On 12/18/2013 06:11 AM, davy wrote:
But I think two aspects might be very handy. A first would be to list all the attacks on VoIP networks known to man, and how Kamailio can help defending on this, with e.g. config snippets, …
A second which I personally find very interesting, is how we can have Kamailio & opensource products in the vicinity, beat commercial SBCs at their own game, in terms of features. I do believe this would seriously reduce barfights :D
True. And, although it might have come across that way, I didn't mean to suggest that there's nothing useful to say on a broad security overview page.
I am just very wary of telling people that This Is How You Make Kamailio Secure, when the answer is completely in the details of what you're doing and how you're doing. Kamailio, as you know, is a fairly low-level product, not a finished application. It somewhat resembles an SDK with a proxy service core. So, one can reasonably say that Asterisk or Freeswitch security consists in these general steps, because these are endpoints that do more or less one sort of thing, and usually by way of predictable mechanisms at an implementational level. With Kamailio, it's just far less constructive to make that sort of generalisation.
-- Alex