Intrusion Prevention in Asterisk-Based Telephony System

Most enterprises today have their own Private Branch Exchange (PBX) systems that enable them to communicate on-premise and with the external or public switch telephone network. Companies that rely on heavy phone calls (especially, debt collectors) find the approach cost effective especially when automation techniques are introduced for auto dialing as a measure to reduce the number of employees who have to do the manual calls. The challenge however is that, PBX telephone systems have long been the target of attacks such as call stealing, server attacks, and sometimes user private data stealing. In this work, we investigate the best ways to prevent intrusion of attackers in a proposed PBX telephone system that is built in Asterisk environment. Instead of using the Asterisk platform as a complete solution, we proposed a cloud-based middleware layer that keeps the most sensitive part of the caller information, and rely on Asterisk only for call dialing, routing, and receiving. The middleware uses the REST standard to interact with the Asterisk platform and other proposed techniques such as message marshaling and demarshaling to enhance privacy. The pilot testing of the proposed approach shows high threshold for security enforcement and intrusion denial.