Asterisk Security Tips

It is your responsibility to ensure your Asterisk or other VoIP software is secure.  
This article provides some hints and tips on how you can do so.
 
 

 
 
Articles and software
 
It's recommended that you make use of the following articles and software:
 
 
                http://www.fail2ban.org/wiki/index.php/Main_Page
                http://www.ossec.net/main/
                http://www.configserver.com/cp/csf.html
 
Please make sure if you use any of the above programs you evaluate them properly and check that they are suitable for your needs.
 
 

 
Disable international calling
 
You can set dialling restrictions on your accounts in termination manager.  If a server doesn't need to be able to dial internationally or call mobiles, disable it!
 
 
 

 
Firewall and Passwords
You should make sure to only allow traffic to and from Neural's CTS servers on your firewall and make sure all passwords are 'strong' passwords with random numbers and letters, using mixed case and special characters.
 
You may also elect to block international traffic to your SIP servers if you don't need it.
 
 

 
Disable or Obscure SSH Login
We strongly recommend disabling root login via SSH and changing the SSH port number.  You should ensure your SSH configuration is secure to prevent an attacker from compromising your SIP server through remote login.
 
 

 
Don't install it if you don't need it
Often a server can be compromised through a bug in software running on it.  For example, if you run Asterisk on the same server as your website and attacker compromises the web server software, they may also be able to gain access to the Asterisk server through this attack.  Where possible, only run asterisk on your asterisk server.
 
 

 
Asterisk Configuration
You can also add this into your sip.conf in the [General] section:
  • alwaysauthreject=yes
which will give a 404 instead of a 403 when the incorrect password is given.
 
 

 
-----
 
 
These pointers should get you started on securing your Asterisk system.  For more help we recommend having a Google around - there are many articles out there and many things you can do.
 
Those extra few minutes spent securing your server now could save you hundreds of dollars in fraudulent calls later on.
  • 79 Users Found This Useful
Was this answer helpful?

Related Articles

Asterisk Configuration Example - Direct IP

If you are using a direct-IP account for your SIP termination - simply use the configuration...

How many simultaneous calls can I send or receive?

Control Networks does not currently place any limitation on the number of inbound or outbound...

Bria for iPhone and Android - Manual Configuration

Please follow these steps to manually attach your mobile's Bria client to your Control Networks...

Firewall Requirements for Business VoIP

To ensure proper operation, your firewall device on the connection your handsets are using to...

Asterisk Anonymous Caller ID

In order to send private calls outbound from your Business VoIP or Wholesale trunk, you will need...