If you are not the person in charge of security for your phone system please forward this message on to the responsible party. You are receiving this message because you are in our database as a customer, a potential customer that has or is testing our service, or a partner.
Security is important. We lock doors, use alarm systems, set passwords and change them regularly.
The same safeguards apply to phone systems, whether traditional or VoIP-based. Unless your phone system is protected, unauthorized calls can be placed. These breaches can be expensive, running several thousand dollars per day.
Here are guidelines to protect you from fraud and abuse. Please note that these suggestions are not exhaustive and may be updated from time to time.
DO:
- Set your IP-PBX so that it accepts connections ONLY from on-site phones and specific IP addresses.
- Use strong passwords (see above) and MD5 authentication or public/private keys.
- Configure SIP proxies and firewalls with access lists to prevent access from unauthorized IP address blocks.
- If you connect other SIP devices through your switch, change usernames and passwords for those connected devices when the user leaves or becomes de-authorized.
- Change passwords routinely on these remote connected accounts.
- Review your call records to be sure that your traffic is what you expect from your normal business use.
DON'T:
- Share SIP account passwords and device configuration passwords with anyone.
- Let external users redial from your PBX. This is a common exploit that has been used on phone systems for many years.
- Allow external access to the management portal of your phone system.
It is also important to secure other services on your IP-PBX system. Services like HTTP, FTP, and SSH are commonly exploited and should be tightly restricted. Phone systems should be behind firewalls, and SIP proxy services should be used to pass traffic between external and internal systems.
To assist in securing your network and your IP-PBX, the following are the address blocks allocated to Voxitas. All SIP signaling (and in most cases all RTP traffic) will come from these blocks ONLY:
206.80.64.0/19 and 209.40.224.0/19
FINALLY:
- Please contact your PBX vendor to discuss the security of your system. We are happy to work with them and answer any questions you or they may have.
- Please remember that you are responsible if your PBX system is improperly used. We will bill you for calls that originate from your PBX, whether or not you have authorized them.
- It is a good idea to check with your insurance providers to make sure you will be covered in case of fraud.
- We will start sending you notices when our system sees unusual termination patterns. However, these will not be definitive. Your best approach is to regularly check your usage.
