Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
FreeSWITCH 1.2

You're reading from   FreeSWITCH 1.2 Whether you're an IT pro or an enthusiast, setting up your own fully-featured telephony system is an exciting challenge, made all the more realistic for beginners by this brilliant book on FreeSWITCH. A 100% practical tutorial.

Arrow left icon
Product type Paperback
Published in May 2013
Publisher Packt
ISBN-13 9781782161004
Length 428 pages
Edition 2nd Edition
Concepts
Arrow right icon
Toc

Table of Contents (24) Chapters Close

FreeSWITCH 1.2
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
1. Architecture of FreeSWITCH 2. Building and Installation FREE CHAPTER 3. Test Driving the Example Configuration 4. SIP and the User Directory 5. Understanding the XML Dialplan 6. Using XML IVRs and Phrase Macros 7. Dialplan Scripting with Lua 8. Advanced Dialplan Concepts 9. Moving Beyond the Static XML Configuration 10. Controlling FreeSWITCH Externally 11. Web-based Call Control with mod_httapi 12. Handling NAT 13. VoIP Security 14. Advanced Features and Further Reading The FreeSWITCH Online Community Migrating from Asterisk to FreeSWITCH The History of FreeSWITCH Index

Protecting passwords


Passwords are used in FreeSWITCH when phones register. When FreeSWITCH registers to external gateways and when administrators authenticate into the FreeSWITCH system itself. Most of these areas utilize weak plaintext passwords.

In addition, many users set their passwords to simple easy-to-guess combinations. Worse yet, some don't ever change or set up their voicemail boxes, leaving the defaults in place.

These passwords are very often targeted and once gained, they are exploited to commit fraud.

There are a few mechanisms available to mitigate this.

Registration passwords

Registration credentials do not need to be passed or kept on disk in plain-text. When defining SIP credentials in your folder, instead of including the following line:

<param name="password" value="samiam"/>

replace it with a pre-calculated a1-hash of the password, like the following:

<param name="a1-hash" value="c6440e5de50b403206989679159de89a"/>

To generate a1-hash, get the md5 of the string username...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image