Categories: VoIP Systems

8 Actions to Secure Your Phone System with 3CX

The rise of remote work has brought opportunities to hackers. VoIP Supply and 3CX co-host a monthly webinar to help our 3CXresellers stay on top of the latest updates/ This month, we focused on the measures you can take to secure your phone system! Let’s take a quick glance at the eight actions you can take immediately:

Download our 3CX webinar presentation slides to learn more!

Snom also joined us to talk about their D120 and D7XX Series IP Phones and more. Click here to see the slides.

#1 SIP Authentication 

Setting up your SIP authentication is the first step! The default setting requires a random 10 character alphanumeric SIP ID and password; however, you can secure further with more characters (up to 50) 

#2 Extension Security: Voicemail PIN 

Do you have PIN numbers for your voicemail? One you enable the default setting, you can set up a random 4-digits of numeric PIN and the system gives you 3 failed attempts. If you don’t need voicemail at all, it’s better to disable the function. 

You can also make your voicemail more secure by increasing the PIN digit length (up to 10)

#3 Extension Security: Security Settings 

Check out more security settings you can change to protect your system here:

  • Disable Extension for unused extensions 
  • Disable External calls. Only internal calls possible 
  •  PIN Protect. Allow external calls only after entry of Voicemail PIN (Example: 777) 
  • Prevent extensions from REGISTERing from outside the Local LAN 
  • Prevent Apps from connecting from external locations through the tunnel 
  • Block outbound calls outside office hours. Cleaners etc

#4 Allowed Country Codes 

Set allowed country codes to specify to which countries your calls are allowed to be made. Follow these steps:

→ Settings → Security → Allowed Country Codes 

→ Specifies to which countries calls are allowed to be made 

→ Uses International Dialing Code from E164 settings

→ Match after Outbound Rule reformatting 

→ Must match exactly to be effective

#5 Configure Secure SIP 

→ Settings → Security → Secure SIP 

→ Certificates pre-configured for 3CX FQDNs 

→ Provision telephones in sSIP mode (Manually) 

→ Attention: Secure SIP uses TCP port 5061 (Default) 

  • 3CX App for Windows 

→ Extension → Phone Provisioning → SIP Transport = TLS

#6 SRTP 

  • Encryption of audio streams (RTP) 

→ from and to an active extension 

→ Using crypto keys 

→ Must be activated on Extension & IP Phone (useless without sSIP) 

  • Setup of sRTP IP Phones 

→ Enable sRTP via the Web UI of Phones 

  • 3CX App for Windows 

→ RTP Mode = Only Secure

#7 Anti-Hacking Options 

There are more anti-hacking actions you can take:

  • Failed Authentication Protection 

→ Specify the amount of failed Authentication Attempts

→ Once Exceeded → Blacklisted 

○ Default → 25 attempts 

You can also secure your system further by reducing the number of attempts allowed (min 3). Just be careful that reducing too much may cause legitimate extensions to be Blacklisted!

  • Failed Challenge Requests 

→ Specify the amount of Unchallenged 407 Authentication Requests 

→ Once Exceeded → Blacklisted 

The default gives you 1000 attempts but again, you can alter this number to reduce attempts allowed (min 100).

  • Protects against packet floods 
  • Split into 3 levels/barriers 

→ Below Amber = no action 

→ Amber Barrier reached = 5 seconds (throttling) 

→ Red Barrier reached = Blacklist interval 

  • Blacklist Time Interval 

→ Once IP is Blacklisted by Anti-Hacking Options 

→ Remains Blacklisted for the number of seconds specified 

The default number is 86400 s (24 hrs). You can increase value upto a maximum of 1,000,000,000 s (~11,574 days or 31.7 years).

#8 IP Blacklist 

Block out unwanted guests by adding their IP address to a blacklist:

→ Dashboard → IP Blacklist 

○ When Anti-Hacking criteria are met 

→ IPs of ‘perpetrators’ are added 

→ Default Global Blacklist Time Interval 

You may also manually set up the Blacklist / Whitelist IPs to deny and/or allow certain IPs.

Ready to learn more? Download our Presentation Slides to Learn More Do’s and Don’ts! Visit our 3CX product pages or visit VoIPSupply’s 3CX Page to get more information.

Don’t forget to register for our next 3CX reseller webinar! Click here to register today.

Ying-Hui Chen

Ying-Hui ( Evy), has been working at VoIP Supply since November 2015. She is currently working in the Marketing Department helping with market research, SEO analysis/ tracking, email marketing and blogs. Connect with her on LinkedIn.

Share
Published by
Ying-Hui Chen
Tags: 3CXSnom

Recent Posts

Watch Now: 2025 February VoIP News Update

https://youtu.be/N-lzdnATPgk?si=DSbuMOrj16Vm4B1v Your February VoIP News Update is here! up first this month is the brand-new…

2 days ago

LINKVIL by Fanvil W610H & W710H IPCT Multi-Cell Solution Webinar

https://youtu.be/n5ixmNJo62A?si=iJZ9FBON2586xgpG It's time to unleash mobility with LINKVIL by Fanvil's new multi-cell solution! This webinar…

3 days ago

How To: Upgrade & Save Money on IP Paging in Educational Environments

Before I was in digital marketing, I was a teacher. For 7/12 years I taught…

2 weeks ago

Snom D815 SIP Phone Product Feature Video & How to Connect to WiFi

https://youtu.be/kHJZnDYyQQ8?si=2ZLrtFUrnnidxWoq See the Snom D815 SIP Phone like never before in this exclusive Product Feature…

3 weeks ago

AudioCodes SBCs Receive FIPS 140-3 Certification: A Milestone in Secure Communications

AudioCodes Session Border Controllers (SBCs) have achieved a significant milestone by obtaining the FIPS 140-3…

4 weeks ago

Introducing Fanvil V66 Pro & V62 Pro: The Future of Flexibility with Bluetooth Cordless Handsets Webinar

https://youtu.be/i7c5v_wGpAY?si=wD9KrJ9gHXfUXjH2 Sit back, relax, and learn everything you need to know about the new Fanvil…

4 weeks ago