Lee, John (Sydney)
2008-May-12 23:43 UTC
[asterisk-users] Newbie Dialplan: Best Practice in using Context - Do not use Default??
In "The future of Telephony", it says "... We should also note for security's sake you should always make sure that your [incoming] context never allows outbound dialing. (If by chance it did, people could dial into your system and make outbound toll calls that would be charged to you!) The book was demonstrating using a PSTN environment and the zapata.conf was something like: context=internal signaling=fxo_ks channel=>1 context=incoming signaling=fxs_ks channel=>2 In PRI environment, does it mean that we have to purposely separate the say ISDN 20 channels into [internal] and [incoming] as well? This would not make sense to me as ISDN uses a one port card to contain multiple channels while the ports of a say TDM400P refer to each channel. If I just define a [default] context for a PRI environment, is this insecure? Can someone please enlighten me on this?
C. Chad Wallace
2008-May-13 00:08 UTC
[asterisk-users] Newbie Dialplan: Best Practice in using Context - Do not use Default??
At 9:43 AM on 13 May 2008, Lee, John (Sydney) wrote:> In "The future of Telephony", it says "... We should also note for > security's sake you should always make sure that your [incoming] > context never allows outbound dialing. (If by chance it did, people > could dial into your system and make outbound toll calls that would > be charged to you!) > > The book was demonstrating using a PSTN environment and the > zapata.conf was something like: > context=internal > signaling=fxo_ks > channel=>1 > > context=incoming > signaling=fxs_ks > channel=>2 > > In PRI environment, does it mean that we have to purposely separate > the say ISDN 20 channels into [internal] and [incoming] as well? > This would not make sense to me as ISDN uses a one port card to > contain multiple channels while the ports of a say TDM400P refer to > each channel. > > If I just define a [default] context for a PRI environment, is this > insecure? > > Can someone please enlighten me on this?In the example you quoted, channel 1 is an FXS port, which would be an internal extension--a phone--from which someone would be allowed to make an outbound call. Channel 2 is an FXO port, which is connected to the PSTN, and would take incoming calls from "the wild". So in that example, you wouldn't want the "incoming" context to be allowed to make outbound calls. In your case, I'm guessing all your Zap channels come from the PRI, which is connected to the PSTN. If so, then you're right--you just need one context for your zapata.conf which you would use on all your ISDN channels. Just don't let that context dial out. I don't know if you'd want to call that context "default"... because that one seems to be "special" in Asterisk. But maybe I'm just being superstitious. :-) -- C. Chad Wallace, B.Sc. The Lodging Company http://www.skihills.com/ OpenPGP Public Key ID: 0x262208A0 Debian Hint #14: If you would like to follow things happening to a package (for example, if you want to see bug reports, release notices, and other similar things), consider subscribing to it on the Package Tracking System. You can find out more about the PTS at: http://www.debian.org/doc/manuals/developers-reference/ch-resources.en.html (Section 4.10)
Paul Hales
2008-May-13 04:25 UTC
[asterisk-users] Newbie Dialplan: Best Practice in using Context - Do not use Default??
With an ISDN10/20/30/etc, I would just put all the lines into an 'incoming' context - and make sure that incoming context doesn't have any includes (unless you really need them...) PaulH On Tue, 2008-05-13 at 09:43 +1000, Lee, John (Sydney) wrote:> In "The future of Telephony", it says "... We should also note for > security's sake you should always make sure that your [incoming] context > never allows outbound dialing. (If by chance it did, people could dial > into your system and make outbound toll calls that would be charged to > you!) > > The book was demonstrating using a PSTN environment and the zapata.conf > was something like: > context=internal > signaling=fxo_ks > channel=>1 > > context=incoming > signaling=fxs_ks > channel=>2 > > In PRI environment, does it mean that we have to purposely separate the > say ISDN 20 channels into [internal] and [incoming] as well? > This would not make sense to me as ISDN uses a one port card to contain > multiple channels while the ports of a say TDM400P refer to each > channel. > > If I just define a [default] context for a PRI environment, is this > insecure? > > Can someone please enlighten me on this? > > > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users