It is your responsibility to ensure your Asterisk or other VoIP software is secure.
This article provides some hints and tips on how you can do so.
Articles and software
It's recommended that you make use of the following articles and software:
Please make sure if you use any of the above programs you evaluate them properly and check that they are suitable for your needs.
Disable international calling
You can set dialling restrictions on your accounts in termination manager. If a server doesn't need to be able to dial internationally or call mobiles, disable it!
Firewall and Passwords
You should make sure to only allow traffic to and from Neural's CTS servers on your firewall and make sure all passwords are 'strong' passwords with random numbers and letters, using mixed case and special characters.
You may also elect to block international traffic to your SIP servers if you don't need it.
Disable or Obscure SSH Login
We strongly recommend disabling root login via SSH and changing the SSH port number. You should ensure your SSH configuration is secure to prevent an attacker from compromising your SIP server through remote login.
Don't install it if you don't need it
Often a server can be compromised through a bug in software running on it. For example, if you run Asterisk on the same server as your website and attacker compromises the web server software, they may also be able to gain access to the Asterisk server through this attack. Where possible, only run asterisk on your asterisk server.
Asterisk Configuration
You can also add this into your sip.conf in the [General] section:
- alwaysauthreject=yes
which will give a 404 instead of a 403 when the incorrect password is given.
-----
These pointers should get you started on securing your Asterisk system. For more help we recommend having a Google around - there are many articles out there and many things you can do.
Those extra few minutes spent securing your server now could save you hundreds of dollars in fraudulent calls later on.
