Call requests reached at your asterisk server then it should be need valid login details. There some notable exception of this rule. When the request comes from the server then it should be pattern match of the entered character to pre- defined peer whose definition in lap up.
Use Strong Password in Login:
To affect your server from cold-hearted password bargain for attacks, make sure your user accounts have strong password always. There are at list 6 or 7 characters with mix lower and upper case letter like numeric digits and more than one non-standard character. Note that some special characters who will be not in working. Avoid these types characters such as &, %,} and ) etc. The main advantages of using strong passwords, it cannot be affected by over emphasized. These are very essential to the security regions. When you are creating a SIP account for internal extension phone then same credential will be work at your VoIP when you call from Internet. To check the list of user login details including user name and passwords in Asterisk PBX.
Never mention the parameter "insecure=invite" or "insecure=very". When you are defining a dynamic SIP user account for the using Internet calls then it should be show disable account due to checking user id and password. Prevent the range of IP addresses from which the user is allowed when connect to the using account they deny and permit to the given parameters. It is very good idea where all possible source IP addresses are sign by new name from local area network. Try to avoid friend setting. Use peer types setting at place of it.
In general of SIP configuration you set the "alwaysauthorreject=yes". It should be making much completed for hacker to scan your server and check your extension numbers are being used because it inform to server that supply credentials are wrong on a request. It should always return same types message no matter whether it was the user id or password did not match.
If you are using free VoIP system, then it should be look very carefully at the configuration for the routs. It makes sense to include a route especially for abroad calls. It has not required user id and password but it has restricted to some countries and another that has a password and it is used for all the other countries calls. Outbound routes are checking first in sequence therefore you must put it with in a pattern matching for specific countries.
Dissimilarity on the previous would be to set a route password on the route that covers abroad calls. One having no password but it is restricted to the certain acceptable countries and next that have need password and then use all the International calls.
Outbound routes are not in own control, It does not sufficient to fully protected your system, but it is big supporting hand to help and connect suddenly line of defense behind the user account when asterisk receives an invite request.
Use Strong Password in Login:
To affect your server from cold-hearted password bargain for attacks, make sure your user accounts have strong password always. There are at list 6 or 7 characters with mix lower and upper case letter like numeric digits and more than one non-standard character. Note that some special characters who will be not in working. Avoid these types characters such as &, %,} and ) etc. The main advantages of using strong passwords, it cannot be affected by over emphasized. These are very essential to the security regions. When you are creating a SIP account for internal extension phone then same credential will be work at your VoIP when you call from Internet. To check the list of user login details including user name and passwords in Asterisk PBX.
Never mention the parameter "insecure=invite" or "insecure=very". When you are defining a dynamic SIP user account for the using Internet calls then it should be show disable account due to checking user id and password. Prevent the range of IP addresses from which the user is allowed when connect to the using account they deny and permit to the given parameters. It is very good idea where all possible source IP addresses are sign by new name from local area network. Try to avoid friend setting. Use peer types setting at place of it.
In general of SIP configuration you set the "alwaysauthorreject=yes". It should be making much completed for hacker to scan your server and check your extension numbers are being used because it inform to server that supply credentials are wrong on a request. It should always return same types message no matter whether it was the user id or password did not match.
If you are using free VoIP system, then it should be look very carefully at the configuration for the routs. It makes sense to include a route especially for abroad calls. It has not required user id and password but it has restricted to some countries and another that has a password and it is used for all the other countries calls. Outbound routes are checking first in sequence therefore you must put it with in a pattern matching for specific countries.
Dissimilarity on the previous would be to set a route password on the route that covers abroad calls. One having no password but it is restricted to the certain acceptable countries and next that have need password and then use all the International calls.
Outbound routes are not in own control, It does not sufficient to fully protected your system, but it is big supporting hand to help and connect suddenly line of defense behind the user account when asterisk receives an invite request.