diff options
author | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2001-08-23 17:57:10 +0000 |
---|---|---|
committer | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2001-08-23 17:57:10 +0000 |
commit | a64eaf9e1c94f19cccbed70dd8b021b5556dfaaf (patch) | |
tree | dc2044a33c32e52f45c7409096da1bceb26e99cd /SECURITY | |
parent | 1128564a802d311afe1108857f4a00e81acdb38a (diff) |
Version 0.1.9 from FTP
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@353 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'SECURITY')
-rwxr-xr-x | SECURITY | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/SECURITY b/SECURITY new file mode 100755 index 000000000..fd9873958 --- /dev/null +++ b/SECURITY @@ -0,0 +1,38 @@ +==== Security Notes with Asterisk ==== + +PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION. +IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR +FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES. + +First and foremost remember this: + +USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY +INCOMING CONNECTIONS. + +You should consider that if any channel, incoming line, etc can enter an +extension context that it has the capability of accessing any extension +within that context. + +Therefore, you should NOT allow access to outgoing or toll services in +contexts that are accessible (especially without a password) from incoming +channels, be they IAX channels, FX or other trunks, or even untrusted +stations within you network. In particular, never ever put outgoing toll +services in the "default" context. To make things easier, you can include +the "default" context within other private contexts by using: + + include => default + +in the appropriate section. A well designed PBX might look like this: + +[longdistance] +exten => _91NXXNXXXXXX,1,Dial,Tor/g2/BYEXTENSION +include => local + +[local] +exten => _9NXXNXXX,1,Dial,Tor/g2/BYEXTENSION +include => default + +[default] +exten => 6123,Dial,Tor/1 + + |