On 14/06/2016 9:59 AM, Peter Ross wrote: > On Mon, Jun 13, 2016 at 10:29 PM, Andrew McGlashan wrote: > > > Setting up Asterix or FreePBX or anything similar is not something > that > should be done lightly. VoIP providers lose an awful lot of money if > there are any loop holes in their setup; perhaps even just a weak > password. So, it is a serious risk situation, potentially; especially > when there are continual software updates to fix vulnerabilities > in all > kinds of software. > > I'm not saying don't do it, but I am saying that you have to > understand > the risks and perhaps you would be better off not doing it. > > > Hi Andrew, > > can you elaborate a bit about Asterisk/FreePBX security issues? I install Asterisk systems for a VoIP providers and the biggest mistake is allowing any sort of external SIP traffic.
Always double check that your router does not auto open a port for the SIP (SIP ALG can do this, I always disable SIP ALG). If remote access is needed use IAX and have a remote install of Asterisk, or in the worst case use a VPN for remote phones. (Yealink phones have a OpenVPN client) Always use a user name which is different from the extension and strong passwords. The packaged versions of Asterisk are generally secure as long as there is no external direct access. Never had a machine hacked or unauthorised calls made if the rules are followed but had a number of them when they where not. Mike _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main