VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
Guest
|
 Posted: Mon May 12, 2008 6:43 pm Post subject: [asterisk-users] Newbie Dialplan: Best Practice in using Con |
 |
|
In "The future of Telephony", it says "... We should also note for
security's sake you should always make sure that your [incoming] context
never allows outbound dialing. (If by chance it did, people could dial
into your system and make outbound toll calls that would be charged to
you!)
The book was demonstrating using a PSTN environment and the zapata.conf
was something like:
context=internal
signaling=fxo_ks
channel=>1
context=incoming
signaling=fxs_ks
channel=>2
In PRI environment, does it mean that we have to purposely separate the
say ISDN 20 channels into [internal] and [incoming] as well?
This would not make sense to me as ISDN uses a one port card to contain
multiple channels while the ports of a say TDM400P refer to each
channel.
If I just define a [default] context for a PRI environment, is this
insecure?
Can someone please enlighten me on this? |
|
| Back to top |
|
 |
cwallace at lodgingcom...
Guest
|
| Posted: Mon May 12, 2008 7:08 pm Post subject: [asterisk-users] Newbie Dialplan: Best Practice in using Con |
|
|
At 9:43 AM on 13 May 2008, Lee, John (Sydney) wrote:
| Quote: | In "The future of Telephony", it says "... We should also note for
security's sake you should always make sure that your [incoming]
context never allows outbound dialing. (If by chance it did, people
could dial into your system and make outbound toll calls that would
be charged to you!)
The book was demonstrating using a PSTN environment and the
zapata.conf was something like:
context=internal
signaling=fxo_ks
channel=>1
context=incoming
signaling=fxs_ks
channel=>2
In PRI environment, does it mean that we have to purposely separate
the say ISDN 20 channels into [internal] and [incoming] as well?
This would not make sense to me as ISDN uses a one port card to
contain multiple channels while the ports of a say TDM400P refer to
each channel.
If I just define a [default] context for a PRI environment, is this
insecure?
Can someone please enlighten me on this?
|
In the example you quoted, channel 1 is an FXS port, which would be an
internal extension--a phone--from which someone would be allowed to
make an outbound call. Channel 2 is an FXO port, which is
connected to the PSTN, and would take incoming calls from "the
wild". So in that example, you wouldn't want the "incoming" context to
be allowed to make outbound calls.
In your case, I'm guessing all your Zap channels come from the PRI,
which is connected to the PSTN. If so, then you're right--you just
need one context for your zapata.conf which you would use on all your
ISDN channels. Just don't let that context dial out.
I don't know if you'd want to call that context "default"... because
that one seems to be "special" in Asterisk. But maybe I'm just being
superstitious. 
--
C. Chad Wallace, B.Sc.
The Lodging Company
http://www.skihills.com/
OpenPGP Public Key ID: 0x262208A0
Debian Hint #14: If you would like to follow things happening to a
package (for example, if you want to see bug reports, release notices,
and other similar things), consider subscribing to it on the Package
Tracking System. You can find out more about the PTS at:
http://www.debian.org/doc/manuals/developers-reference/ch-resources.en.html
(Section 4.10) |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
