Safety of using DISA

MrMario · October 16, 2012, 9:49am

I’m trying to add DISA into my phone system and so far so I have something like this:

[incoming-calls]
exten=>in,1,Playback(welcome)
exten=>in,2,DISA(no-password, local-calls)

[local-calls]
exten=>100,1,Dial(SIP/phone1)
exten=>101,1,Dial(SIP/phone2)

It works fine, but I’ve heard that’s not safety solution so here are my questions:
Why is this not safety? I’m allowing only to making local calls with DISA so there shouldn’t be any way to dial out external number.
What should I do to make it more safety? I don’t want to require any password, everyone who is calling to me should be able to use DISA.

csullivan · October 19, 2012, 11:19pm

I can’t see any problems with the way you are using it, although using a voice prompt and waiting for an extension to be dialed works fine as well.

david55 · October 20, 2012, 9:20am

I think the safety thing is that DISA is the number one target for telephone hackers on more traditional PABXes, because most people use DISA to provide toll access to outworkers (and note that not all countries have free local calls), and people use weak passwords.

Topic		Replies	Views
DISA - Additional Security Feature Help Asterisk Support	2	365	February 26, 2008
DISA authentication question Asterisk Support	3	274	April 18, 2007
Authenticate and DISA Asterisk Support	1	161	November 7, 2007
DISA Script Asterisk Support	4	430	March 9, 2007
DISA doesnt ask for password Asterisk Support	1	224	August 23, 2010

Safety of using DISA

Related topics