Terry Wilson wrote: > ----- Original Message ----- >> From: "Sam Muro" <resea...@businesstz.com> >> To: asterisk-users@lists.digium.com >> Sent: Friday, October 14, 2011 2:02:01 AM >> Subject: [asterisk-users] Asterisk Security: Allow only one phone per >> sip registration >> Hi there >> >> Consider this. You have three SIP extension 200, 201 and 202 and you >> have >> configured your phones, say Polycom 331 to those accounts. 200 being >> one >> very sensitive individual. >> >> Lets say, an insider, get a new phone or perhaps an xlite and >> configure it >> with the same extension, 200. Asterisk will register it as 200 to the >> new >> IP address. Now extension 202 call 200. The hacker answers it and >> pretend >> is the same person. Do what he want to do and thats it. >> >> Question; >> How can i stop this type of threat > > I would recommend actually setting a different secret field in sip.conf > for each device so that your would-be attacker isn't able to register as > someone else.
Is there a way one can bind sip account to specific mac-address (assume on the same subnet). In this way, even if you know the username/secret, you will still have to use the same physical phone, unless you play with mac-address. > Or you could buy a gun. I bet the insider would be very > afraid of the gun and would therefore avoid any shenanigans while you were > around. This would especially be true if you randomly shot items like > coffee cups and plants whenever you thought they were looking at you > funny. That'll show 'em. Lol! Here they will name you a "terrorist" > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users