[Freeswitch-users] remove in local SDP word FREESWITCH
Nyamul Hassan
nyamul at gmail.com
Mon Jun 24 10:34:44 MSD 2013
>> so if they are connected to us via a psuedo account to monitor our
features they still think we're using Asterisk...
You're mean! :-P
Regards
HASSAN
On Mon, Jun 24, 2013 at 12:19 PM, John M <j_mj at aol.com> wrote:
> I don't think anyone expects that security by obscurity is all you need
> .. but in terms of tools that you use to secure your network it's a valid
> addition.
>
> Kinda like putting your hand over the keypad while entering your PIN at
> the ATM, it's not all you need to do but it's an extra step to help keep
> your account secure.
>
> If I present my server as an asterisk server and the attacker has a
> special set of scripts to attack Asterisk .. he'll probably/might use them
> and when it fails .. move on.
>
> In regard to the ability to be able to disguise the switch name .. i think
> this is a valid reason.
>
> Another one that comes to mind is competition .. we work in a tight local
> market and have some competitors that follow us liek sheep .. whatever
> price we set they follow.. etc..
>
> They run similar platforms hosted on Asterisk servers .. we are switching
> to FS and this is going to give us an edge .. I don't want these
> competitors to know that we are using a superior platform .. so I modify
> the name so if they are connected to us via a psuedo account to monitor our
> features they still think we're using Asterisk...
>
>
>
> -----Original Message-----
> From: Steven Ayre <steveayre at gmail.com>
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Sent: Fri, Jun 21, 2013 6:05 pm
> Subject: Re: [Freeswitch-users] remove in local SDP word FREESWITCH
>
> 2) *Security trough obscurity != security* its always better than
>> nothing. " hey you don't need to guess the
>> the software I'm using , I'm giving the info for free just find an entry
>> point and you got it ...."
>
>
> Actually I'd argue the opposite. Security through obscurity often makes
> people assume they're secure and therefore neglect securing their systems
> in the places that actually matter.
>
> The only argument I can really see of hiding that you're running
> $version of $product is that an bug in that $version means an exploit
> exists.
>
> If that's the case then you need to upgrade to a patched copy of
> $product - you can NOT rely on the fact that people will not realise that
> they can use the exploit because you're hiding what you're running.
>
> The flaw still exists and attackers might either a) guess you're using
> $product and try the exploit anyway or b) have their bot just randomly try
> every exploit in the book against you until one works in which case they
> don't even need to know you're using $product.
>
> The things that matte are actually verifying your authentication is
> working correctly, you're running the latest software, you're following
> software updates / security announcements, etc.
>
> Besides even when $product/$version are hidden they can often be found
> through fingerprinting by looking at differing behaviour between different
> products and within a product between versions.
>
> -Steve
>
>
>
>
> On 21 June 2013 07:59, Antonio Teixeira <eagle.antonio at gmail.com> wrote:
>
>> @Ken
>> I think we need to drop into the real world...
>>
>> 1) Ok .,... Don't forget to say thanks to Debian , CentOs , Fedora , PHP
>> , Python , Microsoft , all the authors of the OpenSource Libs , the creator
>> of Make , the creator of the IDE that the Dev team uses , etc etc when you
>> deliver the next project to your client ...
>>
>> 2)
>> *Security trough obscurity != security* its always better than nothing.
>> " hey you don't need to guess the
>> the software I'm using , I'm giving the info for free just find an entry
>> point and you got it ...."
>>
>> I could also imagine you agree with showing the version of the software
>> in the HTPP headers (stuff that happens on some webservers/libs ( from my
>> ming i can recall Django?!).
>>
>> 3)
>> The clients pays it doesn't really care about what software you use (
>> unless he fears some patent infringement) he wants results.
>>
>> 4)
>> No , Compliance could be internal or external the end-client could simply
>> say "i don't want the freeswitch brand".
>>
>>
>> ---- ///// ----
>> @all
>> I don't know you guys but my daily work is developing software for some
>> fairly large financial institutions and sincerely i think you are all over
>> reacting to this thing.
>> Yes if you open-source something you will get part of your software
>> stolen , changed or use in a way you were not expecting and not given
>> credit for , that's life .If you don't want it , close the source , resell
>> it , ask for NDA's , etc.
>> In my daily work me and my collegues use alot of open source ( contrary
>> to the popular belief) , closed source and everything in between and you
>> don't expect a public statement thanking anyone for anything.
>>
>> This is the way life works and with open-source this is our current world
>> ( i think the FS Team could even offer a fully custom branded solution) so
>> it could help monetize the project.
>>
>> And before you start thinking yes i bought G729 licenses , the FS Book
>> even before it was out and no to many miles between me and Gluecon , yes i
>> know airplanes exist :D.
>>
>> P.S - I Also assume that you all as sysadmins once found a problem that a
>> blogger may have solved and on your final report to the administration you
>> didn't wrote " problem solved by Blogger XXXXXX"....
>>
>> And never forget he is just the mailman sometimes the boss wants
>> something ( even if not morally correct ) and you have to do it.
>> But the point raised by Anthony regarding the SDP "freeswitch flag" is
>> important and you be featured on the wiki :)
>>
>> Antonio Teixeira
>>
>>
>>
>> On 6/19/13 3:49 PM, Ken Rice wrote:
>>
>> Ok... Lets look at these...
>>
>> Branding... I don't want to show people that I'm using F/OSS software for
>> running my for profit business so I can tell them I'm using either
>> ${some_comercial_platform} or ${we_developed_this_ourselves}
>>
>> Security/Security Requirements - Security throught obscurity != security...
>>
>> Client Requirements - That's a new one one... Unless client is <see
>> branding>
>>
>> Compliance - isnt this the same thing as see security
>>
>>
>> On 6/19/13 8:44 AM, "Antonio Teixeira" <eagle.antonio at gmail.com> <eagle.antonio at gmail.com> wrote:
>>
>>
>> I could think off
>>
>> Branding
>> Security
>> Client Requirements
>> Security Requirements
>> Compliance
>>
>>
>> On 6/19/13 2:37 PM, Michael Jerris wrote:
>>
>> Why would you want to do that?
>>
>> On Jun 19, 2013, at 9:28 AM, Abdullah <abdullah at smonte.com> <abdullah at smonte.com> wrote:
>>
>>
>> HI ALL ,
>>
>> please help me ,how to change or remove o=*"FreeSWITCH"* in free switch Cli
>> Log .
>>
>> any idea ??
>>
>>
>>
>> o=FreeSWITCH 1369449071 1369449072 IN IP4 10.10.50.1
>> s=FreeSWITCH
>> c=IN IP4 10.10.50.1
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>
> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>
> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130624/3062d4fb/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list