In your sip.conf file allowguest defaults to yes. This means that anyone that can reach the SIP ports on that system has access to make unauthenticated calls, by default. The administrator actually has to go in and turn it off to prevent unauthenticated SIP calls (in whatever context [general] points at). Does anyone else agree with me that this is a poor default? I'd like to see the default setting changed. It seems to me that this default is the reason behind the doc/security.txt bias against using the "default" context for toll calls. Thanks, Lee.
Lee Howard wrote:> Does anyone else agree with me that this is a poor default? I'd like to > see the default setting changed. > >I've always considered it to be good practice that something that may leave your system vulnerable, should be disabled by default. So yes, I would agree. Doug -- Ben Franklin quote: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
Administrator TOOTAI
2009-Nov-12 14:41 UTC
[asterisk-users] allowguest defaults to yes for SIP
Lee Howard a ?crit :> In your sip.conf file allowguest defaults to yes. This means that > anyone that can reach the SIP ports on that system has access to make > unauthenticated calls, by default. The administrator actually has to go > in and turn it off to prevent unauthenticated SIP calls (in whatever > context [general] points at). > > Does anyone else agree with me that this is a poor default? I'd like to > see the default setting changed. > > It seems to me that this default is the reason behind the > doc/security.txt bias against using the "default" context for toll calls. >Agree. Another possibility would be to have a guestcontext defined in default. This context would exist but empty. -- Daniel
On Thursday 12 November 2009 07:47:34 Lee Howard wrote:> In your sip.conf file allowguest defaults to yes. This means that > anyone that can reach the SIP ports on that system has access to make > unauthenticated calls, by default. The administrator actually has to go > in and turn it off to prevent unauthenticated SIP calls (in whatever > context [general] points at).Actually, they only have access to your default context. Whether you make available outgoing calls in your default context is your choice. By default, there is no capability of making outgoing calls from your default context.> Does anyone else agree with me that this is a poor default? I'd like to > see the default setting changed.The purpose of the allowguest option is to allow persons to call into your system from a zero-knowledge position. This allows you to publish a general SIP address as a point of contact. The reason why it is set that way in the sample configuration is to make it easy for new users to get to that magic moment when Asterisk first responds to their call (in essence, to get the user "hooked").> It seems to me that this default is the reason behind the > doc/security.txt bias against using the "default" context for toll calls.Correct, you should be using something like "internal" instead. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org