My concern is security for distributed systems… sending SIP username/pass in cleartext. Sure we can do AES functions in mySQL to store encrypted, but the clear-text commands including the password are still sent between Asterisk & mySQL. I see how to compile SSL libs into mySQL, not sure which options are currently supported in Asterisk for secure SSL/TLS connections to mySQL.
Has anybody done this, or would this be an extension to existing Asterisk source? Thanks.
Shouldn’t that be transparent? You should be able to tunnel from one to the other without doing anything special with Asterisk or your database server.
Example: stunnel.mirt.net/
If you don’t manage the network on both ends, though, you’ll have to convince the net admin to set it up.
Do you have experience with performance/throughput using stunnel vs. native libraries in the apps? Or this this delta sufficiently minor to be not important in real life. Thanks for insights.
Well, the regular data is being wrapped inside another protocol, so it’s going to add latency and reduce overall throughput. I have never tested it specifically with MySQL connections, so I have no measurements to give.
My experience is with transferring data through OpenSSH and HTTPS, and there is a noticeable slow-down in transfer rates there.
Also: Do you administer both the database server and the PBX box?
yes, will administer both sides. just looking for cleanest solution to reduce operational headaches and maximize scalability.
Oh, I forgot: I believe you can force MD5 hashes to be used in SIP authentication. That’s at least one step above clear text passwords. Still vulnerable to a replay attack, but at least the original password isn’t being given away.
Reference:
voip-info.org/wiki/index.php … g+sip.conf
Example:
voip-info.org/wiki/index.php … +md5secret
Encryption is just one link in the chain. How is the network set up otherwise? Are your MySQL servers accessible to the world, or do you have them behind a NAT/firewall and configured to only accept connections from specific hosts?
sure MD5 hashes will protect password from client to Asterisk, but then still need to worry about it from Asterisk to DB (unless I’m not thinking about it correctly- a reasonable possibility).
I’m just doing a paper design from scratch right now before building out the system. All servers will be hardened and protected by ACLs to only enable access to necessary ports. In theory the network between Asterisk servers and mySQL DBs will be “trusted” so don’t need transport integrity + privacy, but I want an added layer of security to protect billing integrity of users/customers against internal threats (i.e. reduce the ease of employees or admins sniffing user passwords and masquerading- they still can do it if they have access to right systems, but it will be harder to do so without being tracked, unlike an anonymous ethereal trace).
Other scenario this flexibility would enable is Asterisk server traversing non-trusted networks to reach mySQL DBs. An overall simpler approach may be to use IPSEC VPNs to traverse non-trusted networks and keep the application stuff simpler and more scalable (i.e no crypto), but then need another scalable IPSEC box and resiliency and yada yada.