Book Image

FreeSWITCH 1.8

By : Anthony Minessale II, Giovanni Maruzzelli
Book Image

FreeSWITCH 1.8

By: Anthony Minessale II, Giovanni Maruzzelli

Overview of this book

FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat-driven products, scaling from a soft-phone to a PBX and even up to an enterprise-class soft-switch. This book introduces FreeSWITCH to IT professionals who want to build their own telephony system. This book starts with a brief introduction to the latest version of FreeSWITCH. We then move on to the fundamentals and the new features added in version 1.6, showing you how to set up a basic system so you can make and receive phone calls, make calls between extensions, and utilize basic PBX functionality. Once you have a basic system in place, we’ll show you how to add more and more functionalities to it. You’ll learn to deploy the features on the system using unique techniques and tips to make it work better. Also, there are changes in the security-related components, which will affect the content in the book, so we will make that intact with the latest version. There are new support libraries introduced, such as SQLite, OpenSS, and more, which will make FreeSWITCH more efficient and add more functions to it. We’ll cover these in the new edition to make it more appealing for you.
Table of Contents (23 chapters)
Title Page
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Protecting passwords


Passwords are used in FreeSWITCH when phones register, when phones originate a call, when FreeSWITCH registers toexternal gateways/ITSPs and when administrators authenticate into the FreeSWITCH system via Event Socket (eg: fs_cli). Most of these areas utilize weak plaintext passwords.

In addition, many users set their passwords to simple easy-to-guess combinations. Worse yet, some don't ever change or set up their voicemail password, leaving the defaults in place.

These passwords are very often targeted and once gained, they are exploited to commit fraud.

Following are some of the mechanisms available to mitigate this.

Registration passwords as hashes

Registration credentials do not need to be passed or kept on disk in plain-text. When defining SIP credentials in your User Directoryy, instead of including the following line:

<param name="password" value="samiam"/> 

replace it with a pre-calculated a1-hash of the password, like the following:

<param name="a1-hash" value...