
On 14/06/2016 9:59 AM, Peter Ross wrote:
On Mon, Jun 13, 2016 at 10:29 PM, Andrew McGlashan wrote:
Setting up Asterix or FreePBX or anything similar is not something that should be done lightly. VoIP providers lose an awful lot of money if there are any loop holes in their setup; perhaps even just a weak password. So, it is a serious risk situation, potentially; especially when there are continual software updates to fix vulnerabilities in all kinds of software.
I'm not saying don't do it, but I am saying that you have to understand the risks and perhaps you would be better off not doing it.
Hi Andrew,
can you elaborate a bit about Asterisk/FreePBX security issues? I install Asterisk systems for a VoIP providers and the biggest mistake is allowing any sort of external SIP traffic.
Always double check that your router does not auto open a port for the SIP (SIP ALG can do this, I always disable SIP ALG). If remote access is needed use IAX and have a remote install of Asterisk, or in the worst case use a VPN for remote phones. (Yealink phones have a OpenVPN client) Always use a user name which is different from the extension and strong passwords. The packaged versions of Asterisk are generally secure as long as there is no external direct access. Never had a machine hacked or unauthorised calls made if the rules are followed but had a number of them when they where not. Mike