On Tue, 2009-03-10 at 18:15 -0400, Gregory Boehnlein wrote: > > > The only comment that I have related to this is that it would be nice to > > > allow Switchvox customers the ability to access and use IPtables in some > > > fashion, so that IP based blocking could be done on that platform. Even > if > > > it is something as simple as an "allow connections from x.x.x.x to SIP > and > > > IAX" list w/ a default "deny all" strategy. > > > > We're smart folk -- why don't we do some sort of > how-to-secure-your-asterisk-box video and stick on youtube and be done > > with this topic? :-) > > Sounds like a plan. Let me know when you have the video ready so I can send > out the link to people.
because the data gets out of date fast enough, and people may be watching an older version, plus its higher bandwidth to convey some information, I think it should be a wiki style text thing that will allow more people to contribute, and let people customize the information to their setup, as opposed to a video which allows only the creator of the video to do it, you may find incompatible methods which are harder to combine I generally think the video idea is not quite as good. Security is not a one size fits all thing, its got to be a thing that is integrated into the particular set up that exists, and its something that has to be maintained, its not a set it and forget it thing. Look at history, a "secure" system 6 months ago is hardly considered secure today in general, and new technologies and threats are coming out all the time to change the balance which has to be kept on top of. My vote would be more for a wiki style on VoIP security in general, with places for application specific security things. So it could be more than just asterisk, and could potentially also include information on how to code AGIs and other things (even things unrelated to asterisk) in a secure way. It should also discuss why someone would want that particular component in their overall security system, what the benefits are, what the downsides are, etc. These could be quick blurbs which wiki formatting generally makes easy enough to do. An *example* without much thought going into it, template could be something like: ==Description== ... ==Intended Topology== for example SOHO network or enterprise or ... ==Required Software/Hardware== for example crypto cards for SRTP/TLS ==Benefits== ... ==Downsides== ... ==How to== ... and it should include instructions for different operating systems, even within the asterisk community there are various different operating systems that asterisk runs on, when you go to the wider open source voip stuff you see an even larger list of operating systems, as well as switching software, different methods and libraries for "add on" programs (AGI, event socket, etc), blah blah blah. For a free solution voip-info.org can have something like this set up, I dont know for sure, but I am fairly certain they wouldnt mind. If there is a framework done initially, most people will use that framework in creating new pages, people love to copy templates when writing all new pages, so some real thought should be put into this before it goes up so that you dont have to refit everything. And if the server uses something like mediawiki you can create a template making it easier to plug in the various things and keep formatting about the same, this also can make it easier to quickly determine if this is a suitable strategy for what you want/need, searchable, and even allow for categories so people can quickly browse for the information they want. -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz