The trunk on our Freepbx/asterisk is configured with outgoing settings only. This configuration is working however we don’t have any incoming settings configured, which I am concerned leaves the system open to attacks e.g. phantom calls from own extension.
Does not having any incoming settings leave the system open to attack? If so can someone provide an example of what the incoming settings should look like?
Many thanks.
David
The attacks never (well hardly ever 
) come from your trunk, allow inbound trunks as your vsp requires or you just won’t get calls.
As to security, maybe a recent post here ( you should try reading them posts, some might be useful to you 
there is a convenient search box on this site)
Thanks for the reply. I have most other security mechanisms in place. Just concerned about the incoming settings.
Only the “host” you define therein will see those incoming settings.
What do you mean by “outgoing settings only”??
If you mean that you don’t have an Inbound Route configured, then no, that should not present any security concern.
The main security concern with FreePBX/Asterisk occurs when you forward ports from your router to your PBX, which you should NEVER do. Asterisk does not need ports forwarded to place or receive calls as long as your trunks are configuring with a Registration String. There is quite a bit of misinformation out there suggesting that you need to forward ports 5060 and 10k-20k, but that is incorrect as long as your provider supports SIP Registration.
The secondary concern is if someone manages to hack their way into your network, and that’s where strong passwords come into play.
If you want to get really secure, you can enable IPTABLES and configure it so that only one machine on your network can access Port 80, and only your statically assigned phones can access Port 5060. You can even limit it to the MAC address of the phone.
There are also a few routers out there that don’t follow normal security standards by limiting port opening to the destination. I found a Belkin that did that once. But, ordinary business routers should not do that…