Recently, various attacks against VoIP voice gateway devices have frequently occurred, causing many troubles and economic losses to customers. In order to further prevent the VOIP Voice Gateway from being compromised by a network attack or attack, the network technology provides several preventive measures for the security of the voice gateway device, ask the customer to take measures to prevent the security of the voice gateway device.
1.1 Login Password Management
Strengthen the maintenance and management of the device login password. After the device debugging is complete, change the device login password in time, so that irrelevant personnel are not allowed to enter the device to modify the data at will. When configuring a user password, we recommend that you make the password configuration more complex, such as numbers, uppercase/lowercase letters, and special strings.
1.2 firewall settings
To enhance the network security of ip pbx, we recommend that you enable the firewall function. Disable the remote device management function, enable the disable ping function, and add the IP addresses that have business contact with the device to the firewall white list.
1.3 user permission Control
To Prevent Users From hacking and making phone calls, the customer tries to configure extension permissions based on the actual situation. For example, if a user calls only the local business, you can set the local permission for the extension. If the user calls only the domestic long-distance business, you can set the domestic long-distance permission for the extension.
1.4 extension single call Duration Control
It is recommended that you set the single-Call duration parameter of the Extension Based on your business needs when configuring the extension to reduce the risk of costly hacking.
1.5 global call Duration Control
We recommend that you set the system call duration parameters based on the company's telephone business conditions when configuring the data to reduce the risk of generating huge volumes of phone fees during hacking.
1.6 SIP port settings
We recommend that you do not place the ip pbx device on the Internet. If the device must be on the internet, we recommend that you modify the SIP protocol port (5060 by default) of the device to minimize the chances of scanning and locating the device.
1.7 SIP user settings
If there is no need for a SIP user on the PBX, do not add a SIP user. If you must configure a SIP user, you must set the security of the SIP user account. The extension number must be set differently from the registered account; The extension permission must be set; the registration password must be complicated; the IP addresses allowed for registration of the SIP account should be configured; and the maximum number of calls of the SIP account should be set.
1.8 anti-sip dos attack settings
To prevent hacker attacks, the ip pbx adds the anti-sip dos attack function to the device, which increases the security of the ip pbx. The SIP account initiates a registration request to the ip pbx. If the number of failed registration attempts for the same IP address reaches the maximum value within the specified period, the Host IP address of the SIP account is put into the gray list and temporarily locked, release after timeout. If the IP address reaches the specified number of locks in a specified period, the IP address is blacklisted by the firewall. The ip pbx does not respond to the registration request initiated by the IP address. To enable this function, make sure that the firewall is enabled.
1.9 protection for VOIP Communication
The security of the VOIP voice gateway device on the Internet is not guaranteed. We recommend that you provide professional VPN (Virtual Private channel) to protect the VOIP communication, this reduces the risk of hacker attacks and the probability of SIP users being stolen, thus protecting the security of VOIP communication.