On Wed, Sep 30, 2009 at 1:55 PM, Les Mikesell lesmikesell@gmail.com wrote:
You are still exposed to anything that is on the local LAN - which could include other machines that might have been compromised through browser exploits, etc. unless the segment only connects to IP phones (and you lose the ability to use soft phones). Linux is less vulnerable to most of these than windows would be, but still, if you know there are updates to fix known security issues you are pressing your luck if you don't install them.
That's the impression that I got, that the CentOS/Asterisk box was just connected to standard SIP hard phones and to TDM analog lines. (Like a traditional key system.)
Phone switches are particularly attractive targets to hackers: http://nerdvittles.com/index.php?p=580
Even without being connected to a VOIP trunks or the LAN, phone systems are vulnerable to security breaches. Often voice mail has "outdialing" features. So a system can be set up to go into voice mail and then out to anywhere in the world.