Trixbox Pro Security
From Trixbox Pro Help
By default the trixbox Pro system is designed to be installed behind your firewall on the same LAN with your IP phones. In this configuration, it benefits from the same current level of security as all your systems. The VPN connection it makes with our management software is an outbound connection and does not require any ports to be opened on your firewall. All communication over this VPN management connection is encrypted.
The security concern comes when you want to allow remote telecommuters to access your trixbox Pro system from the Internet. This requires that you allow this traffic through your firewall so that the remote phones can communicate with the system. This introduces a risk that the system could potentially be attacked externally. You can learn about the exact UDP ports used here:
The trixbox Pro system itself is running on a hardened OS environment that only exports services that are essential to the operation of the system. There are no unnecessary services running at all. Everything that does run is carefully configured with security as a primary consideration.
We do not use internal firewall rules on the system, although it does support them. Linux experts can use iptables from the CLI using the root login if they wish. The use of internal firewall rules does restrict the performance of the system, leading to lower overall system scalability. It may also cause audio quality problems under some circumstances, and strictly speaking could void your support contract as well.
We urge customers with intensive security concerns to use an external firewall for additional protection, if needed. Also see our article about setting up a secure LAN environment for trixbox Pro. This has worked well for several banks, law firms, and other organizations who use trixbox Pro but have strict security concerns.
