Expired

XIII. IPPBX

Expired

VoIP and IP PBX Security

Products:
VigorBX 2000
Vigor IPPBX 2820
Vigor IPPBX 3510
Keywords:
Access Control
Hacked
Hacking
IPPBX
Show all

VoIP & IP PBX Security - Protect yourself from fraud

VoIP Fraud / Call Theft is commonplace on the Internet. Hackers will continuously scan millions of IP addresses looking for VoIP devices which are insecure or vulnerable. If a thief accesses your VoIP account and makes call, it is normally impossible to find/catch them or get your money back and it could be very expensive for you, especially if you don't spot it quickly.

  1. Always use strong passwords for all parts of your setup. A strong password is one which is long and doesn't use natural words. e.g. 'h&g_dh5%fns1$gh' is considered strong, but 'password' or '1234' is not. Places to ensure strong passwords will include:
    • Your SIP trunks - the SIP password which your VoIP device or IPPBX uses to log into your ITSP (e.g. DrayTEL). Your SIP trunk administration account will also have a password (which you might use to log in and view call logs, buy credit etc.).
    • SIP extensions on your IP PBX. If you are using an IP PBX (a 'switchboard') in which your IP phones or softphones are extensions on your office system, each of those phones will have a SIP password it uses to log
      into the PBX. This applies to hosted (cloud-based) IP PBXs as well as your own hosted physical IP-PBX hardware.
    • Admin passwords for your VoIP hardware, including IP phones, routers and IP PBXs.
  2. If you are not using and do not need remote extensions on your IP PBX, disabled this feature on the IP PBX.
  3. Regularly check your call records for any unusual activity. The call records on your VoIP device/software or your SIP trunk account should all be checked.
  4. If your SIP provider or IP PBX supports call barring, consider blocking calls to areas which you do not need to call. For example premium rate number (09...) or international calls. Most fraud seems to be to Eastern Europe, Africa and Asia, so you could block those areas if you don't need to call them.
  5. Ensure that your VoIP hardware, PBX or software is up-to-date with the latest firmware, patches or security advisories.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

First Published: 18/03/2013
Last Updated: 16/06/2020