Sip trunking security considerations

I’m interested in discussing security considerations when using sip trunking with Asterisk. In my experience many sip trunk providers don’t support SRTP and will often tell you that you don’t need to deploy a Session Border Controller or sip aware firewall. I understand the benefits of using both, but am interested to learn what others are doing. I think of encryption like QOS, if you don’t have it everywhere you don’t have it anywhere. Since I can’t control the encryption end to end, why bother between my pbx and the sip trunk provider? As for the SBC, the high cost and complexity to deploy seems to offset the benefits of deploying sip trunking all together. What is wrong with locking down a firewall ACL to only allow the sip and rtp traffic to and from the sip trunk providers public ip addresses?

I don;t know too much about security but i’m going to tell you something, what i need to be sure is that me PBX are very reliable, secure, clean and working really fine.

To me knowledged, me pbx at office have all that conditions.
I have configured a firewal, just specific Phones by IP can register to the PBX.
And remember to disable automatically Linux updates because new updates can change your OS files and that may make errors or system inestability.