[CentOS] Asterisk and VOIP was Re: CentOS for non-tech user

Fri Oct 2 12:35:11 UTC 2009
Rob Townley <rob.townley at gmail.com>

On Thu, Oct 1, 2009 at 1:46 PM, Rob Kampen <rkampen at kampensonline.com> wrote:
> Ron Blizzard wrote:
>>
>> On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis <brian.mathis at gmail.com>
>> wrote:
>>
>>
>>>
>>> "Not connected to the Internet", and "not connected to a LAN" are very
>>> different things.  I doubt VOIP would work if the server was not
>>> connected to a LAN.  There could be quite a few things on the LAN,
>>> depending on it's size, such as viruses, malware, and even users doing
>>> scans of the network.  Don't assume that "out there" is insecure, and
>>> "in here" is secure.  That's one of the biggest mistakes to make when
>>> creating a secure environment.
>>>
>>
>> You're right. I was thinking like a phone tech -- that the VOIP
>> system's wiring was still separate from the regular LAN.
>>
>>
>
> Just to set your minds at ease (or not).
> I have a separate D-Link switch that does PoE (to power the snom phones) and
> vlans and set it up so that all the phones are on one vlan called VOIP.
> The * server single eth0 is also on this vlan, but does also belong to the
> rest of the office on another vlan called LAN.
> So - the snom phones (linux based) can only see the * server.
> The * server can see the rest of the LAN - so in theory anyone on the local
> LAN can scan and see the CentOS based * server.
> We are however a very small office and I get to see all connected PCs in
> action.
> As I have some questions about SIP security I was not prepared to have the
> snom phones in any way being accessible to / from the LAN (let alone the
> internet).
> Tks for comments and suggestions.
> Rob
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

i like that layout.  i would think instant messaging type access might
still be doable to send short text messages to the phone display from
workstations.  Receptionist and those that want to check their voice
mail from a web browser could be allowed.

Those HP Multi Function Printer & Scanner & Fax & copier machines can
be very vulnerable because a hacker calls into the fax to compromise
the fax machine which gives them full access to the inside of your
Lan.    i wonder how vulnerable Asterisk / Hylafax is to a dial-up
rootkit.   If so, even * connected to vlan and trunks would in theory
still be vulnerable.