The VoIP telephony service is Internet based, which inadvertently exposes it to various security threats. Vulnerabilities for each system will be different as everyone uses different systems and equipment. In this article we are going to take a look at some of the most common yet much-needed methods of protection that can be applied to almost any VoIP system. During the installation of the PBX/Voice network, you will need to put in place all the necessary security checks so that the system has maximum protection in place from the time it starts. It is better to hire experienced engineers who are not only aware of, but also handle various security threats.
Prevention is the best mantra when it comes to securing your VoIP phone system because security breaches or system hacks can prove to be extremely expensive for any company. You will need to ensure that end-to-end security checks are deployed so that from network to the gateway, everything has been protected. Some of the primary preventive steps that you need to take to secure your IP telephone system include the following.
Securing the Port 5060
You should always use SBC’s, firewalls or router ACL’s if the port 5060 is open in order to accommodate the remote SIP endpoints. However, it is recommended that you close the port 5060 and instead use a VPN to carry traffic from the endpoint to the PBX. You can even inform your VoIP service provider about the IP addresses that would get exclusive entry through 5060 and the rest can all be blocked. You should inquire with your Internet telephony service provider about NAT and in the case where they support it, then it is better to use the NAT traversal than assigning a public IP address to the PBX.
Network Access or Security
You should never allow the PBX to be accessed from external networks if it is not mandatory. Alternatively, you can block all the IP addresses to the PBX, except the ones that need legitimate access. When there is no need for accessing the PBX, you can even use the ACL rules, VPN’s, firewalls etc. to provide extra security. You should scan the present network to identify any potential threats.
You should take into consideration the physical security of the internal voice LAN. You should locate your PBX and the switches to a secure area and provide access to only the known endpoints. Try to use VLAN’s as they can provide secured access to voice LAN.
The number of routes connecting to your PBX can be reduced by using the Auto Attendant and ending the call, especially when all your DDIs are connected to the PBX but not all are in use. Thus unauthorized access to the Voicemail can be restricted.
Password and Administrative control
Change all the default passwords meant for the administrator because default passwords are the first targets of any security attack. While setting up the phone system do not have similar extension passwords as that of the extension. It is also important to find out that the conference rooms or fax servers are protected with strong passwords as well.
Voice mail is the first victim of any attack and most common form of attacks are known as “phreaking”. Limit the exposure of incoming or outgoing calls to the voice mail.
smplsolutions offers products and services for telephone, cloud, computer networking, video conferencing, video surveillance, data management, security and cabling needs. Our highly trained technicians, The Tech Team, are your team of networking and communications experts.
Call us today on 800.943.7675 for all your communication, networking and surveillance requirements.