Is FreePBX safe?

With all the issues going on with internet traffic in the US, I was wondering: Is FreePBX safe? Can hackers (or anyone for the matter) listen in to my calls and if yes should (and can) I do something to prevent this? Like most people I don’t have anything to hide, but I value my privacy and would not like my internet usage and call information be “public”.

Hackers of VoIP systems generally want to hack into your system to make calls to toll fraud destinations at your cost. Now with good firewall security and following a few other security guidelines this can easily be prevented on FreePBX systems just as much as on other VoIP systems.
So in short, yes FPBX is as secure as you design your network to be, and if you do it right, you won’t have any problems at all.

Now when it comes to the NSA spying on your calls over the internet when you are using your VoIP provider, they could probably just do that, but regardless of the phone system itself.

You can encrypt voip traffic but it sounds like your cincerns may be with the one group who can legally listen to your calls. In fact this little thinh called the patriot act had some mandates for telcos that make access to your calls almost immediate on demand. SOOOO if your concern is big brother you may need a bunker with no phones


Your POTS lines are the most trivial thing in the world to listen in on. So you need to keep a little perspective here.

If they can legally listen in, why are all tech guys advising using VPN for my internet? Guess encryption is there for a reason which is to not grant access. Am I wrong?

I’m not from the US, but you never know what other countries are planning.

Any tips on encrypting my FreePBX btw?

The"tech guys" often have no idea what they are talking about. The vpns they rwcommend usually terminate in some place like china. Sure the US government may not see your traffic but china does and that is wayyyyyyyyyyy better.


You have defined “safe” as “Can hackers (or anyone for the matter) listen in to my calls and if yes should (and can) I do something to prevent this?”

Using that definition, FreePBX is as safe as any other VOIP solution, which is to say, not safe at all. Anyone who is sufficiently skilled and who has sufficient resources can listen to any phone call placed using any VOIP service provider, unless that service provider uses encryption (and I’m not aware of any that do), regardless of whether you use FreePBX or not.

Even if a provider uses encryption, your calls are still not safe, as anyone who works for that provider can access the calls and call records, and anyone who has the ability to intercept PSTN calls can still monitor your calls and call records as well.

Let me play a couple of semantic games with you, just so you understand why your question is unanswerable.

You ask “Can hackers listen in on my calls?”

We have no way of knowing. What kind of safeguards have you put in place to protect your calls? Do your calls traverse any providers in an unprotected manner? Are your communications encrypted end-to-end?

You ask “Can anyone listen in on my calls?”

Since you asked about “hackers” before, we’ll assume that “anyone” is the set of all other people on the planet. Within this group, the answer is very close to No. I say “very close” because someone could accidentally stumble onto your conversation somehow, I suppose (infinite monkeys with infinite iTunes accounts, etc.)

Now, let’s look at the other part of your question.

“Safe” is generally defined as “free from danger”. Within the set of “hackers”, FreePBX is not safe because hackers can gain access to the system and steal resources (right @dicko? @xrobau ?) As far as people accessing your phone conversations? This system is far more safe than any of it’s predecessors, at least it terms of wire-tapping.

Unless you are implementing end-to-end encryption, there is no assumption of conversation security. You should not discuss things over phone lines that you not discuss in public.

Once upon a time, we used something called STU-2 phones. These had an end-to-end security key that would allow us to take a regular phone line and “go secure”. These were replaced with the “STU-3”, which was replace with the “STE”, which we still use.

These phones all allow a conversation to “go secure”. None of them are VOIP.

Let me say that again. You can’t find a copper line phone on a military installation anywhere anymore except for STEs and a couple other specific systems. None of the regular phones are POTS - none of the secure systems are VOIP.

Now, if your concern is the CIA or NSA connecting your conversation, there are easier ways to do that than FreePBX. Apparently, Kik and Roblox chat are the “goto” applications for avoiding three letter agency scrutiny, so if you’re looking to be “safe” you should move your conversations there.

So, it depends on who you want to be safe from. The fact that you’ve asked the question, though, may make it so that you aren’t as safe as you were before you brought attention to yourself.

yes, if you wants to access google… even dropbox, you have to use VPN.
VOIP service is not legal business in china, unless gov does. Telcoms also sometime blocks 5060 port for SIP. So, if you want to make sure the SIP flow works, you have to use VPN connecting to each other. It is very troublesome for VOIP service.

I talked with a ISP which provides both cable internet and business phone service, they use sip protocol via separate date line to their server, so sip doesn’t go into “public” at least from office site to their server. From this, you could see “NOT SAFE”

So basically don’t worry about hackers listening in and hope I’m not a worthy target, be careful with what I say about certain world leaders and make sure FreePBX is behind an up-to-date firewall to prevent from hackers using it to make free calls charged to my account?

And make sure you disable anonymous calling

it’s better and easier to limit calling area on sip trunk management panel

Can you point me in the right direction?

Can you tell me where I can do this?

go to the web-gui of sip-trunk provider, usually they allow the user to choose which country could be dialed.

A feature my providers do not support :frowning: