• Last Updated:
  • Nov 20th, 2019 8:13 pm
Tags:
[OP]
Deal Expert
User avatar
Apr 16, 2001
15280 posts
1950 upvotes
Oshawa

Most secure VOIP ATA?

Now that Cisco ATAs have been shown to have massive security holes, and Grandstream is pretty much a security joke, I'm wondering which ATA manufacturer has the best security record. The Obi200's latest firmware is from March 2019, which isn't particularly great. Interestingly, the Polycom website doesn't offer firmware for any ATAs lower than the 300-series, but those have a November firmware.


Any suggestions appreciated.
Whenever someone asks a question that starts with "Why do they..." or "Why don't they...", the answer is always a) money, b) stupidity, or c) both.
3 replies
Deal Expert
Aug 22, 2006
25972 posts
11405 upvotes
Not that I disagree but I'm not sure you're going to win this fight.
Deal Guru
Feb 9, 2006
10899 posts
5246 upvotes
Brampton
ATA Devices are notoriously bad.
Even if you can harden the "Web/Net" side which gets harder and harder these days.
The weakest link is the Phone side. You can't firewall it, it's pretty much just connected out there on a network naked all the time. Some of the earliest hacks for ATA devices came about from auto dialers brute forcing specific tone combinations

I want to point out that those Cisco ATA flaws are not that easy to exploit. You need to access to the device, either physically (at that point all bets are off) or you need another attack vector to gain access to the network (again at this point all bets off).

You'll need to practice VoIP best practices, never forward ports.

That's why IPS/IDS is more important that ever, if there's weirdness on the network you need to shut it down immediately.
Proactive counter measures
Whitelist Firewall rule Exception mentality vs blacklist.
Member
Jun 9, 2012
206 posts
106 upvotes
Vancouver
I remember the days where I disabled VoIP services remotely from random people by logging into their Linksys SPA VoIP boxes over the internet.

Top