<html><head>
<meta name="viewport" content="width=device-width"
/><meta http-equiv="Content-Type"
content="text/vnd.ui.secure+html;charset=utf-8"
/></head><body><div class="mail_android_message"
style="line-height: 1; padding: 0.5em">Thanks for the reply. I do
know the security practices and I am using VoIP. The problem is that I do not
know how to configure the feature access codes including transfer.<br>
</div><div class="mail_android_quote"
style="line-height: 1; padding: 0.3em">On 15/10/2016, 21:42 Steve
Edwards <<a
href="http://asterisk.org">asterisk.org</a>@sedwards.com>
wrote:<blockquote class="gmail_quote" style="margin: 0.8ex 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left:
1ex;">
On Sat, 15 Oct 2016, tux john wrote:<br />
<br />
> Hi. Kinda new to the area and I would like some help please. I
have<br />
> asterisk 11 in my system and I have 10 users and 12 DIDs. One did
routed<br />
> to each user and 2 DIDs for faxing. Everything works fine but I do
not<br />
> have call transfer between extensions and feature access codes. I
have<br />
> read somewhere that enabling call transfer can be a security hole
for<br />
> sip attackers.<br />
<br />
Are these incoming calls copper or VOIP?<br />
<br />
If you only accept copper calls, make sure Asterisk is only listening
to<br />
127.0.0.1 and enforce this policy with another layer dropping any
incoming<br />
SIP packets at the firewall.<br />
<br />
If you only intend to accept calls from your ISP, configure Asterisk
to<br />
only accept calls from your ISP, and enforce this policy at the
firewall.<br />
<br />
If you accept calls from everyone, re-think your definition of
'everyone.'<br />
It probably does not include Iraq, North Korea, China, Russia, etc.<br
/>
Configure Asterisk and your firewall accordingly.<br />
<br />
Beyond this, follow 'best practices' (google for sip best practices
--<br />
John Todd did a list years back, Nerdvittles probably will also be a
good<br />
resource) like long, random user names and passwords, only allow
needed<br />
features to each class of users, etc.<br />
<br />
--<br />
Thanks in advance,<br />
-------------------------------------------------------------------------<br
/>
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST<br />
<a href="https://www.linkedin.com/in/steve-edwards-4244281"
target="_blank">https://www.linkedin.com/in/steve-edwards-4244281</a><br
/>
<br />
--<br />
_____________________________________________________________________<br
/>
-- Bandwidth and Colocation Provided by<a
href="http://www.api-digital.com" target="_blank">
http://www.api-digital.com</a> --<br />
<br />
Join the Asterisk Community at the 13th AstriCon, September 27-29,
2016<br />
<a
href="http://www.asterisk.org/community/astricon-user-conference"
target="_blank">http://www.asterisk.org/community/astricon-user-conference</a><br
/>
<br />
New to Asterisk? Start here:<br />
<a
href="https://wiki.asterisk.org/wiki/display/AST/Getting+Started"
target="_blank">https://wiki.asterisk.org/wiki/display/AST/Getting+Started</a><br
/>
<br />
asterisk-users mailing list<br />
To UNSUBSCRIBE or update options visit:<br />
<a
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br
/>
</blockquote></div></body></html>