DISA is a significant security risk. Most hosted PBX providers don’t support DISA at all, since anyone breaking into the system could run up huge termination bills by calling distant lands for thousands of minutes. In our case, there are a couple of places where I can secure both the gateway and my Astlinux server:
- Restrict the incoming calls to only my cell phone. That would also limit my ability to relay an overseas call from a land-line such as a hotel room or client site.
- Enforce a PIN code in the Asterisk DISA authentication
- Restrict where the DISA user can call to only a series of predefined extensions in the Asterisk dial plan or gateway speed dial table
In practice, a single port GSM gateway on an unpublicized number has to be considered a limited liability. Any of the steps described would provide adequate security; used together, they will be more than adequate.
In Use With Asterisk
The day I first got the MV-370 working with Asterisk I must have called 411 about twenty times. I was just so pleased that it worked, and worked reliably!
I have no way of testing my access to 911 service without breaking the law. Since 411 and dialing other numbers works very well, I’m comfortable that the 911 service will also work when needed. I’ve registered my home as the default location of the new SIM card on the T-Mobile account. So 911 calls made via the gateway will be associated with our home address.
I have had problems using Asterisk and DISA to place overseas calls through my Asterisk server, however. Adding my Asterisk server into the mix has markedly increased latency in the connection, often resulting in a substandard call experience.
The gateway makes all outgoing IP calls using only the primary SIP account, which must be my Asterisk server to provide 411/911 access for my home & office phones. So I cannot have the gateway registered to OnSIP directly for the purposes of outgoing calls, as I did previously. If I had the two-channel model (MV-372), both might be possible since each channel could register with a different server.
The MV-370 works very well for making calls from the home & office IP phones. In fact, I’ll eventually have the dial plan cascade sequence incorporate the gateway automatically. Then if we lose access to our ITSP, outgoing calls will proceed via the gateway with no change in end-user dialing habits.
The MV-370 sees the greatest use when I call home from afar. Incoming calls placed through the gateway ring the cordless SIP DECT phones in my home, taking advantage of unlimited free mobile-to-mobile calling on my cellular plan. Calls home placed in this fashion sound just as good as calling my IP-based home line, but they’re effectively free.
I find myself drawn to slightly uncommon solutions. The cellular trunk satisfies this need and adds another dimension to our Asterisk installation. We now have reliable 411 and 911 service, without resorting to POTS lines. We also have the ability to make calls when our IP connectivity is completely down. Finally, we have a zero-cost means of staying in touch when I’m traveling, by leveraging free mobile-to-mobile minutes.
With a little more experimentation, the DISA functionality may yet be achieved. But having achieved four of our five major goals, I consider the project to be a success.