Ward Mundy over at Nerd Vittles has a great post today about SIP security. It’s entitled The Incredible PBX: Adding Remotes, Preserving Security. If you run an Asterisk based PBX you should probably read this. Now!
Ward’s advice really rings true (sorry for the telecom geek pun, it couldn’t be helped!) His “Baker’s Dozen SIP Security Checklist” makes perfect sense. That doesn’t mean that I can’t add my own two cents.
Many people are using ITSPs that must have a credit card to refill access to calling services. Ward advices to turn off auto-billing that charges your card every time your account balance drop below a certain threshold.
Borrowing an idea from the early days of online shopping, I also suggest that you use a card with a deliberately low credit limit. That way even if you allow auto-refills you can limit the maximum amount that your calling plan can consume before you notice the exploit.
I also like the idea of using a VPN based solution to encapsulate SIP traffic. I’ve done this myself and it works great.
Of course, I have my own reasons for appreciating this idea. When you start making use of SIP URIs you are on a path to enjoying HDVoice calling. That you can achieve superior call quality and take a proactive stance with regard to security is massive benefit.