Securing Your Asterisk Server, Part 2 - page 4
Locking Down OpenSSH
Any server administration done over a Web interface is transmitted in cleartext, unless you enable HTTPS. HTTPS is SSL over HTTP; a nice easy way to encrypt HTTP traffic. To activate it on your Asterisk server all you need to do is install the Apache SSL module, then restart Apache (Apache is the Web server included in Asterisk@Home):
# yum -y install mod_ssl # /etc/init.d/httpd restart
Then all you have to do is remember to point your Web browser to https://[asterisk-server].
Asterisk@Home is a complex package, so there may yet be the odd security hole somewhere. But you should be in pretty good shape now.
This article originally appeared on VoIPPlanet, a JupiterWeb site.