IT security is at the forefront of every business owner’s mind, and SIP trunk security should be included in every security plan.
Unencrypted SIP traffic when sniffed on the network can be decoded and listened to as if the attacker were on the call themselves, making it crucially important to secure your network.
Based on recommendations from top IP PBX providers, we have compiled the most important considerations for ensuring your SIP phone system is secure.
Whether you intend on deploying VoIP in-house, or working with a certified partner, understanding these security principles will assist you in ensuring your phone system is resilient against network attacks.
Using a strong and unique password for your IP PBX management console
Using a web browser to manage your IP PBX is practical and convenient, and most phone systems use this method today. When using this method, however, a strong password with capitalised and non-capitalised letters, numbers and symbols is crucial – as attackers are known to target these services with brute-force attacks on common usernames on the system.
Choosing a password for IP Phones
Some IP PBX servers do not require passwords on SIP Phones, or allow blank or short, simple passwords.
Despite the convenience of this, it is strongly recommended that each phone on the PBX has a strong and unique password. 3CX for example, will automatically change the password on the phone when it is provisioned, this saves time and helps with management of the phone system as a whole.
Planning for SIP Security
Security should be an integral part of the planning process of your IP PBX. Securing your 3CX phone system is made easier with additional anti-hacking features added to the phone system:
- Secure SIP
- IP blacklisting
- Anti-hacking settings
Segregating your networks
Due to the varying needs to business networks, there is no set solution for segregation of business phone networks, however investing time into this during the planning phase can see a number of benefits.
Segregated networks often see less congestion, which is particularly notable at busier times of the day, and should an issue arise on one network, it remains localised and other areas of the business are able to function as normal.
Segregation of networks for different departments may not be right for your business, however if it is something you are interested in we recommend speaking to your IT provider.
Allow only required services
There are many occasions in which your IP phones will not require access to the internet. In this case, the IP phone should be placed behind a firewall with strict access control rules.
Should you require your IP PBX to be connected to the internet, it is best practice to ensure only the required services are able to access the phone system.
Using an Intrusion Detection System (IDS)
An IDS is used to assist in identification of possible attacks, and alert system administrators and security analysts if an attempted attack/ intrusion is detected.
Host-based IDS – Analyses log files, file system modifications and event logs
Network IDS – Monitors activity across the network
Unnecessary services on the OS
Most operating systems will run services that are not necessary to their function, and are not required for the operation of the IP PBX. These unnecessary services should be disabled and steps should be taken to identify any security vulnerabilities.
Keeping the OS up to date
Operating systems generally have automated security updates and are patched regularly to remove security flaws. Ensure you have these updates enabled.
Keeping you IP phone up to date
IP phone firmware updates include security updates when the need for one arises. 3CX maintenance renewal includes all firmware and security updates for your 3CX phone system, taking the hassle and stress out of remembering to update your IP phone.
