asterisk users - Sep 2014 - Asterisk prefix code to dial a high fraud country - security mechanism

Hello, I would to allow users to place calls overseas such as India and
Malaysia but only with a security code. if they don't have a security code
I want to be able to drop the calls.

can someone point me to a right direction to achieve this goal?

Thanks,
Motty
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20140918/d73f2d81/attachment.html>

Hello motty,

Thursday, September 18, 2014, 6:35:40 PM, you wrote:
> Hello, I would to allow users to place calls overseas such as India
> and Malaysia but only with a security code. if they don't have a
> security code I want to be able to drop the calls.?
I use this

exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
        same => n,Playback(silence/1)
        same => n,Authenticate(9084,,4)
        same => n,Macro(outgoingTrunk,${EXTEN})
        same => n,Hangup()

It  uses  a  fixed PIN number which calls a macro which deals with the
actual  dialling,  but  a  standard  Dial command would work here too.
Quick  and  easy, but there are lots of options. If the correct PIN is
not entered, the call is not made.

-- 
Best regards,
 Julian                            mailto:jb_soft at trink.co.uk

On Thursday 18 Sep 2014, motty cruz wrote:
> Hello, I would to allow users to place calls overseas such as India and
> Malaysia but only with a security code. if they don't have a security
code
> I want to be able to drop the calls.
> 
> can someone point me to a right direction to achieve this goal?
> 
> Thanks,
> Motty
Not many people are going to want to answer this definitively, I suspect, for 
fear of being blamed if you copy what they did, it doesn't work for you and 
you get landed with huge bills for calls you didn't make.  Securing Asterisk
is never as easy as you think.


However, if you look back through my own posts, I did post some dialplan code 
a short while ago, relating to a PIN entry.  Feel free to borrow that and play 
around with it; but note, I will not accept any responsibility for it not 
being as secure as you thought!


Another thing to consider would be only allowing overseas calls from a 
particulat context; any extension that does not require the ability to call 
abroad should be placed in a different default context.  If you know you will 
only ever need to call a restricted range of foreign numbers, consider giving 
them "short codes" -- endpoints effectively within your own internal
numbering
scheme -- and sending calls to _00X. to a recorded message.

[overseas-offices]
; this context is only for phones which need the ability to call overseas

; 8000 is office in France
exten => 8000,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8000,n,Dial(${OUT_TRUNK}/0033251478820,180)
exten => 8000,n,Hangup()

; 8010 is office in India
exten => 8010,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8010,n,Dial(${OUT_TRUNK}/00918322494200,180)
exten => 8010,n,Hangup()

; .....

[default]
; play suitably sarchastic announcement to chancers
_00X.,1,Play(ajs-not_allowed)
_00X.,n,Hangup()


Basically, be paranoid; and even then, don't forget, you probably aren't
being
paranoid enough.

-- 
AJS

Note:  Originating address only accepts e-mail from list!  If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .