Categories: VoIP Interviews

What’s the Risk Using Asterisk: Is this Open Source VoIP Platform Safe from Hackers?

When I came across a blog on Huffington Post that called Asterisk out on the security of their open source VoIP platform I just had to know, is this true?

So I asked Asterisk (after I said “asked Asterisk” five times fast) and got this detailed response from David Duffet, Director of Worldwide Asterisk Community.

Duffett (@dduffett) explains that protecting your network is a not whole lot unlike fortifying your house against break-ins.

VoIP Supply: Who is the Asterisk VoIP platform designed for?

David Duffet: The Asterisk IP communications engine is for anyone that wants to create a flexible and powerful communications solution. Asterisk configuration is performed through a number of ascii text files, and this is why a number of pre-packaged IP PBX solutions based on Asterisk have become available that allow configuration via a web GUI.

VS: Why open source?

DD: When Mark Spencer (the creator of Asterisk and CTO of Digium) decided to make Asterisk an open source project, he did this in part to liberate the stodgy, closed world of telecoms, but also to allow (and encourage) contributions to Asterisk from people all over the world that are particularly keen to see Asterisk enhanced in specific directions (like conferencing and contact centre applications).

VS: In this blog post on Huffington Post, 6 Keys to a Successful VoIP Implementation, the writer, Jason Volmut (@javolmut), CEO of CPUrx, states that:

“VoIP systems built on the open-source telephone platform Asterisk are routinely subject to hacking attempts, and should be avoided. “

What VoIP security measures can Asterisk take to secure their systems from hackers?

DD: Although there are a number of places within Asterisk that could be configured to enhance security, I would like to make some more general points:

The mention of only Asterisk in point 5, regarding security, is extremely misleading.
To set the scene, PBXs, even before the advent of IP communications, have always been subject to attacks of one sort or another – all the way from people trying to hack into voicemail boxes to full scale toll fraud through PRIs or even analog lines.

*ANY* SIP IP PBX that has an open connection to the internet (i.e., not within a VPN, or not tied down to a specific IP address, or addresses) will be subject to hacking attempts.

” Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.”
– David Duffett, Asterisk

Asterisk is certainly the most popular and established open source communications engine in the world, with millions of Asterisk-based IP PBXs out there – but they are by no means particularly prone to issues of this nature. Just like any type of system – it’s all in the implementation. If that is done in a sloppy way, it could lead to trouble.

There is lots of information around on the internet about certain brands of proprietary IP PBXs and potential vulnerabilities, but to focus on the PBX is to miss the main point about securing IP systems – and that is to ensure proper measures are taken at the network level, before thinking of applications running in the network like a PBX or a CRM system.

If you found a robber in your kitchen, you know that he would have broken into your house through the front door, back door or a window. The best thing to do would be to improve the security on the exterior of your house so as not to let the robber in! And so it is with your network… Stop the bad guys getting into your network in the first place!

Anything you can do in a given appliance or application like an IP PBX or a CRM system should be seen as a secondary line of defence.

Due to the power and flexibility of Asterisk, there are actually more things you can do on an Asterisk PBX to detect and prevent any form of compromise than there are on any other PBX solution. Of course, they must be implemented and adjusted by people that know what they are doing.

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

How to Prepare Your VoIP Systems for 2025

Remember Back to the Future II? I loved that movie because they traveled into the…

2 days ago

SIP Chats: Sharath Abraham of Jabra – Panacast 50, BYOD Solutions, and More!

https://youtu.be/qsNO-fZdY3U?si=1A2biOpTwvHG-wiB In the latest episode of SIP Chats, host Brian Hyrek sits down with Sharath…

3 days ago

Watch Now: 2024 November VoIP News Update

https://youtu.be/a--L6ZF9iAw VoIP Supply’s November VoIP News Update: Exciting New Tools, Upcoming Releases, and Giving Back…

7 days ago

Q&A: Wi-Fi 6 vs. Wi-Fi 5: What’s the Real Difference for Everyday Users?

Wireless internet? I remember sharing computer time with my siblings to wait 10 minutes for…

1 week ago

Fanvil FCMS Smart Proporty Solutions Webinar | November 2024

https://youtu.be/0Oxom_f47EE If you missed this webinar, then don't worry, the recording has arrived! This webinar…

2 weeks ago

How To: Extend Your DECT Range for Wireless VoIP Phones – Tips for Large Office Spaces

Ensuring seamless VoIP connectivity across vast areas can be challenging if you're managing a large…

2 weeks ago