VoIP PBX is more than just a phone system that offers all the features you need for efficient communication. Using VoIP-enabled PBX systems brings several benefits in cost and flexibility. However, like most technologies, even small mistakes in configuration can result in massive security flaws.
Configuring VoIP PBX to place and receive calls is relatively easy. Keeping it safe is another challenge altogether. Since your PBX can make nearly unlimited number of chargeable calls in a short time, breaking into it can be a tempting prize for “professional” hackers. In this article, we list down the top eight security considerations before setting up a VoIP PBX.
Use Strong Passwords
A weak password is an inherent security flaw in any software. This is why a strong password is an essential part of a VoIP PBX. Mostly, a VoIP PBX has passwords for various components of the system from user and administration web interfaces to extension registrations and even voicemails.
Instead of using the same password for each component, we recommend to set up a different passwords. You should note that each password set up for the VoIP PBX must be at least, 10 characters long. Besides that, the password policy must demand a mix of both: upper and lower case alphanumeric characters, as well as special characters. To protect the passwords from being compromised, it’s best to change them periodically after 2 to 4 months.
Avoid Port Forwarding
Many VoIP PBX vendors suggest port forwarding to facilitate remote access for mobile workers, some. However, doing so can easily translate into a security flaw. Port mapping or forwarding creates an opening in the firewall, making a cyber attack on the system probable. Instead, it’s best to utilize a secure RTP protocol or deploy a VPN device at both ends to communicate via a secure, encrypted tunnel.
Separate Data and Voice Traffic
One of the simplest ways to avoid security risks in VoIP connections is to separate voice data from all other data traffic. Many VoIP service providers provide users with dedicated SIP trunks supported by NGN ports. The NGN (Next Generation Network) ports separate voice networks, data networks, as well as video networks to give users a converged network.
However, if you lack such a system, you can alternatively set up a VLAN for endpoint devices on your PBX system. Using a VLAN switch, you can separate both voice and data traffic logically. Doing so can help you protect VoIP traffic in an event your data VLAN is penetrated. Moreover, this helps limit the rate of traffic to IP telephony, which slows down the external attack.
Secure the Trunks on your VoIP PBX
One of the most common ways to exploit VoIP PBX connections is to hijack SIP trunks or POTS lines to make expensive international calls. You can prevent this by restricting outbound calls from every vulnerable end-point. At the same time, you stop allowing anonymous incoming calls through the system. There are three simple ways to achieve this:
Set up Outbound Route Permission
Since most users in the company have limited use of the calling service, not every user needs to make international or long-distance calls. This is why it’s best to configure different outbound routes for separate trunks or individual extensions. Outbound route permission for long-distance, local, and international should be assigned to employees based on their use.
Ban Anonymous Hairpin Calls
Owners of the VoIP PBX system are sometimes surprised with charges for calls you don’t remember making. Cyber attackers can first dial into a PBX using anonymous numbers, and then use the PBX’s functionality to make outbound calls. These calls are also known as “hairpin calls”. Charges for these calls will, eventually, end up on your bill. Banning anonymous incoming calls from routing outbound using settings in the phone system can help prevent anonymous call charges.
Configure Outbound Restriction
If your VoIP PBX system has the option of limiting the times a user makes outbound calls in a particular period then it’s best to apply these settings. Doing so can minimize unwanted losses caused by unauthorized calls.
Block Unauthorized Access with Firewall
Firewalls in VoIP PBX systems often have pre-configured rules for controlling and filtering traffic sent to the system. However, you can create and configure your own firewall rules on the PBX system as well, something that allows you to filter certain ports, MAC addresses, source IP addresses/domains.
At the same time, you can block suspicious access to calling resources, as well. For instance, many VoIP PBX systems allow administrators to add rules blocking unauthorized web access from a blacklisted IP addresses. Similarly, you have the option to define a set of Whitelists or Accept Rules where you can drop all the packets and connections directed from other hosts.
Keep Your VoIP PBX Updated
Regularly reviewing and updating PBX software is essential for VoIP PBX. Mostly, the most recent version of the software is the most secure version of the software. Additionally, the latest version often has critical security features that protect the system from latest cyber threats.
A VoIP PBX system can be exposed to a collection of cyber risks when not configured with proper security measures. Using a reliable and secure VoIP service can help you protect your data, guarantee call quality, and encrypt communications with your VoIP PBX system.
DLS Internet Services offers a comprehensive VoIP solution for businesses of all sizes and across all industries. For further information on our VoIP PBX services, visit our website.