This week I had an interesting little puzzle to solve for the implementation of a PBXware MultiTenant PBX. Much of the scenario was familiar enough. The prospect had been using Elastix and Trixbox and was tired of being hacked. However two important distinctions were a low bandwidth provision in location and an absolute legal requirement to have the server located in the low bandwidth provision.
The prospect’s activity was to be only PRI for the purpose of the telephony and any IP was to be limited to the GUI interaction and the sending of messages by email. There was consideration of the possibility to separate PBXware MultiTenant PBX Interface from the Asterisk Engine and have the PBXware in a different location.
The following reply was made:
“1. Separating the interface from the Asterisk is going to be less security as it implies there needs to be a tunnel to join them. The Asterisk is still where it is.
This though is already reduced in issues by using SERVERware as it puts the Asterisk inside the CHROOT.
2. We simply do not get hacks, if :
a. SIPROT is used, although you have no SIP trunks
b. Firewall is used – we have no backdoor
c. When using a bastion : a page through which users need to pass before they arrive a the PBXware interface and the access to PBXware is limited to local IP only.
d. If we do set up and maintenance of the security – we not had problems ourselves.
3. Bandwidth required / to be used is minimal for the PBXware. From your description your presence is ‘not’ in a datacenter ? (guessing). 256kps is though enough to purpose.
4. Some bandwidth activity e.g. voice/fax2email would still come off the telephony server.”
… hopefully the prospect will take the advice … for sure though – should be interested to know of any issues of security you may have had …