Categories: VoIP Interviews

What’s the Risk Using Asterisk: Is this Open Source VoIP Platform Safe from Hackers?

When I came across a blog on Huffington Post that called Asterisk out on the security of their open source VoIP platform I just had to know, is this true?

So I asked Asterisk (after I said “asked Asterisk” five times fast) and got this detailed response from David Duffet, Director of Worldwide Asterisk Community.

Duffett (@dduffett) explains that protecting your network is a not whole lot unlike fortifying your house against break-ins.

VoIP Supply: Who is the Asterisk VoIP platform designed for?

David Duffet: The Asterisk IP communications engine is for anyone that wants to create a flexible and powerful communications solution. Asterisk configuration is performed through a number of ascii text files, and this is why a number of pre-packaged IP PBX solutions based on Asterisk have become available that allow configuration via a web GUI.

VS: Why open source?

DD: When Mark Spencer (the creator of Asterisk and CTO of Digium) decided to make Asterisk an open source project, he did this in part to liberate the stodgy, closed world of telecoms, but also to allow (and encourage) contributions to Asterisk from people all over the world that are particularly keen to see Asterisk enhanced in specific directions (like conferencing and contact centre applications).

VS: In this blog post on Huffington Post, 6 Keys to a Successful VoIP Implementation, the writer, Jason Volmut (@javolmut), CEO of CPUrx, states that:

“VoIP systems built on the open-source telephone platform Asterisk are routinely subject to hacking attempts, and should be avoided. “

What VoIP security measures can Asterisk take to secure their systems from hackers?

DD: Although there are a number of places within Asterisk that could be configured to enhance security, I would like to make some more general points:

The mention of only Asterisk in point 5, regarding security, is extremely misleading.
To set the scene, PBXs, even before the advent of IP communications, have always been subject to attacks of one sort or another – all the way from people trying to hack into voicemail boxes to full scale toll fraud through PRIs or even analog lines.

*ANY* SIP IP PBX that has an open connection to the internet (i.e., not within a VPN, or not tied down to a specific IP address, or addresses) will be subject to hacking attempts.

” Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.”
– David Duffett, Asterisk

Asterisk is certainly the most popular and established open source communications engine in the world, with millions of Asterisk-based IP PBXs out there – but they are by no means particularly prone to issues of this nature. Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.

There is lots of information around on the internet about certain brands of proprietary IP PBXs and potential vulnerabilities, but to focus on the PBX is to miss the main point about securing IP systems – and that is to ensure proper measures are taken at the network level, before thinking of applications running in the network like a PBX or a CRM system.

If you found a robber in your kitchen, you know that he would have broken into your house through the front door, back door or a window. The best thing to do would be to improve the security on the exterior of your house so as not to let the robber in! And so it is with your network… Stop the bad guys getting into your network in the first place!

Anything you can do in a given appliance or application like an IP PBX or a CRM system should be seen as a secondary line of defence.

Due to the power and flexibility of Asterisk, there are actually more things you can do on an Asterisk PBX to detect and prevent any form of compromise than there are on any other PBX solution. Of course, they must be implemented and adjusted by people that know what they are doing.

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

Viking Panel Phone K-1900712LIPEWP: Product Feature and How to Register with Sangoma PBXact

https://youtu.be/Gex7e6jUGSA?si=ts4-9p6JlWS4ZsC8 If you need a rugged, reliable VoIP panel phone that auto-dials with ease, the Viking…

23 hours ago

Viking VoIP Emergency Phone E-1600-IP-EWP: Product Feature and How to Register with Sangoma PBXact

https://youtu.be/FE2kcF7KjgQ?si=inw4thEr2thxgGeL When it comes to security, you should never cut corners. Having something that you…

4 days ago

Watch Now: 2025 March VoIP News Update

https://www.youtube.com/watch?v=X2_HXAv73FI Your March VoIP News Update is out now! This month we showcase an awesome…

1 week ago

Did You Know:  New MS Teams-Certified Services, Products & Devices!

It is certainly no secret that leading platforms such as Microsoft Teams have grown in…

1 week ago

Snom M56 DECT Phone & M500 Base Station: Product Feature and How to Pair Devices

https://youtu.be/7_EIZKXqG3w?si=nvWqq8EAe58AJ6Dp Over the years, we have seen several advancements in DECT technology, and with that,…

2 weeks ago

How To: Prepare Your Business for Upcoming Tariffs in the VoIP Industry

With all of this talk about tariffs, we wanted to provide you with some information…

2 weeks ago