On 26-07-14 14:23, Jeffrey Walton wrote:
Does anyone know of Security Architecture or Security Evaluations
documents that I could read?
Searching is turning up no hits. For example,
http://www.google.com/#q=security+evaluation+site:asterisk.org and
http://www.google.com/#q=security+architecture+site:asterisk.org.
Assuming "security+evaluation" refers to Common Criteria, I'm not aware
of any Common Criteria initiatives in relation to Asterisk (nor
FreeSWITCH, OpenSIPS, Kamailio, Yate or any other Open Source VoIP
project I'm aware of). Asterisk is a toolbox with many flexible building
blocks and not a product like Cisco CallManager with pre-defined
features set in stone. As such it doesn't really make sense to get
Asterisk certified, if possible at all. It would be like trying to
certify C or Python. If EALx certification is your requirement then have
a look at the CallManager as iirc it's EAL1 certified.
Re "asterisk+architecture", Asterisk Security related best practices are
described here:
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
HTH,
Patrick
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users