mirror of
https://github.com/asterisk/asterisk.git
synced 2025-10-31 10:47:18 +00:00
364f873573
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@387 65c4cc65-6c06-0410-ace0-fbb531ad65f3
42 lines
1.4 KiB
Plaintext
Executable File
42 lines
1.4 KiB
Plaintext
Executable File
==== Security Notes with Asterisk ====
|
|
|
|
PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION.
|
|
IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR
|
|
FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES.
|
|
|
|
First and foremost remember this:
|
|
|
|
USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY
|
|
INCOMING CONNECTIONS.
|
|
|
|
You should consider that if any channel, incoming line, etc can enter an
|
|
extension context that it has the capability of accessing any extension
|
|
within that context.
|
|
|
|
Therefore, you should NOT allow access to outgoing or toll services in
|
|
contexts that are accessible (especially without a password) from incoming
|
|
channels, be they IAX channels, FX or other trunks, or even untrusted
|
|
stations within you network. In particular, never ever put outgoing toll
|
|
services in the "default" context. To make things easier, you can include
|
|
the "default" context within other private contexts by using:
|
|
|
|
include => default
|
|
|
|
in the appropriate section. A well designed PBX might look like this:
|
|
|
|
[longdistance]
|
|
exten => _91NXXNXXXXXX,1,Dial,Tor/g2/BYEXTENSION
|
|
include => local
|
|
|
|
[local]
|
|
exten => _9NXXNXXX,1,Dial,Tor/g2/BYEXTENSION
|
|
include => default
|
|
|
|
[default]
|
|
exten => 6123,Dial,Tor/1
|
|
|
|
|
|
DON'T FORGET TO TAKE THE DEMO CONTEXT OUT OF YOUR DEFAULT CONTEXT. There
|
|
isn't really a security reason, it just will keep people from wanting to
|
|
play with your asterisk setup remotely.
|