Page 232 - Asterisk™: The Future of Telephony
P. 232
Your service provider will have a definition in either its sip.conf or iax.conf configuration
file (depending on whether you are connecting with the SIP or IAX protocol, respec-
tively) for your Asterisk server. If you receive calls only from this provider, you would
define them as a user (if it was another Asterisk system, you might be defined in its
system as a peer).
Now let’s say that your box is on your home Internet connection, with a dynamic IP
address. Your service provider has a static IP address (or perhaps a fully qualified do-
main name), which you place in your configuration file. Since you have a dynamic
address, your service provider specifies host=dynamic in its configuration file. In order
to know where to route your +1-800-555-1212 call, your service provider needs to know
where you are located in relation to the Internet. This is where the register statement
comes into use.
The register statement is a way of authenticating and telling your peer where you are.
In the [general] section of your configuration file, you place a statement similar to this:
register => username:secret@my_remote_peer
You can verify a successful register with the use of the iax2 show registry and sip show
registry commands at the Asterisk console.
VoIP Security
In this book we can barely scratch the surface of the complex matter of VoIP security;
therefore before we dig in, we want to steer you in the direction of the VoIP Security
Alliance (http://www.voipsa.org). This fantastic resource contains an excellent mailing
list, white papers, howtos, and a general compendium of all matters relating to VoIP
security. Just as email has been abused by the selfish and criminal, so too will voice.
The fine folks at VoIPSA are doing what they can to ensure that we address these
challenges now, before they become an epidemic. In the realm of books on the subject,
we recommend the most excellent Hacking Exposed VoIP by David Endler and Mark
Collier (McGraw-Hill Osborne Media). If you are responsible for deploying any VoIP
system, you need to be aware of this stuff.
Spam over Internet Telephony (SPIT)
We don’t want to think about this, but we know it’s coming. The simple fact is that
there are people in this world who lack certain social skills, and, coupled with a kind
of mindless greed, these folks think nothing of flooding the Internet with massive vol-
umes of email. These same types of characters will similarly think little of doing the
same with voice. We already know what it’s like to get flooded with telemarketing calls;
try to imagine what happens when it costs the telemarketer almost nothing to send
voice spam. Regulation has not stopped email spam, and it will probably not stop voice
spam, so it will be up to us to prevent it.
204 | Chapter 8: Protocols for VoIP
