aboutsummaryrefslogtreecommitdiffstats
path: root/1.2-netsec/SECURITY
diff options
context:
space:
mode:
Diffstat (limited to '1.2-netsec/SECURITY')
-rw-r--r--1.2-netsec/SECURITY67
1 files changed, 0 insertions, 67 deletions
diff --git a/1.2-netsec/SECURITY b/1.2-netsec/SECURITY
deleted file mode 100644
index 3290cba48..000000000
--- a/1.2-netsec/SECURITY
+++ /dev/null
@@ -1,67 +0,0 @@
-==== Security Notes with Asterisk ====
-
-PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION.
-IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR
-FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES.
-
-Asterisk security involves both network security (encryption, authentication)
-as well as dialplan security (authorization - who can access services in
-your pbx). If you are setting up Asterisk in production use, please make
-sure you understand the issues involved.
-
-* NETWORK SECURITY
-
-If you install Asterisk and use the "make samples" command to install
-a demonstration configuration, Asterisk will open a few ports for accepting
-VoIP calls. Check the channel configuration files for the ports and IP addresses.
-
-If you enable the manager interface in manager.conf, please make sure that
-you access manager in a safe environment or protect it with SSH or other
-VPN solutions.
-
-For all TCP/IP connections in Asterisk, you can set ACL lists that
-will permit or deny network access to Asterisk services. Please check
-the "permit" and "deny" configuration options in manager.conf and
-the VoIP channel configurations - i.e. sip.conf and iax.conf.
-
-The IAX2 protocol supports strong RSA key authentication as well as
-AES encryption of voice and signalling. The SIP channel does not
-support encryption in this version of Asterisk.
-
-* DIALPLAN SECURITY
-
-First and foremost remember this:
-
-USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY
-INCOMING CONNECTIONS.
-
-You should consider that if any channel, incoming line, etc can enter an
-extension context that it has the capability of accessing any extension
-within that context.
-
-Therefore, you should NOT allow access to outgoing or toll services in
-contexts that are accessible (especially without a password) from incoming
-channels, be they IAX channels, FX or other trunks, or even untrusted
-stations within you network. In particular, never ever put outgoing toll
-services in the "default" context. To make things easier, you can include
-the "default" context within other private contexts by using:
-
- include => default
-
-in the appropriate section. A well designed PBX might look like this:
-
-[longdistance]
-exten => _91NXXNXXXXXX,1,Dial(Zap/g2/${EXTEN:1})
-include => local
-
-[local]
-exten => _9NXXNXXX,1,Dial(Zap/g2/${EXTEN:1})
-include => default
-
-[default]
-exten => 6123,Dial(Zap/1)
-
-
-DON'T FORGET TO TAKE THE DEMO CONTEXT OUT OF YOUR DEFAULT CONTEXT. There
-isn't really a security reason, it just will keep people from wanting to
-play with your Asterisk setup remotely.