Pika µFirewall SIP firewall review

A new way to secure your IP-PBX Recently introduced by the well-established Canadian telecoms manufacturer Pika Technologies, the Pika µFirewall offers a novel way to make your Asterisk (or any other SIP-based PBX) more secure. The best way to describe it is as a “SIP Firewall”, but unlike conventional network firewalls, installation is very simple … Read more…

When friendly-scanner gets aggressive

Not so friendly after all In my October 2010 articles about Asterisk IP-PBX security (linked here), I described how port scanning probes from the so-called “friendly-scanner” could be seen several times a day on a typical SIP server exposed to the Internet. Since then, I – or at least one of my clients – had the displeasure … Read more…

How secure is your Asterisk PBX? – part 3

Getting more advanced In part 2, we looked at several ways in which an Asterisk system administrator can help to make their system more secure, with special emphasis on avoidance of toll fraud. In this, the third and final article in the series, I will pick up on a topic that was left unfinished at the … Read more…

How secure is your Asterisk PBX? – part 2

Protecting your Asterisk server In part 1, we examined the techniques that are used to probe for vulnerabilities in a SIP server and reviewed the types of exploitation a would-be hacker hopes to use. In this second part, I look at the ways you can protect your Asterisk or other SIP server and guard against weaknesses that could … Read more…

How secure is your Asterisk PBX? – part 1

A growing problem Like a slice of Victoria sponge cake on a summers day attracts wasps, so new technologies seem to attract the attention of cyber-criminals. The more widely used the technology, the greater the interest. It was inevitable, and widely predicted, that VoIP would become a favorite target for hackers as its popularity and uptake increased … Read more…

Asterisk behind NAT

Scenarios in which NAT may adversely affect Asterisk SIP connections The Asterisk Server is behind NAT The Asterisk server could be on the LAN (or in a DMZ) with a NAT firewall between it and the Internet. When it communicates with external peers or devices, the network connections have to pass through the local NAT … Read more…

Using SIP Devices behind NAT

SIP Devices behind NAT: What solutions are available? When an IP phone is installed behind NAT, problems can be created by the NAT device itself, by the phone’s inability to correctly understand its own networking environment or from a combination of the two. Because it is such a common problem, most IP Phones have built-in … Read more…