Please select your question category

Answers to common questions regarding IPComms products and services.

Answers to questions regarding moving existing phone numbers to IPComms.

Common questions regarding Asterisk PBX and IPComms SIP Trunks.

VoIP 911 Service may operate differently than traditional phone service 911.  Read more about possible VoIP 911 differences.

Common questions regarding IPComms technical support.

Asterisk PBX FAQs.  (Trixbox, PBX-in-a-Flash, Freeswitch, AsteriskNow, etc...)

Learn how to secure your PBX from hackers and telecom fraud.

Answers to common questions regarding A-Z VoIP Termination.

Answers to questions about our Cloud Based (Hosted) PBX Phone System. 

Answers to questions regarding billing, invoicing, payments and more.

FAQs - PBX Security

Learn how to secure your PBX from hackers and telecom fraud.

Telecom Fraud is defined as: the intent to defraud another of the lawful charge for telecommunication service.

Most commonly, hackers find holes in IPPBXs that are connected to the public internet by using SIP scanners and exploiting system weaknesses.  Typically these are default passwords being left in place, extensions being left unsecured, open SIP ports or incorrectly managed or non-existent of firewalls. For more information read this article.

While IPComms may actively monitor its network for suspicious activity and traffic patterns, it is ultimately the responsibility of the customer to protect their own network.  Customers are responsible for all charges associated with their account whether fraudulent or not. It is the customer’s sole responsibility to take immediate action to prevent or block any fraudulent use. This includes (but not limited to) physical security of the system and phones, as well as passwords, pins, remote users and network security.  

If you suspect fraud, or have questions regarding how to help protect your system from fraud please contact IPComms Customer Service.

It is not an impossible task to secure your IP PBX from the top 99.9% of all intrusion attempts and minimize the damage done by any intruder that sneaks past your security.  Remember, Hackers are lazy (otherwise they'd have a real Job!), they are not going to spend hours trying to hack a system when they can just move on to another that is wide-open.

While also very important issues, this document does not cover topics related to software protection (e.g. protection against Spyware, Trojans or viruses).  Our focus will be on PBX call and traffic security.

Below are a few basic steps that can be taken to reduce your overall exposure:

    1. BE SURE THAT YOUR IP PBX AND ACCESS TO YOUR NETWORK IS SECURE AND LIMITED ONLY TO THOSE WITH APPROPRIATE ACCESS PERMISSIONS.
      Physical security is very important and commonly overlooked.

    2. NEVER, NEVER, NEVER USE THE DEFAULT PASSWORDS ON ANY SYSTEM.
      This is probably the most common way hackers enter IP PBX systems. When installing your IP PBX, the very first step should be to replace both the username and passwords of any account with administrator access. Secondly, when creating user accounts, be sure not to use or allow easy to guess passwords like “1234”, “password”, “companyname1” etc.  

    3. NEVER USE THE SAME USERNAME AND PASSWORD ON YOUR EXTENSIONS.
      This is another VERY common issue especially within the Asterisk community.  Using password 101 for extension 101, is asking for big trouble.  DON’T DO IT!

      Example of what NOT to do on your extensions: 

      ; sip.conf
      [101]
      username=101
      secret=101
      host=dynamic

    4. PLACE YOUR PBX BEHIND A FIREWALL
      Lets’s face it, working on your PBX from home or allowing co-workers access to the system remotely is necessary and often unavoidable.  However, doing it correctly can be the difference between security success and total and utter failure.  VPNs are a good way to limit access and enable co-worker remote management. Placing your PBX behind a firewall and Restrict remote access to your IP PBX to specific IP Address will greatly discourage even the most determined hacker.  While hardware firewalls typically provide the most security, software firewalls can be just as effective and much cheaper (many are free).   

      Firewalls, of course, are only as good as the rules defined within them.  So be sure to only activate ports that are absolutely essential to run your PBX. Block anonymous WAN requests (P-I-N-G).  Lets face it, if they can’t find you, they can hack you.

    5. MAKE IT PRIVATE – NAT IS YOUR FRIEND!
      When possible, place your IP PBX on a lan with Network Address Translation (NAT).  NAT basically gives your IP PBX a private IP Address and makes it much more difficult to gain access to from the internet.  

    6. KEEP INBOUND AND OUTBOUND ROUTING SEPARATE (Asterisk)
      This is probably the biggest cause and source of toll fraud.  By keeping your inbound call routing in a different context than your outbound routing, if an intruder does happen to make it in to your system, he can’t get back out again.  

    7. LIMIT REGISTRATION BY EXTENSIONS TO YOUR LOCAL SUBNET.
      Restrict the IP addresses your extensions can register on to the local subnet.  Asterisk PBXs can use the ACL (permit/deny) in SIP.conf to block IP addresses.  This can fend of brute force registration attempts.

    8. DISABLE CHANNELS THAT ARE NOT IN USE
      Disable channels that you aren’t using like skinny and MGCP.  For Asterisk PBXs, you can “unload” these modules in the /etc/modules.conf file like this:

      noload => chan_mgcp.so
      noload => chan_skinny.so
      noload => chan_oss.so

    9. MAKE IT HARDER FOR SIP SCANNERS
      Set “alwaysauthreject=yes” in your sip configuration file. What this does is prevent Asterisk from telling a sip scanner which are valid extension numbers. Install a SIP port firewall.  This will block “scanning” of port 5060 and can disable the attempting endpoint for specific time when it detects a violation.

    10. LIMIT AND RESTRICT DIAL PLANS
      Restrict calling to high-cost calling destination and don’t allow calling to 0900 + Premium numbers)

    11. AUDIT YOUR SYSTEM SECURITY REGULARLY
      Once you’ve reached this point, its not a bad idea to put your Hacker hat one, and have a try at your own system.  Think like a hacker and try to look for weaknesses or holes in your system security.  It is a good idea to review your system security regularly.  Don’t sleep on security… you can guaranty that thieves aren’t.
Fill out my online form.

 

SIMPLEDID PACKAGE
2 Lines & 1 USA DID for only:

$9.99/month*
Plus taxes & fees
 

ContactUs