On Wed, Sep 30, 2009 at 4:23 PM, rb4centos@gmail.com wrote:
-----Original Message----- From: Brian Mathis
The difference is that CentOS is a general-purpose OS that can be used for many things, and has a much bigger installed base. That makes it more of a target and would likely be included in scanning tools. A custom OS running on a PBX might also have vulnerabilities, but it's also probably not a big target because of the diversity of systems out there and relative limited utility one would have if such a system were compromised.
That you tend to tend to think of it as an "appliance" running the phone system does not change the fact that it's actually a full-blown server OS with the same issues as other servers.
But if you're not connected to the Internet none of of this means anything. CentOS/Asterisk *would* be an appliance under these conditions. There are no "server" vulnerabilities because you're not connected to a LAN.
Apologies if this is unreadable. I'm typing on my Centro and I do that very often.
...and I *don't* do that very often.