VoIP and IP PBX Security
VoIP & IP PBX Security - Protect yourself from fraud
VoIP Fraud / Call Theft is commonplace on the Internet. Hackers will continuously scan millions of IP addresses looking for VoIP devices which are insecure or vulnerable. If a thief accesses your VoIP account and makes call, it is normally impossible to find/catch them or get your money back and it could be very expensive for you, especially if you don't spot it quickly.
- Always use strong passwords for all parts of your setup. A strong password is one which is long and doesn't use natural words. e.g. 'h&g_dh5%fns1$gh' is considered strong, but 'password' or '1234' is not. Places to ensure strong passwords will include:
- Your SIP trunks - the SIP password which your VoIP device or IPPBX uses to log into your ITSP (e.g. DrayTEL). Your SIP trunk administration account will also have a password (which you might use to log in and view call logs, buy credit etc.).
- SIP extensions on your IP PBX. If you are using an IP PBX (a 'switchboard') in which your IP phones or softphones are extensions on your office system, each of those phones will have a SIP password it uses to log
into the PBX. This applies to hosted (cloud-based) IP PBXs as well as your own hosted physical IP-PBX hardware.
- Admin passwords for your VoIP hardware, including IP phones, routers and IP PBXs.
- If you are not using and do not need remote extensions on your IP PBX, disabled this feature on the IP PBX.
- Regularly check your call records for any unusual activity. The call records on your VoIP device/software or your SIP trunk account should all be checked.
- If your SIP provider or IP PBX supports call barring, consider blocking calls to areas which you do not need to call. For example premium rate number (09...) or international calls. Most fraud seems to be to Eastern Europe, Africa and Asia, so you could block those areas if you don't need to call them.
- Ensure that your VoIP hardware, PBX or software is up-to-date with the latest firmware, patches or security advisories.
How do you rate this article?
- First Published: 18/03/2013
- Last Updated: 09/12/2015
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.