Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] connecting my telephone to the internet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-08-25 16:06, Per Jessen wrote:
Carlos E. R. wrote:

I don't have field experience with asterisk, only some training. Reading the
documentation I understood it was a risk, but I don't recall exactly why. On
a bussiness
you might get a call from a longtime and good client, dispatch a cargo to be
charged 30
days later, and then learn it was a fired employee or someone from a rival
company,
faking the ID on the phone. Yes, it is social engineering, but trusting the
number you
see in your terminal is part of the issue.

But that goes for POTS too, it isn't specific to Asterisk or VOIP.

At least here the ID via POTs could be trusted, the network was closed.


I don't think anyone has ever called me using purely VoIP, but running an
Asterisk server
that refuses inbound SIP calls seems like having a POTS PBX that doesn't
accept external
calls.

No, you accept calls identified by the Telco.


One security risk with Asterisk is perhaps external SIP-clients. We have a
number of
people who primarily work from home. They're all have office phones at home,
connected to
the Asterisk box over VoIP over the internet.

Two risks -

1) the SIP sign-on (userid+password) is, AFAIK, not encrypted, so it could be
intercepted,
giving someone access to use our internal system. 2) brute force attack
trying to guess
the password. It is easily countered, but we had a case last year where
someone managed to
guess a SIP userid+password. It meant a slightly higher phone-bill that
month :-)

You can encrypt both login data and conversations (two separate configs). We
did that during
my training.

- --
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 "Asparagus" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlA4544ACgkQIvFNjefEBxqaSQCdEmaCIIwmZa8sTFr4rT1FdTPK
jfgAoIAjsfACiZ5GxBVPio6jn9Pl+xmX
=c1ei
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups