SIP TRUNKING SECURITY
One thing that rings true for everyone is that you protect what is valuable to you. You lock your home’s doors when you leave for work, you click your key fob to set your car alarm and install a firewall to protect the traffic of your network. The same mentality should be utilized for your phone system, whether TDM or VoIP-based.
Unless your phone system is effectively protected, unauthorized calls can be placed. If left unprotected, the holes left open can be expensive, running several thousand dollars per day.
Please remember that you are responsible if your PBX system is hacked. We will bill you for calls that originate from your PBX, whether they are authorized or not.
Here are some helpful guidelines to follow in order to ensure that your PBX is protected. (This list is not comprehensive and is considered a living document that will be updated as the technology advances.)
- Set your IP-PBX so that it accepts connections ONLY from on-site phones and specific IP addresses.
- Use strong passwords and MD5 authentication or public/private keys and change all default passwords.
- Passwords should be at least eight characters in length and include letters, at least one capital letter, at least one number, and at least one of these special characters: !@#|$%^&*() _ -?.,
- Configure SIP proxies and firewalls with access lists to prevent access from unauthorized IP address blocks.
- If you connect other SIP devices through your switch, change usernames and passwords for those connected devices when the user leaves or becomes de-authorized.
- Change passwords routinely on these remote connected accounts.
- Review your call records to be sure that your traffic is what you expect from your normal business use.
- Contact your PBX vendor to discuss the security of your system. We are happy to work with them and answer any questions you or they may have.
- Check with your insurance providers to make sure you will be covered in case of fraud.
- Share SIP account passwords and device configuration passwords with anyone.
- Let external users redial from your PBX. This is a common exploit that has been used on phone systems for many years.
- Allow external access to the management portal of your phone system.
- It is also important to secure other services on your IP-PBX system. Services like HTTP, FTP, Telnet, and SSH are commonly exploited and should be tightly restricted.
- Phone systems should be behind firewalls or have the built in firewall enabled, and SIP proxy services should be used to pass traffic between external and internal systems.