Version 0.1.9 from FTP

git-svn-id: http://svn.digium.com/svn/asterisk/trunk@353 f38db490-d61c-443f-a65b-d21fe96a405b

1 files changed, 38 insertions, 0 deletions

diff --git a/SECURITY b/SECURITY
new file mode 100755
index 000000000..fd9873958
--- /dev/null
+++ b/SECURITY
@@ -0,0 +1,38 @@
+==== Security Notes with Asterisk ====
+
+PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION.  
+IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR
+FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES.
+
+First and foremost remember this:
+
+USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY
+INCOMING CONNECTIONS.
+
+You should consider that if any channel, incoming line, etc can enter an
+extension context that it has the capability of accessing any extension
+within that context. 
+
+Therefore, you should NOT allow access to outgoing or toll services in
+contexts that are accessible (especially without a password) from incoming
+channels, be they IAX channels, FX or other trunks, or even untrusted
+stations within you network.  In particular, never ever put outgoing toll
+services in the "default" context.  To make things easier, you can include
+the "default" context within other private contexts by using:
+
+	include => default
+
+in the appropriate section.  A well designed PBX might look like this:
+
+[longdistance]
+exten => _91NXXNXXXXXX,1,Dial,Tor/g2/BYEXTENSION
+include => local
+
+[local]
+exten => _9NXXNXXX,1,Dial,Tor/g2/BYEXTENSION
+include => default
+
+[default]
+exten => 6123,Dial,Tor/1
+
+