
Hi, On 14/06/2016 10:29 AM, Peter Ross via luv-main wrote:
On Mon, Jun 13, 2016 at 10:29 PM, Andrew McGlashan wrote:
Setting up Asterix or FreePBX or anything similar is not something that should be done lightly. VoIP providers lose an awful lot of money if there are any loop holes in their setup; perhaps even just a weak password. So, it is a serious risk situation, potentially; especially when there are continual software updates to fix vulnerabilities in all kinds of software.
I'm not saying don't do it, but I am saying that you have to understand the risks and perhaps you would be better off not doing it. Hi Andrew,
can you elaborate a bit about Asterisk/FreePBX security issues?
I think if you are very careful with passwords and access generally, then you should be mostly fine. The trouble comes when an account gets compromised and it has services behind it that will cost you money; they then start calling expensive services that can cost you a fortune. If you have a closed system, then there is less risk too. ISPs and VoIP providers go to extremes to limit risk after they've been bitten; not allowing services to work from different geographic locations is part of their mitigation. I don't know of any specific current issues or any recent compromises. But, I do say, be careful, it could be very expensive if you get something wrong; an open relay with a mail server would be a problem, but an open VoIP service can be real expensive trouble (potentially). Cheers A.