asterisk
- Dialplan security - What to consider when setting up a dialplan in extensions.conf
- NetSec version of Asterisk v1.2.2: This release of Asterisk contains support for network security devices manufactured by Ranch Networks, Inc., using their MIDCOM interface library. You will need the companion libmidcom-0.1.0.tar.gz file to build the library. Contact Ranch Networks' support department for assistance in building and configuring MIDCOM support.
What is Midcom you ask?
So Midcom is a IETF protocol Voip PBX speak to tell firewalls type boxes (like Ranch) what ports to open to allow calls through the firewall. The problem being as Voip get secure encrypted signaling firewalls will not be able to tell which ports to open to let media through the firewall. I am scared of the idea that my SIP proxy or IP PBX would be allowed to tell my firewall which ports to open. But I am not sure there is a better solution.Articles
- Good paper that also includes short section on Midcom: NIST: Security Considerations for Voice Over IP Systems
- BSI on VoIP security (German): Abstract - 130 page report, 11 MB
See also
- Asterisk administration
- Asterisk encryption
- VLAN
- http://www.securiteam.com/securitynews/5LP0720B5G.html Security Notice: Asterisk / Sept 7, 2003 (Fixed).
- http://www.securiteam.com/unixfocus/5HP0H1PB5S.html Security Notice: Asterisk / Sept 16, 2003.
- Asterisk server running in a chroot jail; not as secure as virtualization but here it is. (Asterisk 1.4.18 and Linux 2.6.24) April 04, 2008.
- Asterisk: Start page | Introduction | FAQ | Tips & Tricks
Comments
333VoIP Security Solutions
The core solution for VoIP Security and VoIP anti-blocking is VGCP (VoiceGuard Control Protocol).
It can work with any 3rd-party Softphone/ATA/Gateway/IPPhone/IADs and SIP proxy or server.
It can work in the way similar to that of soho router, but it only encrypts and decrypts SIP and RTP packets on link layer, not to handup these packets to IP stack for forwarding while bypassing other data packets originating from SIP terminals. In this scenario, peak throughput and minimal CPU overhead can be easily achieved.
VoiceGuard can real-time incorporate light-weight traffic for puzzling and bypassing VoIP blocking system without consuming more bandwidth and compromising voice quality. Even in some circumstance, VoiceGuard can simulate traffic behavior of universal data networking protocol such as OICQ, MSN and so on.
For more information, please refer to: http://www.speed-voip.com/index-36.html
Andy
xd.wong@speed-voip.com
andywong-01@hotmail.com