Today I'd like you to take a second and check out this article from one of our Support Representatives, Ian Hambelton.
With more and more devices having the ability to connect to the internet in this day and age, security has become an increasingly important topic of discussion. To be honest the most secure device would be one that isn’t connected to the internet in the first place, however that would render a PBX useless since we’re talking about VOIP after all and ‘Internet Protocol’ is pretty important to make this all work. That being the case you will want (need) to take some basic security precautions in order to not have your PBX compromised and almost inevitably racking up a sizable bill due to excessive international calling and so on. While even more security steps can be taken, the following are in my opinion some of the easiest (and often forgotten about) ways to tighten things up and limit disaster.
1. Change and update
By far the most important steps to take if you are configuring an asterisk-based PBX would be to immediately change the default passwords and make sure your software is up-to-date. All too often systems get compromised by using default administrative credentials or out of date software with known compromises that are addressed in later revisions. While some PBX distributions address this factor during the initial installation process it is a good idea to make sure that these are not only changed but rather cryptic as well, and using sites similar to Passwords Generator are an effective way to generate credentials not easily figured out by general means of attacks (brute force and so on).
2. Secure your borders
The star fort secured towns and cities since the 15th century and onward, your network is not unlike this configuration of defense with the implementation of such things as firewalls and access control. This is obviously a topic which could go on for days, and basic internet searches will further prove this, we can break this down to something quick and easy right now.
-Know who you are dealing with.
Are you, your customers, clients, or service providers within the same geographical region? Great, we have an easy start. Sites like NirSoft have a fairly updated range of IPs on a country by country basis. If you are in, lest say Belgium as is your clients and service providers, you probably are expecting SIP or RTP requests from a given range of addresses which is why it would be a good idea to block these requests to your network from anything outside of this given area.
3. London calling
Keeping in touch with colleagues and loved ones abroad is quite common these days. If not by social media, the ever enticing low cost VoIP option is always available and a commonly used resource. Don't let your wallet be a commonly used resource. There are many ways to counteract this however limiting your reach is a good start, for example (or suggestion) you may want to block the most expensive calling areas right off the bat and this list of the The 10 Most Expensive Places To Call would be a great start to your dial plan.
It would be nice to have a finite rule set of VoIP and computer security, but honestly that will probably never happen. However with easy precautionary measures such as this, we can sleep a bit easier at night.