[asterisk-users] Anonymous SIP calls

James B. Byrne byrnejb at harte-lyne.ca
Fri Mar 27 15:03:17 CDT 2015


On Thu, March 26, 2015 22:29, Michelle Dupuis wrote:
> You have to consider whether you really want "anonymous" calls, or you
> just want to enable SIP calls from trusted companies/partners.  The
> latter means setting up routes to these companies and (ideally)
> registration between peers.
>

This is what I am trying to get a handle on.  It seemed to me that the
promise of VOIP was essentially that one could use the Internet as a
replacement for the PSTN directly, providing that ones callers/callees
were also directly connected via VOIP.  SIP providers I had considered
a necessary transition to act as gateways between PSTN dialing and
VOIP until VOIP replaced PSTN virtually entirely if not completely.

That is why we are on Asterisk.  We had to replace our old keyed
system and the thought was that we might as well get ready for VOIP
even if we planned to stay on PSTN for the foreseeable future.

However, the overwhelming evidence I find is that one simply does not
employ VOIP in the same way that PSTN works.  Actually, I have put
that backwards.  What I have discovered is that the most commonly
recommended method is to switch from a Telco to A SIP provider and
continue in a manner similar to the former set-up.  External calls all
have to travel through a third party provider.

One does not accept incoming VOIP calls from just everyone,
apparently.  One only accepts VOIP calls from known correspondents.  I
am not clear why this is so other than vague warnings respecting
(admittedly real and serious) security issues.

Even limiting VOIP to known correspondents one is ultimately trusting
that they themselves are secured sufficiently to prevent unauthorised
access to your systems through theirs.  And that seems a bit of a
stretch by way of rationalisation to me.

Also I do not understand is why the same issues do not exist from
incoming calls via PSTN.

I somewhat understand the process of getting devices to register and
authenticate to obtain access to our outgoing routes.   What is it
about incoming SIP calls destined to our internal users that make
those calls so dangerous?  Why cannot incoming anonymous SIP calls not
be treated exactly as incoming PSTN calls (other than PSTN have to go
though DAHDI to turn them into digital VOIP calls). What is it that
prevents them from being blocked from gatewaying through to our PSTN
lines?

Please forgive my abysmal ignorance on this matter.  Perhaps I have
been down in the weeds too long getting our internal FreePBX system
working to see what is obvious to others.  I have been going theough
the Asticon Videos on security and have or already had implemented
most of the suggestions: Outbound LD secured by pins and allowed only
during work hours; IPTABLES rules and fail2ban checks; Separation of
voice and data network segments and addresses; Private IP for VOIP
desk-sets and internal provisioning; and so forth.

However, I still have the sense that I am just not getting it.  What
am I missing?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




More information about the asterisk-users mailing list