[kwlug-disc] AsteriskNow?

Lori Paniak ldpaniak at fourpisolutions.com
Sat Jul 31 08:38:05 EDT 2010


On Sat, 2010-07-31 at 00:56 -0400, Paul Nijjar wrote:
> On Sun, Jul 25, 2010 at 05:11:13PM -0400, Chris Irwin wrote:
> > On Sun, 2010-07-25 at 15:16 -0400, unsolicited wrote:
> > > Was bopping about the web and came across 
> > > http://www.asterisk.org/asterisknow.
> > > 
> > > Can someone remind me: there is Asterisk, TrixBox, who knows what else?
> > 
> > There is also AskoziaPBX.
> > 
> > I haven't used any of them, and can't really tell you the difference...
> 
> Does anybody know which of these is most amenable to a "secure by
> default" installation? I downloaded one of these distros (Elastix, I
> think?) and it had all of these web components that came with
> (independently-defined) default web passwords. This also made me break
> out in hives. I hope my experience was atypical, but it scared me into
> thinking I should probably forget the Asterisk distros and work from a
> bare Debian install. Am I wrong?
> 
> - Paul
> 

All the Asterisk-based distros I've seen suffer from this near-fatal
flaw.  It is astounding how poor their commitment to system security is.

While starting with a bare Debian install and building your own VoIP box
would solve the security problem(s), I think you would be better off
using a porous distro and adding firewall software.  Then you can
restrict access until you are satisfied.  I use Shorewall to give a
(more) user-friendly interface to iptables.  Shorewall has great
documentation - especially for typical cases.  Just open up UDP ports
5060-5080 for SIP and 10000-30000 for RTP and you should have a
functional, secure VoIP system.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100731/607229ff/attachment-0001.bin>


More information about the kwlug-disc_kwlug.org mailing list