I've added an entry to /etc/hosts.allow for Asterisk and it seems to get the job done:
asterisk : proxy01.sipphone.com : allow
asterisk : 192.168.80. : allow
asterisk : localhost : allow
asterisk : ALL : deny
Before, I was able to easily connect the N800 SIP phone app from any external network and make dialed calls using default extension info (for example: 200,200). Now I can at least limit that access to specific hosts (or none at all) but I'm not sure if there are any security loopholes still open. Am I missing anything obvious by not trying to upgrade FreePBX and locking it down there?
Good points Thom... LegoGT, please still make the trac entry with the notes/comments referenced by myself and Thom.