Categories: VoIP Interviews

What’s the Risk Using Asterisk: Is this Open Source VoIP Platform Safe from Hackers?

When I came across a blog on Huffington Post that called Asterisk out on the security of their open source VoIP platform I just had to know, is this true?

So I asked Asterisk (after I said “asked Asterisk” five times fast) and got this detailed response from David Duffet, Director of Worldwide Asterisk Community.

Duffett (@dduffett) explains that protecting your network is a not whole lot unlike fortifying your house against break-ins.

VoIP Supply: Who is the Asterisk VoIP platform designed for?

David Duffet: The Asterisk IP communications engine is for anyone that wants to create a flexible and powerful communications solution. Asterisk configuration is performed through a number of ascii text files, and this is why a number of pre-packaged IP PBX solutions based on Asterisk have become available that allow configuration via a web GUI.

VS: Why open source?

DD: When Mark Spencer (the creator of Asterisk and CTO of Digium) decided to make Asterisk an open source project, he did this in part to liberate the stodgy, closed world of telecoms, but also to allow (and encourage) contributions to Asterisk from people all over the world that are particularly keen to see Asterisk enhanced in specific directions (like conferencing and contact centre applications).

VS: In this blog post on Huffington Post, 6 Keys to a Successful VoIP Implementation, the writer, Jason Volmut (@javolmut), CEO of CPUrx, states that:

“VoIP systems built on the open-source telephone platform Asterisk are routinely subject to hacking attempts, and should be avoided. “

What VoIP security measures can Asterisk take to secure their systems from hackers?

DD: Although there are a number of places within Asterisk that could be configured to enhance security, I would like to make some more general points:

The mention of only Asterisk in point 5, regarding security, is extremely misleading.
To set the scene, PBXs, even before the advent of IP communications, have always been subject to attacks of one sort or another – all the way from people trying to hack into voicemail boxes to full scale toll fraud through PRIs or even analog lines.

*ANY* SIP IP PBX that has an open connection to the internet (i.e., not within a VPN, or not tied down to a specific IP address, or addresses) will be subject to hacking attempts.

” Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.”
– David Duffett, Asterisk

Asterisk is certainly the most popular and established open source communications engine in the world, with millions of Asterisk-based IP PBXs out there – but they are by no means particularly prone to issues of this nature. Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.

There is lots of information around on the internet about certain brands of proprietary IP PBXs and potential vulnerabilities, but to focus on the PBX is to miss the main point about securing IP systems – and that is to ensure proper measures are taken at the network level, before thinking of applications running in the network like a PBX or a CRM system.

If you found a robber in your kitchen, you know that he would have broken into your house through the front door, back door or a window. The best thing to do would be to improve the security on the exterior of your house so as not to let the robber in! And so it is with your network… Stop the bad guys getting into your network in the first place!

Anything you can do in a given appliance or application like an IP PBX or a CRM system should be seen as a secondary line of defence.

Due to the power and flexibility of Asterisk, there are actually more things you can do on an Asterisk PBX to detect and prevent any form of compromise than there are on any other PBX solution. Of course, they must be implemented and adjusted by people that know what they are doing.

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

Did You Know? VoIP Products Are Leading the Charge in Green Tech with Energy Efficiency?

In our gadget-loving, planet-hugging era, businesses are on the hunt for solutions that boost productivity…

4 days ago

Watch Now: 2024 October VoIP News Update

https://youtu.be/d167qfC_qCk?si=DVchHuXW_UT5dD8l Your October VoIP News Update is here! Tune in to get all the latest…

1 week ago

How To: How to Secure Your IP Paging System

Paging Dr. Smith, Clean Up Aisle 2, Johnny Report to the Office, Lost Car Key…

2 weeks ago

Shift from NEC to Sangoma: Powerful On-Prem Solutions for Business Webinar | October 2024

https://youtu.be/G8fuKPL8fSs?si=MIOeKuJM8S09K8px The time has come to make a switch from NEC, but we understand that…

2 weeks ago

October Hardware Roundup

S33 DECT Handset: Offers exceptional voice clarity and reliable connectivity for uninterrupted conversations. With durable…

2 weeks ago

Q&A: What Role Does Encryption Play in Protecting VoIP Communication?Q&A: 

I don’t know about you but when I heard the word encryption, I would think…

2 weeks ago