The rise of remote work has brought opportunities to hackers. VoIP Supply and 3CX co-host a monthly webinar to help our 3CXresellers stay on top of the latest updates/ This month, we focused on the measures you can take to secure your phone system! Let’s take a quick glance at the eight actions you can take immediately:
Download our 3CX webinar presentation slides to learn more!
Snom also joined us to talk about their D120 and D7XX Series IP Phones and more. Click here to see the slides.
Setting up your SIP authentication is the first step! The default setting requires a random 10 character alphanumeric SIP ID and password; however, you can secure further with more characters (up to 50)
Do you have PIN numbers for your voicemail? One you enable the default setting, you can set up a random 4-digits of numeric PIN and the system gives you 3 failed attempts. If you don’t need voicemail at all, it’s better to disable the function.
You can also make your voicemail more secure by increasing the PIN digit length (up to 10)
Check out more security settings you can change to protect your system here:
Set allowed country codes to specify to which countries your calls are allowed to be made. Follow these steps:
→ Settings → Security → Allowed Country Codes
→ Specifies to which countries calls are allowed to be made
→ Uses International Dialing Code from E164 settings
→ Match after Outbound Rule reformatting
→ Must match exactly to be effective
→ Settings → Security → Secure SIP
→ Certificates pre-configured for 3CX FQDNs
→ Provision telephones in sSIP mode (Manually)
→ Attention: Secure SIP uses TCP port 5061 (Default)
→ Extension → Phone Provisioning → SIP Transport = TLS
→ from and to an active extension
→ Using crypto keys
→ Must be activated on Extension & IP Phone (useless without sSIP)
→ Enable sRTP via the Web UI of Phones
→ RTP Mode = Only Secure
There are more anti-hacking actions you can take:
→ Specify the amount of failed Authentication Attempts
→ Once Exceeded → Blacklisted
○ Default → 25 attempts
You can also secure your system further by reducing the number of attempts allowed (min 3). Just be careful that reducing too much may cause legitimate extensions to be Blacklisted!
→ Specify the amount of Unchallenged 407 Authentication Requests
→ Once Exceeded → Blacklisted
The default gives you 1000 attempts but again, you can alter this number to reduce attempts allowed (min 100).
→ Below Amber = no action
→ Amber Barrier reached = 5 seconds (throttling)
→ Red Barrier reached = Blacklist interval
→ Once IP is Blacklisted by Anti-Hacking Options
→ Remains Blacklisted for the number of seconds specified
The default number is 86400 s (24 hrs). You can increase value upto a maximum of 1,000,000,000 s (~11,574 days or 31.7 years).
Block out unwanted guests by adding their IP address to a blacklist:
→ Dashboard → IP Blacklist
○ When Anti-Hacking criteria are met
→ IPs of ‘perpetrators’ are added
→ Default Global Blacklist Time Interval
You may also manually set up the Blacklist / Whitelist IPs to deny and/or allow certain IPs.
Ready to learn more? Download our Presentation Slides to Learn More Do’s and Don’ts! Visit our 3CX product pages or visit VoIPSupply’s 3CX Page to get more information.
Don’t forget to register for our next 3CX reseller webinar! Click here to register today.
Remember Back to the Future II? I loved that movie because they traveled into the…
https://youtu.be/qsNO-fZdY3U?si=1A2biOpTwvHG-wiB In the latest episode of SIP Chats, host Brian Hyrek sits down with Sharath…
https://youtu.be/a--L6ZF9iAw VoIP Supply’s November VoIP News Update: Exciting New Tools, Upcoming Releases, and Giving Back…
Wireless internet? I remember sharing computer time with my siblings to wait 10 minutes for…
https://youtu.be/0Oxom_f47EE If you missed this webinar, then don't worry, the recording has arrived! This webinar…
Ensuring seamless VoIP connectivity across vast areas can be challenging if you're managing a large…