Published on December 5th, 2017 | by Guest0
10 Tips to Make Your PBX More Secure
If you are in charge of a VoIP / SIP phone system or are thinking of adopting one for your company, VoIP (Voice over IP) security is probably one of the most important considerations you should take into account. This article presents ten simple tips that can help you make your VoIP phone system more resistant against attacks.
1. Protect your administrative interface using a good password
This is extremely practical, but for this reason it is very important to choose a strong password. Some VoIP systems come with a factory password and leaving this password in operation can cause security problems. Therefore, it is very important to change it during the installation process. If your PBX server operates on non-proprietary equipment, it is most likely operating on Windows or Linux. These types of systems usually have a remote administrative interface such as RDP or SSH that allows administrators to carry out system maintenance. Attackers usually indiscriminately attack these services by ‘brute force’ over common system user names. Therefore, it is very important to implement strong passwords for these privileged access systems.
2. Select strong and original passwords for your SIP phones
Another place where passwords are common in IP PBXs is in SIP / VoIP phones. Even when the PBX server allows you not to use passwords or leave them blank, do not do so. Give a unique and strong password to each of the phones. A common error affecting VoIP security is to set the password with the same telephone extension number. For example, extension 100 is given the password “100”, etc. Attackers are well aware of this trend and it is one of the first vulnerabilities that explode.
3. Implement VoIP security from the design phase
If from the beginning you consider VoIP security as one of your priorities, it will be easier for it to be properly implemented. Planning is essential to avoid security problems in the future. VoIP security refers to reducing risks to an acceptable level.
4. Simplify as much as possible
It is important to take into account that when it comes to designing a network, there is no single formula that solves all security problems. Each requirement carries with it different limitations and therefore needs different solutions. For example, a hotel has different security concerns than a company. In the case of a telephone system in a hotel, this may not have any need to be connected to the rest of the system and therefore may be physically separated from the rest of the hotel’s internal network. On the other hand, a telephone exchange for companies may need to be connected to the internal data system of the business.
5. Avoid exposing yourself to unreliable networks
Most of the time it is not necessary to put VoIP phones in the internet network. In this way, VoIP phones can be placed behind a firewall with restricted access. This can prevent attacks directed directly to VoIP phones. In the same way, if the PBX does not need internet access, placing it in a protected network can reduce risks. When the telephone system needs access to the internet, it is a good idea to allow access only to the services that require it.
6. Use IDS (intrusion detection system)
In VoIP security, implementing preventive measures is half the work. The role of the intrusion detection system is to help system administrators and security analysts identify potential security attacks before it is too late. A host intrusion detection system can be very useful to identify attacks to the system by means of the analysis of files, modification of documents, etc. In contrast, a network intrusion detection system identifies attacks by monitoring the network.
7. Monitor the use of the network
Another way to detect attacks to a software-based telephone exchange is by monitoring the use of the network. The responsible person must then investigate whether the traffic is legitimate or not. Some attacks on VoIP, such as brute force attacks on passwords, generate a large amount of traffic, which can be easily detected with these tools.
8. Strengthen your operating system
One way to strengthen the operating system for your IP PBX is to stop unnecessary services and identify security vulnerabilities. Most systems execute processes that are not necessary for the function they perform and any service that is not crucial to the functionality of the IP PBX should be disabled. Apart from disabling unnecessary services, there are some specific settings that you can modify to make the base OS more secure and several tools that can help identify those vulnerabilities and security risks.
9. Keep the operating system updated
Modern operating systems are updated regularly with patches to increase their security. Be sure to receive these updates regularly to keep your system up to date. Enable automatic security updates and make sure your system is in the latest version.
10. Keep the phone firmware updated
Hardware-based SIP phones also obtain security updates frequently in the form of firmware updates. Some security flaws in firmware have allowed attackers to convert the SIP Phone into a listening device. Make sure that the phones are updated to the latest firmware version to minimize the risk of these security intrusions using update functionality.
Voice over IP (VoIP) technology has been appreciated and adopted by a large number of companies around the world for years. This is why it is very important to consider the implications of VoIP security, which can be implemented in a simple way and avoid indiscriminate attacks.
Kimbrely Stewart is a technical content write and currently working for office phone system dubai company PBX Systems. She loves to learn and share technical news and updates.