VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
noloader at gmail.com
Guest
|
|
| Back to top |
|
 |
patrick at laimbock.com
Guest
|
 Posted: Sat Jul 26, 2014 8:18 am Post subject: [asterisk-users] Security Architecture or Security Evaluatio |
 |
|
On 26-07-14 14:23, Jeffrey Walton wrote:
Assuming "security+evaluation" refers to Common Criteria, I'm not aware
of any Common Criteria initiatives in relation to Asterisk (nor
FreeSWITCH, OpenSIPS, Kamailio, Yate or any other Open Source VoIP
project I'm aware of). Asterisk is a toolbox with many flexible building
blocks and not a product like Cisco CallManager with pre-defined
features set in stone. As such it doesn't really make sense to get
Asterisk certified, if possible at all. It would be like trying to
certify C or Python. If EALx certification is your requirement then have
a look at the CallManager as iirc it's EAL1 certified.
Re "asterisk+architecture", Asterisk Security related best practices are
described here:
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
HTH,
Patrick
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
noloader at gmail.com
Guest
|
| Posted: Mon Jul 28, 2014 5:28 am Post subject: [asterisk-users] Security Architecture or Security Evaluatio |
|
|
Thanks Patrick,
| Quote: | Assuming "security+evaluation" refers to Common Criteria,
|
Common Criteria is one, but not necessarily the only type of security
evaluation. Often times organizations with resources will perform an
evaluation against its own standards before adopting or accepting a
system. I was hoping the project had an evaluation from past reviews
it could share.
Ah, OK thanks.
Is there anything that includes the development process? I'm
interested in the secure development items and testing.
Jeff
On Sat, Jul 26, 2014 at 9:18 AM, Patrick Laimbock <patrick@laimbock.com> wrote:
| Quote: | On 26-07-14 14:23, Jeffrey Walton wrote:
Assuming "security+evaluation" refers to Common Criteria, I'm not aware of
any Common Criteria initiatives in relation to Asterisk (nor FreeSWITCH,
OpenSIPS, Kamailio, Yate or any other Open Source VoIP project I'm aware
of). Asterisk is a toolbox with many flexible building blocks and not a
product like Cisco CallManager with pre-defined features set in stone. As
such it doesn't really make sense to get Asterisk certified, if possible at
all. It would be like trying to certify C or Python. If EALx certification
is your requirement then have a look at the CallManager as iirc it's EAL1
certified.
Re "asterisk+architecture", Asterisk Security related best practices are
described here:
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
|
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
patrick at laimbock.com
Guest
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
