Deployment: Revise/Restore some 'Important Security Considerations' docs.

Author: seanbright

docs/Deployment/Important-Security-Considerations/Asterisk-Security-Webinars.md

@@ -3,33 +3,21 @@ title: Asterisk Security Webinars
 pageid: 21463708
 ---
 
-Asterisk VoIP Security - Part 1 of 3
-====================================
-
-
-VoIP Fraud: Current Threats From A Law Enforcement Perspective  
+# Asterisk Security Webinars
 
+## VoIP Fraud: Current Threats From A Law Enforcement Perspective
 Special Agent Michael McAndrews, FBI
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/ZO1xon4P-rg?si=mnDpGrvsTdM90nPX" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
-315420
-Asterisk VoIP Security - Part 2 of 3
-====================================
-
-
-VoIP Security Best Practices  
+## VoIP Security Best Practices
 
 Dan York, Chairman, Best Practices Group, VoIP Security Alliance
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/6_WjMq3842o?si=84recPhwztlO6GQk" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
-315420
-Asterisk VoIP Security - Part 3 of 3
-====================================
-
-
-Securing Asterisk Systems  
+## Securing Asterisk Systems
 
 Jared Smith, Training Manager, Digium
 
-
-315420
+<iframe width="560" height="315" src="https://www.youtube.com/embed/B-t-B1pdx5I?si=Z-iPrWs3cWnItCcT" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>

docs/Deployment/Important-Security-Considerations/Dialplan-Security.md

@@ -0,0 +1,44 @@
+# Dialplan Security
+
+First and foremost remember this:
+
+!!! danger "Extension Isolation"
+
+    Use the extension contexts to isolate outgoing or toll services from any incoming connections.
+
+You should consider that if any channel, incoming line, etc. can enter
+an extension context that it has the capability of accessing any
+extension within that context.
+
+Therefore, you should **not** allow access to outgoing or toll
+services in contexts that are accessible (especially without a
+password) from incoming channels, be they IAX channels, FX or other
+trunks, or even untrusted stations within your network. In particular,
+never ever put outgoing toll services in the "default" context. To
+make things easier, you can include the "default" context within other
+private contexts by using:
+
+```
+include => default
+```
+
+in the appropriate section. A well designed PBX might look like this:
+
+```
+[longdistance]
+exten => _91NXXNXXXXXX,1,Dial(DAHDI/g2/${EXTEN:1})
+include => local
+
+[local]
+exten => _9NXXNXXX,1,Dial(DAHDI/g2/${EXTEN:1})
+include => default
+
+[default]
+exten => 6123,1,Dial(DAHDI/1)
+```
+
+!!! tip "Remove Demo Contexts"
+
+    Do not forget to take the `demo` context out of your default
+    context. There isn't really a security reason, it just will keep
+    people from wanting to play with your Asterisk setup remotely.

docs/Deployment/Important-Security-Considerations/index.md

@@ -0,0 +1,18 @@
+# Important Security Considerations
+
+The pages in this section provide specific warnings about security
+that are pertinent to Asterisk. Just because you're already familiar
+with securing your Linux machine, doesn't mean you can skip this
+section.
+
+!!! danger
+
+    Please read the following important security related
+    information. Improper configuration of Asterisk could allow
+    unauthorized use of your facilities, potentially incurring
+    substantial charges.
+
+Asterisk security involves both network security (encryption,
+authentication) as well as dialplan security (authorization - who can
+access services in your pbx). If you are setting up Asterisk in
+production use, please make sure you understand the issues involved.