Mexuar Communications Ltd.
|
Softphones and Hard SecurityTim Panton, Westhawk Ltd. |
|
Short abstractWesthawk has designed and implemented a Java based web-applet that acts as a soft-phone for the Asterisk Open-Source PBX. This paper describes the difficulties (many) and compromises (few) that were encountered in the development process. Most of these problems related to the security, networking or threading requirements of hosting the application in a browser. Our aim in presenting this paper at SANE is to assist systems and network professionals in their discussions with developers about what is possible vs what is acceptable in a secure, portable, low maintenance but compelling web- based application. |
SummaryIn order to achieve our goal of a mobile, zero install, easy to use soft-phone we have had to work around several security restrictions and requirements - at many levels - but we have managed it. So as Security and Network Administrators, next time a developer tells you that you have to accept a product that requires you to open 10,000 ports in the firewall, install and configure an ActiveX control on all your PCs - and says it won't work on Macs or Linux, just turn to them and say "Are you sure?" repeatedly until they go away and try harder. ("Are you sure" is a quotation from Her Britannic Majesty Queen Elizabeth II. When told that she and Prince Philip were going to a Baseball game and that Philip was going to hit the first ball, she said "Are you sure?" repeatedly until the Americans came up with a better option.) |
|