Your SlideShare is downloading. ×
0
Asterisk Stability & Security
with kingasterisk
Protect your investment
www.kingasterisk.com
Skype : kingasterisk
Introduction

 What if the server goes down ?
 What if someone hacks into your 8 e1

asterisk server and makes calls to
...
Overview

 Asterisk Performance Update
 Asterisk Stability
 Asterisk Security
 Asterisk Monitoring
Asterisk Performance Update


Updates since Astricon 2004:
- Smaller memory footprint
- Less file descriptors used
- Memo...
Astertest Testlab
Astertest Cables
Overview

 Asterisk Performance Update
 Asterisk Stability
 Asterisk server monitoring
 Asterisk Security
Asterisk Stability

 Hardware reliability
 Software stability
Asterisk Stability – Hardware Reliability

 What is the cost of having no PBX service
for your company ?

 What if you a...
Asterisk Stability – Hardware Reliability

 What if you experience:
- power outage ?
- a broken HD ?
- a broken Zaptel ca...
Asterisk Stability – Hardware Reliability

 Power outage:
 Traditional phones are self powered.

Solution: use a UPS to...
Asterisk Stability – Hardware Reliability

 A broken HD ?
 Use raid > 0
 SCSI has a bigger mean time to failure.
 F...
Asterisk Stability – Hardware Reliability

 A broken Zaptel card or a broken server ?
 Make sure you have a replacement,...
Asterisk Stability – Hardware Reliability

 No Internet connectivity ?
 Spare router / modem / switch ?
 Failover Int...
Label all cables!!
Asterisk Stability / Quality Updates
Software related since Astricon ‘04

 Real CVS-stable / CVS-head (Thanks Russell!)
...
Changes in hardware reliability

 New Zaptel hardware (te411p, te4xxp,

TDM, IAXy2, …).
 New drivers with a lot of bug f...
* reliability / stability recommendations
 Use decent but not exotic hardware
 Put Zaptel on a different PCI-bus than Ni...
* reliability / stability recommendations

 Use a stable Asterisk version.
 Take a common OS -> Linux.
 Test software u...
Overview

 Asterisk Performance Update
 Asterisk Stability
 Asterisk server monitoring
 Asterisk Security
Asterisk server monitoring

 NAGIOS
  http://karlsbakk.net/asterisk/


http://megaglobal.net/docs/asterisk/html/aster...
Overview

 Asterisk Performance Update
 Asterisk Stability
 Asterisk server monitoring
 Asterisk Security
Asterisk Security

 Asterisk Configuration stupidity
 Asterisk hardening
 Privacy protection
Asterisk Configuration Stupidity

 Dial plan security
 SIP.conf
 IAX2.conf
 Manager.conf
 Billing problems
Dial plan security

 - Extension hopping
 - CallerID based protections
 - _.
 - Demo context
 - User access to the di...
Extension hopping
 User can reach ANY extension in the current
context:

[internal]
exten => intro,1,Background(question)...
CallerID based protection
exten => _X.,1,GotoIf($[“$
{CALLERIDNUM}”=“32134”?3);
exten => _X.,2,Hangup();
exten => _X.,3,Di...
Inappropriate use of _.
 _. Would match EVERYTHING!
(also fax, hang up, invalid, timeout,….)
Example:
exten => _.,1,Playb...
demo context

 Not a real security risk
 But… Someone might play with your

system and use up your bandwidth, make
prank...
User access to the dialplan

 - AMP and other GUI’s might allow the

ISP’s user to change a dial plan in his own
context....
Default context

 Example:
[default]
Include outgoing;
Include internal;
OH OH OH, guest calls will go to the default
con...
Context usage:

 A call has two legs, the used context is the

context defined for that user/channel in the
config file f...
Context usage:

 In sip.conf, zapata.conf, iax2.conf…
A default context is defined, if there is no
specific context setti...
Limit simultaneous calls


Sometimes you don’t want a user to make multiple
simultaneous calls.



E.g.: prepay / callin...
Sip.conf
















Default context
Bindport, bindhost, bindip
[username] vs username=
Permit, deny, ma...
Bindport, bindhost,bindip

 If you only use sip for internal calls, don’t

put bindip=0.0.0.0 but limit it to the interna...
Permit, deny, mask

 Disallow everything, then allow per user
the allowed hosts or ranges.
(Multiple are allowed.)
SIP.conf – insecure option
Insecure = …

 No: the default, always ask for authentication
 Yes: To match a peer based by ...
User vs Peer vs Friend in SIP
 USER: never registers only makes calls
 PEER: can register + can make calls.
[user1]
type...
Allowguest =…

 True: unauthenticated users will arrive in

the default context as defined in sip.conf
 False: unauthent...
autocreatepeer
 The autocreatepeer option allows, if set to Yes,

any SIP UA to register with your Asterisk PBX as
a peer...
Pedantic

 Defaults to pedantic=no
 If enabled, this might allow a denial of

service by sending a lot of invites, causi...
Realm

 Realm=Asterisk; Realm for digest

authentication
; Defaults to “Asterisk"
; Realms MUST be globally unique
accord...
How is authentication done?



chan_sip.c: /* Whoever came up with the
authentication section of SIP can suck my
%*!#$ fo...
How is authentication done?


Look at FROM header in SIP message for the username:

-> browse sip.conf for a type=user wi...
Secret vs md5secret

 With SIP all passwords are md5 encrypted
when sending the packets, but are stored
in plaintext in s...
Secret vs md5secret
 echo - n "<user>:<realm>:<secret>" | md5sum
 E.g.:
echo -n "user:asterisk:blabla" | md5sum
e1b58823...
Username= vs [username]

 [username] is for authentication a client
connecting to asterisk.

Username=… is to have your a...
Iax.conf

 auth=plaintext,md5,rsa
 User authentication logic
 Default context
 [username] vs username=
 Permit, deny,...
iax.conf - auth

 Plaintext: passes are sent in plaintext
 Md5: encrypt the password with md5
 RSA: use public key / pr...
User vs Peer vs friend
 USER: can only accept calls
 PEER: can only make calls
 FRIEND: can do both
[user1]
type=user
[...
How is authentication done?


In iax2: (cvs-head!!)

Pseudocode:
Is username supplied ?
-> yes -> matched against iax.con...
 Add a last entry in iax.conf with no

password to force nosecret access into a
specific context.
 If you use realtime, ...
Manager.conf
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
[zoa]
secret = blabla
deny=0.0.0.0/0.0.0.
permit=221.1...
Manager.conf

 No encryption is used, even the password
is sent in plaintext.

 Don’t enable it on a public IP.
 Use ht...
Asterisk Security

 Asterisk Configuration stupidity
 Asterisk hardening
 Privacy protection
Asterisk Hardening












Asterisk as non-root user
Asterisk in CHROOT
Asterisk in a JAIL
Asterisk with li...
Asterisk as non root user
adduser --system --home /var/lib/asterisk --no-create-home Asterisk
chown -r asterisk:asterisk /...
Asterisk with limited read / write permissions

 Asterisk has no write permissions for its
config files and is running as...
Asterisk in chroot

 Changes the root directory visible to

asterisk to e.g. /foo/bar
 Pretty useless if asterisk is run...
Asterisk in a jail
 Changes the root




directory visible to
Asterisk.
Limits the
commands /
programs any user in
this...
Zaptel kernel modules
 Zaptel is module only, cannot be put into the
kernel.

 Hackers like to hide in a module, they ca...
Firewalling / shaping / NAT

 Block everything except the ports you
really want. (5060, 4569, …)

 RTP ports are a big p...
Limit access to tty9

 safe_asterisk opens a console on tty9.
This does not require a password and will
provide a root sh...
Linux Hardening

 GRsec (2.6.x)
 Openwall (2.4.x)
 Remove all unneeded things.
Remote logging

 Remote syslog
 Put Asterisk log files (and other log files on
a remote server).
Tripwire

 Make hashes of all the important files on
the server and check them for changes
you didn’t do.
Limit server processes
 An Asterisk server should be only:
-

OS + ASTERISK.
No database
No APACHE
No PHP
(If you really ...
Asterisk Security

 Asterisk Configuration stupidity
 Asterisk hardening
 Privacy protection
Asterisk privacy

 Encryption
 Monitoring
 CallerID spoofing
 CallingPRES
Call Encryption - SIP

 SRTP -> method to encrypt voice packets.
 TLS -> method to encrypt signaling
packets.

Both are...
Call Encryption – IAX2

 30/12/2004 2:07
Modified Files: chan_iax2.c iax2-parser.c
iax2-parser.h iax2.h Log Message: Mino...
Call Encryption – General solution

 Send you packets through a VPN or
tunnel.

 Use only UDP tunnels to avoid delays.
K...
Call Encryption – Tunnel solution
Advantage, CPU expensive encryption

can happen on dedicated machine.
 Disadvantage: d...
Monitoring

 ZapBarge
 ChanSpy
 Monitor
Thank you Very Much......!!!
For More Information
www.kingasterisk.com
What Is IVR ?
What Is IVR ?
What Is IVR ?
What Is IVR ?
What Is IVR ?
What Is IVR ?
Upcoming SlideShare
Loading in...5
×

What Is IVR ?

292

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
292
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "What Is IVR ?"

  1. 1. Asterisk Stability & Security with kingasterisk Protect your investment www.kingasterisk.com Skype : kingasterisk
  2. 2. Introduction  What if the server goes down ?  What if someone hacks into your 8 e1 asterisk server and makes calls to inmarsat ?  Inmarsat : 5 euro / min. In 24 hours, on 8 e1s  1728000 euro
  3. 3. Overview  Asterisk Performance Update  Asterisk Stability  Asterisk Security  Asterisk Monitoring
  4. 4. Asterisk Performance Update  Updates since Astricon 2004: - Smaller memory footprint - Less file descriptors used - Memory leaks found / removed - Less RTP ports opened - Codec optimizations (especially Speex) - Hardware echo canceller - FastAGI - Realtime - Remote MOH - ds3000 / te411p - Channel walk optimization
  5. 5. Astertest Testlab
  6. 6. Astertest Cables
  7. 7. Overview  Asterisk Performance Update  Asterisk Stability  Asterisk server monitoring  Asterisk Security
  8. 8. Asterisk Stability  Hardware reliability  Software stability
  9. 9. Asterisk Stability – Hardware Reliability  What is the cost of having no PBX service for your company ?  What if you are an ISP and your customers can’t dial out ?
  10. 10. Asterisk Stability – Hardware Reliability  What if you experience: - power outage ? - a broken HD ? - a broken Zaptel card ? - a broken server ? - no Internet connectivity ?
  11. 11. Asterisk Stability – Hardware Reliability  Power outage:  Traditional phones are self powered. Solution: use a UPS to power the (PoE) phones, the switches, PBX, modem, router,…  If you have a low power PBX, the phone system could run for hours on a small UPS.  Don’t use Ethernet over power for mission critical phone lines.
  12. 12. Asterisk Stability – Hardware Reliability  A broken HD ?  Use raid > 0  SCSI has a bigger mean time to failure.  Flashdisks, realtime, netboot, live CD’s.
  13. 13. Asterisk Stability – Hardware Reliability  A broken Zaptel card or a broken server ?  Make sure you have a replacement, (maybe even hot standby) with all the modules you need, jumpers already set,…
  14. 14. Asterisk Stability – Hardware Reliability  No Internet connectivity ?  Spare router / modem / switch ?  Failover Internet connection ?  Failover to / from PSTN ?
  15. 15. Label all cables!!
  16. 16. Asterisk Stability / Quality Updates Software related since Astricon ‘04  Real CVS-stable / CVS-head (Thanks Russell!)  Major cleanups / code audits.  New h323 channel coming (chan_ooh323)  Packet Loss Concealment  IAX2 / SIP jitter buffer (mantis 3854)  A lot of libpri, chan_sip, chan_h323 changes for    better compatibility / stability. DUNDi (easier load balancing with round robin DNS) OSP Kernel 2.6.11.x
  17. 17. Changes in hardware reliability  New Zaptel hardware (te411p, te4xxp, TDM, IAXy2, …).  New drivers with a lot of bug fixes and optimizations.  End of life for x100p and Tormenta cards.  Hardware echo cancellers -> lower CPU load -> more calls it can handle before asterisk turns unstable.
  18. 18. * reliability / stability recommendations  Use decent but not exotic hardware  Put Zaptel on a different PCI-bus than Nics and      video cards. Read tutorials on interrupts, APIC and other common problems. Load test your setup Design a failover system Noload unused modules Use recent firmware Zaptel cards
  19. 19. * reliability / stability recommendations  Use a stable Asterisk version.  Take a common OS -> Linux.  Test software upgrades in a test lab.  Stay away from experimental Asterisk modules -> h323, skinny.  Don’t patch production Asterisk servers.  Keep your old Asterisk binaries after an upgrade for easy restore of known working versions.
  20. 20. Overview  Asterisk Performance Update  Asterisk Stability  Asterisk server monitoring  Asterisk Security
  21. 21. Asterisk server monitoring  NAGIOS   http://karlsbakk.net/asterisk/  http://megaglobal.net/docs/asterisk/html/asteri  Argus: http://argus.tcp4me.com/  SNMP: http://www.faino.it/en/asterisk.html
  22. 22. Overview  Asterisk Performance Update  Asterisk Stability  Asterisk server monitoring  Asterisk Security
  23. 23. Asterisk Security  Asterisk Configuration stupidity  Asterisk hardening  Privacy protection
  24. 24. Asterisk Configuration Stupidity  Dial plan security  SIP.conf  IAX2.conf  Manager.conf  Billing problems
  25. 25. Dial plan security  - Extension hopping  - CallerID based protections  - _.  - Demo context  - User access to the dial plan  - Be careful with the default context  - Limit simultaneous calls
  26. 26. Extension hopping  User can reach ANY extension in the current context: [internal] exten => intro,1,Background(question); exten => 1,spanish,Goto(Spanish) exten => 2,english,Goto(English) exten => _XX.,1,Dial(ZAP/g1/${EXTEN});
  27. 27. CallerID based protection exten => _X.,1,GotoIf($[“$ {CALLERIDNUM}”=“32134”?3); exten => _X.,2,Hangup(); exten => _X.,3,Dial(${EXTEN});  When not explicitly defined for each user/channel in zapata.conf, sip.conf, iax.conf, the user can choose his own CallerID!
  28. 28. Inappropriate use of _.  _. Would match EVERYTHING! (also fax, hang up, invalid, timeout,….) Example: exten => _.,1,Playback(blah); exten => _.,2,Hangup;  Causing a FAST LOOP. (changed in CVS-head)
  29. 29. demo context  Not a real security risk  But… Someone might play with your system and use up your bandwidth, make prank calls to Digium, make Mark Spencer very unhappy and cause him to introduce you to a very big shotgun…
  30. 30. User access to the dialplan  - AMP and other GUI’s might allow the ISP’s user to change a dial plan in his own context. E.g.: hosted PBX’s  - Goto / GotoIf / dial(Local/…) -> context hopping.  - System -> could do anything
  31. 31. Default context  Example: [default] Include outgoing; Include internal; OH OH OH, guest calls will go to the default context!!!!!
  32. 32. Context usage:  A call has two legs, the used context is the context defined for that user/channel in the config file for that protocol. E.g: - Zap to sip call: context set in zapata.conf is used - SIP to IAX2 call: context in sip.conf is used
  33. 33. Context usage:  In sip.conf, zapata.conf, iax2.conf… A default context is defined, if there is no specific context setting for this channel or user, than the default context is used!
  34. 34. Limit simultaneous calls  Sometimes you don’t want a user to make multiple simultaneous calls.  E.g.: prepay / calling cards Solution: setgroup, checkgroup (don’t trust incominglimit.) exten => s,1,SetGroup(${CALLERIDNUM}) exten => s,2,CheckGroup(1) Only good if the CallerID cannot be spoofed !!!! Consider using accountcode for this.
  35. 35. Sip.conf               Default context Bindport, bindhost, bindip [username] vs username= Permit, deny, mask Insecure=yes, very, no User vs peer vs friend Allowguest Autocreatepeer Pedantic Ospauth Realm Md5secret User authentication logic Username= vs [username]
  36. 36. Bindport, bindhost,bindip  If you only use sip for internal calls, don’t put bindip=0.0.0.0 but limit it to the internal IP.  Changing the bindport to a non 5060 port might save you from portscan sweeps for this port.
  37. 37. Permit, deny, mask  Disallow everything, then allow per user the allowed hosts or ranges. (Multiple are allowed.)
  38. 38. SIP.conf – insecure option Insecure = …  No: the default, always ask for authentication  Yes: To match a peer based by IP address only    and not peer. Insecure=very ; allows registered hosts to call without re-authenticating, by ip address Insecure=port; we don’t care if the portnumber is different than when they registered Insecure=invite; every invite is accepted.
  39. 39. User vs Peer vs Friend in SIP  USER: never registers only makes calls  PEER: can register + can make calls. [user1] type=user [user1] type=peer Is allowed and the same as type=friend if the other parameters are identical!!!
  40. 40. Allowguest =…  True: unauthenticated users will arrive in the default context as defined in sip.conf  False: unauthenticated users will get a permission denied error message.  OSP: to allow guest access for voip traffic coming from an OSP server.
  41. 41. autocreatepeer  The autocreatepeer option allows, if set to Yes, any SIP UA to register with your Asterisk PBX as a peer. This peer's settings will be based on global options. The peer's name will be based on the user part of the Contact: header field's URL.  This is of course a very high security risk if you haven't got control of access to your server. © Olle
  42. 42. Pedantic  Defaults to pedantic=no  If enabled, this might allow a denial of service by sending a lot of invites, causing a lot of (slow) DNS lookups.
  43. 43. Realm  Realm=Asterisk; Realm for digest authentication ; Defaults to “Asterisk" ; Realms MUST be globally unique according to RFC 3261 ; Set this to your host name or domain name
  44. 44. How is authentication done?  chan_sip.c: /* Whoever came up with the authentication section of SIP can suck my %*!#$ for not putting an example in the spec of just what it is you're doing a hash on. */
  45. 45. How is authentication done?  Look at FROM header in SIP message for the username: -> browse sip.conf for a type=user with that username If found -> check the md5 If not found, -> browse sip.conf for a type=peer with that username -> browse sip.conf for an (registered) IP where the request is coming from if insecure=very, no more checks are done if insecure=port, if they are willing to authenticate, even if they are calling from a different port than they registered with. (used for NAT not using the same port number every time). otherwise, check the md5 + allow/deny.   If no peer found ? do we allow guest access (allowguest=true ?) Yes? OK, allow send it to the default context, if not reject.
  46. 46. Secret vs md5secret  With SIP all passwords are md5 encrypted when sending the packets, but are stored in plaintext in sip.conf  [user]  Secret=blabla
  47. 47. Secret vs md5secret  echo - n "<user>:<realm>:<secret>" | md5sum  E.g.: echo -n "user:asterisk:blabla" | md5sum e1b588233e4bc8645cc0da24d8cb848d [user] md5secret=e1b588233e4bc8645cc0da24d8cb848d
  48. 48. Username= vs [username]  [username] is for authentication a client connecting to asterisk. Username=… is to have your asterisk server authenticate to another SIP server.
  49. 49. Iax.conf  auth=plaintext,md5,rsa  User authentication logic  Default context  [username] vs username=  Permit, deny, mask  Bindport, bindhost, bindip  User vs peer vs friend
  50. 50. iax.conf - auth  Plaintext: passes are sent in plaintext  Md5: encrypt the password with md5  RSA: use public key / private key – uses AES.
  51. 51. User vs Peer vs friend  USER: can only accept calls  PEER: can only make calls  FRIEND: can do both [user1] type=user [user1] type=peer Is allowed!!!
  52. 52. How is authentication done?  In iax2: (cvs-head!!) Pseudocode: Is username supplied ? -> yes -> matched against iax.conf users starting bottom to top. user found ? -> yes : is IP in allowed / disallowed list ? yes –> does password match ? yes -> does requested context match a context=… line? -> no -> is a password given ? -> yes : Asterisk will look bottom to top for a user with this password, -> if the context matches, or there is no context specified, and the host is in the allowed lists (allow / deny) then the call is accepted. -> no: Asterisk will look bottom to top for a user without password. -> if the context matches, or there is no context specified, and the host is in the allowed lists (allow / deny) then the call is accepted.
  53. 53.  Add a last entry in iax.conf with no password to force nosecret access into a specific context.  If you use realtime, don’t have any user without a password and without permit/deny.
  54. 54. Manager.conf [general] enabled = yes port = 5038 bindaddr = 0.0.0.0 [zoa] secret = blabla deny=0.0.0.0/0.0.0. permit=221.17.246.77/255.255.255.0 permit=127.0.0.1/255.255.255.0 read = system,call,log,verbose,command,agent,user write = system,call,log,verbose,command,agent,user
  55. 55. Manager.conf  No encryption is used, even the password is sent in plaintext.  Don’t enable it on a public IP.  Use http://www.stunnel.org/  Watch out with management programs with direct interface to the manager.  Limit the privileges per user (especially the system!!!).
  56. 56. Asterisk Security  Asterisk Configuration stupidity  Asterisk hardening  Privacy protection
  57. 57. Asterisk Hardening            Asterisk as non-root user Asterisk in CHROOT Asterisk in a JAIL Asterisk with limited read / write permissions ZAPTEL kernel modules Asterisk firewalling / shaping / NAT Tty9 Linux hardening Remote logging Tripwire Limit running system processes
  58. 58. Asterisk as non root user adduser --system --home /var/lib/asterisk --no-create-home Asterisk chown -r asterisk:asterisk /var/lib/asterisk chown -r asterisk:asterisk /var/log/asterisk chown -r asterisk:asterisk /var/run/asterisk chown -r asterisk:asterisk /var/spool/asterisk chown -r asterisk:asterisk /dev/zap chown -r root:asterisk /etc/asterisk chmod -r u=rwX,g=rX,o= /var/lib/asterisk chmod -r u=rwX,g=rX,o= /var/log/asterisk chmod -r u=rwX,g=rX,o= /var/run/asterisk chmod -r u=rwX,g=rX,o= /var/spool/asterisk chmod -r u=rwX,g=rX,o= /dev/zap chmod -r u=rwX,g=rX,o= /etc/asterisk chown asterisk /dev/tty9 su asterisk -c /usr/sbin/safe_asterisk or Asterisk -U asterisk -G asterisk
  59. 59. Asterisk with limited read / write permissions  Asterisk has no write permissions for its config files and is running as non root ?  In the unlikely event of someone breaking in through Asterisk, your dial plan is still vulnerable through the CLI or the manager.
  60. 60. Asterisk in chroot  Changes the root directory visible to asterisk to e.g. /foo/bar  Pretty useless if asterisk is running as root and perl or gcc is available.
  61. 61. Asterisk in a jail  Changes the root   directory visible to Asterisk. Limits the commands / programs any user in this jail can execute to a list you specify. Expansion of chroot.
  62. 62. Zaptel kernel modules  Zaptel is module only, cannot be put into the kernel.  Hackers like to hide in a module, they can backdoor a module, compile it, load it in memory and remove all traces on the disk.  You could have the kernel check an md5 for the  Zaptel modules. I think Matt Frederickson compiled them in the kernel before.
  63. 63. Firewalling / shaping / NAT  Block everything except the ports you really want. (5060, 4569, …)  RTP ports are a big pita (see rtp.conf) Sidenote: you might want to check your ISP is not blocking anything in the range defined in RTP.conf
  64. 64. Limit access to tty9  safe_asterisk opens a console on tty9. This does not require a password and will provide a root shell to anyone passing by. (by using !command on the CLI).  Remove the offending line, or don’t use safe_asterisk
  65. 65. Linux Hardening  GRsec (2.6.x)  Openwall (2.4.x)  Remove all unneeded things.
  66. 66. Remote logging  Remote syslog  Put Asterisk log files (and other log files on a remote server).
  67. 67. Tripwire  Make hashes of all the important files on the server and check them for changes you didn’t do.
  68. 68. Limit server processes  An Asterisk server should be only: - OS + ASTERISK. No database No APACHE No PHP (If you really need those, and don’t have enough servers, don’t put them on a public IP and firewall them!!!!)
  69. 69. Asterisk Security  Asterisk Configuration stupidity  Asterisk hardening  Privacy protection
  70. 70. Asterisk privacy  Encryption  Monitoring  CallerID spoofing  CallingPRES
  71. 71. Call Encryption - SIP  SRTP -> method to encrypt voice packets.  TLS -> method to encrypt signaling packets. Both are not yet supported by asterisk. Bounty on voip-info.org.
  72. 72. Call Encryption – IAX2  30/12/2004 2:07 Modified Files: chan_iax2.c iax2-parser.c iax2-parser.h iax2.h Log Message: Minor IAX2 fixes, add incomplete-but-verybasically-functional IAX2 encryption. It would support any type of encryption you like. -> Doesn’t work yet.
  73. 73. Call Encryption – General solution  Send you packets through a VPN or tunnel.  Use only UDP tunnels to avoid delays. Known to work: IPSEC, VTUN, OPENVPN.
  74. 74. Call Encryption – Tunnel solution Advantage, CPU expensive encryption can happen on dedicated machine.  Disadvantage: doesn’t work on hardphones or ATA’s without adding an extra server in front of them.
  75. 75. Monitoring  ZapBarge  ChanSpy  Monitor Thank you Very Much......!!! For More Information www.kingasterisk.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×