I have Asterisk 11.12.0 with a Digium 4 port analog card (1AA00F). Port 1 is FXO and ports 2-4 are FXS. No SIP protocol. I have been researching Asterisk security and most of what I have found refers to SIP protocol vulnerability and does not mention Dahdi/PSTN. One of the basic security rules that does seem to apply is to keep inbound/call processing and outbound routing in separate contexts. My dial plan does have separate contexts for incoming, call processing, outgoing calls, and internal calls. My concern is in the section of my dialplan below. Outbound dialing will not work unless I have the include line in the localsets context. This seems to defeat the separation of the 2 contexts. My questions are:
- Is what I have in my dialplan below a security risk?
- If so, should I work at moving the pattern matching currently in the outgoing context to the localsets context with Gotos to a single line to dial out in the outgoing context?
If you have other recommendations I would appreciate them.
[globals]
OUT=DAHDI/1
[outgoing]
exten => _NXXNXXXXXX,1,Dial(${OUT}/${EXTEN})
exten => _NXXXXXX,1,Dial(${OUT}/${EXTEN})
exten => _1NXXNXXXXXX,1,Dial(${OUT}/${EXTEN})
exten => _911,1,Dial(${OUT}/${EXTEN})
exten => _411,1,Dial(${OUT}/${EXTEN})
exten => _*99,1,Dial(${OUT}/${EXTEN})
[localsets]
include => outgoing
exten => 101,1,Dial(DAHDI/2)
exten => 102,1,Dial(DAHDI/3)
exten => 103,1,Dial(DAHDI/4)