Ron Blizzard wrote:
I do want to do an update of it all to latest versions etc. but when it just keeps working it is hard to justify the down time and potential hic-ups.
If you are very well firewalled and trust all the local users you might get away with ignoring security updates but it's mostly a matter of luck. With the stock CentOS components, your downtime for an update is normally just a reboot and problems are extremely rare. If you'd added custom or 3rd party code items there's a somewhat greater risk, but it is still pretty unlikely that an update would break things - or that you wouldn't have heard about other people having a problem.
If I understand Rob correctly here, there is actually no need for a firewall. He's not on the Internet. He's using analog trunks and SIP phones in a closed system. He's basically got a traditional key system or PBX switch that just happens to be based on CentOS/Asterisk.
(Traditional telephone switches have been based on UNIX for years.)
You are still exposed to anything that is on the local LAN - which could include other machines that might have been compromised through browser exploits, etc. unless the segment only connects to IP phones (and you lose the ability to use soft phones). Linux is less vulnerable to most of these than windows would be, but still, if you know there are updates to fix known security issues you are pressing your luck if you don't install them.
Phone switches are particularly attractive targets to hackers: http://nerdvittles.com/index.php?p=580