Categories: VoIP Systems

8 Actions to Secure Your Phone System with 3CX

The rise of remote work has brought opportunities to hackers. VoIP Supply and 3CX co-host a monthly webinar to help our 3CXresellers stay on top of the latest updates/ This month, we focused on the measures you can take to secure your phone system! Let’s take a quick glance at the eight actions you can take immediately:

Download our 3CX webinar presentation slides to learn more!

Snom also joined us to talk about their D120 and D7XX Series IP Phones and more. Click here to see the slides.

#1 SIP Authentication 

Setting up your SIP authentication is the first step! The default setting requires a random 10 character alphanumeric SIP ID and password; however, you can secure further with more characters (up to 50) 

#2 Extension Security: Voicemail PIN 

Do you have PIN numbers for your voicemail? One you enable the default setting, you can set up a random 4-digits of numeric PIN and the system gives you 3 failed attempts. If you don’t need voicemail at all, it’s better to disable the function. 

You can also make your voicemail more secure by increasing the PIN digit length (up to 10)

#3 Extension Security: Security Settings 

Check out more security settings you can change to protect your system here:

  • Disable Extension for unused extensions 
  • Disable External calls. Only internal calls possible 
  •  PIN Protect. Allow external calls only after entry of Voicemail PIN (Example: 777) 
  • Prevent extensions from REGISTERing from outside the Local LAN 
  • Prevent Apps from connecting from external locations through the tunnel 
  • Block outbound calls outside office hours. Cleaners etc

#4 Allowed Country Codes 

Set allowed country codes to specify to which countries your calls are allowed to be made. Follow these steps:

→ Settings → Security → Allowed Country Codes 

→ Specifies to which countries calls are allowed to be made 

→ Uses International Dialing Code from E164 settings

→ Match after Outbound Rule reformatting 

→ Must match exactly to be effective

#5 Configure Secure SIP 

→ Settings → Security → Secure SIP 

→ Certificates pre-configured for 3CX FQDNs 

→ Provision telephones in sSIP mode (Manually) 

→ Attention: Secure SIP uses TCP port 5061 (Default) 

  • 3CX App for Windows 

→ Extension → Phone Provisioning → SIP Transport = TLS

#6 SRTP 

  • Encryption of audio streams (RTP) 

→ from and to an active extension 

→ Using crypto keys 

→ Must be activated on Extension & IP Phone (useless without sSIP) 

  • Setup of sRTP IP Phones 

→ Enable sRTP via the Web UI of Phones 

  • 3CX App for Windows 

→ RTP Mode = Only Secure

#7 Anti-Hacking Options 

There are more anti-hacking actions you can take:

  • Failed Authentication Protection 

→ Specify the amount of failed Authentication Attempts

→ Once Exceeded → Blacklisted 

○ Default → 25 attempts 

You can also secure your system further by reducing the number of attempts allowed (min 3). Just be careful that reducing too much may cause legitimate extensions to be Blacklisted!

  • Failed Challenge Requests 

→ Specify the amount of Unchallenged 407 Authentication Requests 

→ Once Exceeded → Blacklisted 

The default gives you 1000 attempts but again, you can alter this number to reduce attempts allowed (min 100).

  • Protects against packet floods 
  • Split into 3 levels/barriers 

→ Below Amber = no action 

→ Amber Barrier reached = 5 seconds (throttling) 

→ Red Barrier reached = Blacklist interval 

  • Blacklist Time Interval 

→ Once IP is Blacklisted by Anti-Hacking Options 

→ Remains Blacklisted for the number of seconds specified 

The default number is 86400 s (24 hrs). You can increase value upto a maximum of 1,000,000,000 s (~11,574 days or 31.7 years).

#8 IP Blacklist 

Block out unwanted guests by adding their IP address to a blacklist:

→ Dashboard → IP Blacklist 

○ When Anti-Hacking criteria are met 

→ IPs of ‘perpetrators’ are added 

→ Default Global Blacklist Time Interval 

You may also manually set up the Blacklist / Whitelist IPs to deny and/or allow certain IPs.

Ready to learn more? Download our Presentation Slides to Learn More Do’s and Don’ts! Visit our 3CX product pages or visit VoIPSupply’s 3CX Page to get more information.

Don’t forget to register for our next 3CX reseller webinar! Click here to register today.

Ying-Hui Chen

Ying-Hui ( Evy), has been working at VoIP Supply since November 2015. She is currently working in the Marketing Department helping with market research, SEO analysis/ tracking, email marketing and blogs. Connect with her on LinkedIn.

Share
Published by
Ying-Hui Chen
Tags: 3CXSnom

Recent Posts

How to Prepare Your VoIP Systems for 2025

Remember Back to the Future II? I loved that movie because they traveled into the…

1 day ago

SIP Chats: Sharath Abraham of Jabra – Panacast 50, BYOD Solutions, and More!

https://youtu.be/qsNO-fZdY3U?si=1A2biOpTwvHG-wiB In the latest episode of SIP Chats, host Brian Hyrek sits down with Sharath…

2 days ago

Watch Now: 2024 November VoIP News Update

https://youtu.be/a--L6ZF9iAw VoIP Supply’s November VoIP News Update: Exciting New Tools, Upcoming Releases, and Giving Back…

6 days ago

Q&A: Wi-Fi 6 vs. Wi-Fi 5: What’s the Real Difference for Everyday Users?

Wireless internet? I remember sharing computer time with my siblings to wait 10 minutes for…

1 week ago

Fanvil FCMS Smart Proporty Solutions Webinar | November 2024

https://youtu.be/0Oxom_f47EE If you missed this webinar, then don't worry, the recording has arrived! This webinar…

2 weeks ago

How To: Extend Your DECT Range for Wireless VoIP Phones – Tips for Large Office Spaces

Ensuring seamless VoIP connectivity across vast areas can be challenging if you're managing a large…

2 weeks ago