• home
• hosting
• demo
• blog
• customer
• docs
• contact

Security tips for running an Asterisk/Freeswitch distribution

Call credit limit

The ultimate goal of most VOIP system hackers is to place calls using your system or passwords. This is not a new problem and is equally applicable if you have a traditional phone system connected to BT. Should your phone system be compromised calls costing many thousands of pounds can be placed very quickly.

The last line of defense should your system be compromised is to ensure that the damage is limited.

• If you are a prepay customer with your call provider ensure you keep the minimum credit practical in your account.
• If you are a post pay customer with your call provider ensure that you have a credit limit and calls will not be placed once that limit is reached.
  

Web Interface

Where at all possible you should restrict access to the web configuration GUI. This will prevent your system being compromised should a new vulnerability be discovered in the web interface of Trixbox, Elastix, FreePBX, A2Billing, etc.

It is easy to restrict access to a fixed pool of IP addresses, or only allowing access via an SSH tunnel (useful if you don't have a fixed IP). If you would like either of the methods below implementing on your SysAdminMan VPS please raise a support ticket.

• Limit web access to fixed IP addresses
• Limit web access to access via a SSH tunnel

Asterisk/Freeswitch Security

• Always use strong passwords for your trunks and extensions.
• Occasionally check that no test/temporary/unexpected extensions exist. These often have weak passwords.
• Check your call logs to ensure there are no unexpected calls.
• Ensure you have something to block brute force scan attempts against Asterisk/Freeswitch. SysAdminMan systems have fail2ban installed for this.

If you have any more general security tips please get in touch via the contact form