[CentOS] Asterisk and VOIP was Re: CentOS for non-tech user

Les Mikesell lesmikesell at gmail.com
Wed Sep 30 18:55:11 UTC 2009


Ron Blizzard wrote:
>
>>> I do want to do an update of it all to latest versions etc. but when it
>>> just keeps working it is hard to justify the down time and potential
>>> hic-ups.
>> If you are very well firewalled and trust all the local users you might
>> get away with ignoring security updates but it's mostly a matter of
>> luck.  With the stock CentOS components, your downtime for an update is
>> normally just a reboot and problems are extremely rare.  If you'd added
>> custom or 3rd party code items there's a somewhat greater risk, but it
>> is still pretty unlikely that an update would break things - or that you
>> wouldn't have heard about other people having a problem.
> 
> If I understand Rob correctly here, there is actually no need for a
> firewall. He's not on the Internet. He's using analog trunks and SIP
> phones in a closed system. He's basically got a traditional key system
> or PBX switch that just happens to be based on CentOS/Asterisk.
> 
> (Traditional telephone switches have been based on UNIX for years.)

You are still exposed to anything that is on the local LAN - which could 
include other machines that might have been compromised through browser 
exploits, etc. unless the segment only connects to IP phones (and you 
lose the ability to use soft phones).  Linux is less vulnerable to most 
of these than windows would be, but still, if you know there are updates 
to fix known security  issues you are pressing your luck if you don't 
install them.

Phone switches are particularly attractive targets to hackers:
http://nerdvittles.com/index.php?p=580

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the CentOS mailing list