If you're using Asterisk for your voice over IP needs, you'll need to lock down your Asterisk server, and that begins with secure passwords.
Asterisk@Home ships with a bunch of default passwords that many people know. Moreover, it sends server administration traffic in the clear, rather than over HTTPS. This means that anyone on your local network could easily sniff out all those passwords after you go to the trouble of changing them. OpenSSH should be configured to use RSA key pairs instead of the root system login, which is both more secure and more convenient. Today's and next week's installments will tell all about how to do these things. Disconnect your Asterisk server from the network, and away we go.
Full Story .