On Thu, March 26, 2015 22:29, Michelle Dupuis wrote: > You have to consider whether you really want "anonymous" calls, or you > just want to enable SIP calls from trusted companies/partners. The > latter means setting up routes to these companies and (ideally) > registration between peers. >
This is what I am trying to get a handle on. It seemed to me that the promise of VOIP was essentially that one could use the Internet as a replacement for the PSTN directly, providing that ones callers/callees were also directly connected via VOIP. SIP providers I had considered a necessary transition to act as gateways between PSTN dialing and VOIP until VOIP replaced PSTN virtually entirely if not completely. That is why we are on Asterisk. We had to replace our old keyed system and the thought was that we might as well get ready for VOIP even if we planned to stay on PSTN for the foreseeable future. However, the overwhelming evidence I find is that one simply does not employ VOIP in the same way that PSTN works. Actually, I have put that backwards. What I have discovered is that the most commonly recommended method is to switch from a Telco to A SIP provider and continue in a manner similar to the former set-up. External calls all have to travel through a third party provider. One does not accept incoming VOIP calls from just everyone, apparently. One only accepts VOIP calls from known correspondents. I am not clear why this is so other than vague warnings respecting (admittedly real and serious) security issues. Even limiting VOIP to known correspondents one is ultimately trusting that they themselves are secured sufficiently to prevent unauthorised access to your systems through theirs. And that seems a bit of a stretch by way of rationalisation to me. Also I do not understand is why the same issues do not exist from incoming calls via PSTN. I somewhat understand the process of getting devices to register and authenticate to obtain access to our outgoing routes. What is it about incoming SIP calls destined to our internal users that make those calls so dangerous? Why cannot incoming anonymous SIP calls not be treated exactly as incoming PSTN calls (other than PSTN have to go though DAHDI to turn them into digital VOIP calls). What is it that prevents them from being blocked from gatewaying through to our PSTN lines? Please forgive my abysmal ignorance on this matter. Perhaps I have been down in the weeds too long getting our internal FreePBX system working to see what is obvious to others. I have been going theough the Asticon Videos on security and have or already had implemented most of the suggestions: Outbound LD secured by pins and allowed only during work hours; IPTABLES rules and fail2ban checks; Separation of voice and data network segments and addresses; Private IP for VOIP desk-sets and internal provisioning; and so forth. However, I still have the sense that I am just not getting it. What am I missing? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users