Ready To Connect, But Is Your IP PBX Secure?

Contributed By a PR Manager at 3CX

With the emergence of IP telephony in recent years, VoIP in the workplace is becoming something of the norm. Unified communications can be found in use throughout the business world, uniting branch offices across the globe, creating consolidated business platforms.

VoIP and IP PBXs bring multiple benefits to businesses, from slashing telco costs, increasing productivity to boosting overall efficiency within the workplace. However, where there are pros there are almost always cons. PBX and VoIP hacking is increasingly becoming a problem for CIOs. It was reported in 2013 by the Communications Fraud Control Association (CFCA) that PBX and VoIP hacking generated recovery costs of over $8 billion.

It’s apparent that vendors and users need to become more attentive in regards to the potential risks involved when using IP for communications and actively undertake precautions to prevent being hacked. Commonly, resellers and end-users avoid outdated distributions as they are notoriously known for their lack of updates, posing high security risks which could even extend to the rest of the network. However, apart from avoiding flakey IP PBX systems and setting up a stream of strong passwords, how else can IP PBXs be protected?

Protect Your OS and PBX from the Get Go

Disable all unnecessary services that your IP PBX does not require to run. Many systems that run additional irrelevant services to the IP PBX functionality. Another strategy that many could undertake to protect their OS is to make small amendments to the base of it thus making it more resilient; like in the case of Windows, disabling LM and NTLM v1, unless there is a need for backwards compatibility.

Monitor System/Network Usage

Commonly, network instructions and hacks will often occur by the way of suspicious increased system and network activity. To monitor your usage, the administrator can keep an eye on peak times by using useful softwares to determine if traffic and system activity is a real security threat or merely a case of high usage.

Implement SRTP & VoIP Anti Hacking Security

Ensure that your PBX uses SRTP (Secure Real–time transport protocol) to encrypt data exchanged, to prevent exposure to the network. You can further safeguard your PBX by including additional built-in VoIP Anti Hacking Security settings put in place for Secure SIP, multiple configurable anti-hacking settings and IP Blacklisting.

Make Use of an Intrusion Detection Software

When it comes to VoIP security, enforcing precautionary measures is the first step to a secure PBX. To get the full effect, implementing a host-based intrusion detection software (HIDS) can assist administrators to monitor the possibility of attacks through assessing log files, event logs and file system modifications.

And There Is also the Network Intrusion Detection System

Additionally, a network intrusion detection system or NIDS can be implemented as well. NIDS reveals invasions though the network; for example, like that of Snort. Snort is a free NIDS that can be deployed to regularly audit the network for intrusions and generate notifications when they occur.

KISS: Keep It Simple, Stupid

Taking on a segregated approach contributes to the simplification of complicated networks. Security is improved by separating networks since the segregation of networks increases overall performance. Any attacks or intrusions that do occur stay localized within its respective network compartment without jeopardizing other parts of the the same network.

Limit Your Exposure to Untrustworthy Networks

In most cases it’s unnecessary to place VoIP phones and PBX directly on the internet since they can be placed behind a firewall. Placing VoIP appliances behind a firewall prevents VoIP spam, or SPIT, amongst other online attacks after VoIP phones. 

Keep Security and Version Updates Current

Security updates are a vital part of protecting oneself online therefore the OS in which the PBX software runs should be updated regularly. Keeping on top of security updates can become cumbersome therefore it’s imperative that resellers provide assistance in terms of selecting a PBX that runs on the same OS that the business already uses. Taking this approach can further ensure that the end-users are indeed maintaining and updating their operating system regularly.

What’s more, software updates are just as important as security updates. Unfortunately, software updates are often overlooked and their importance discounted. Consumers tend to remain with older software versions believing that they are cutting costs, but in actual fact security risks are greatly increased when older versions are left unmaintained.

Don’t Forget about Your Phone’s Firmware

While you are taking all the necessary precautions to protect OS, don’t forget about protecting your hardware SIP Phones. If your firmware is not up to date, hackers could potentially turn the SIP phone into a listening device. So to protect yourself from such hacks, ensure that your phone’s firmware is up to date in order to reduce the risk of attacks via your hardware.

As important it is for the OS where the PBX is deployed to be secure, the same also applies for the PBX software itself. Fortunately, the vast majority of mainstream PBX developers and resellers make security a top priority. Users should expect resellers to assist them in selecting a PBX that is able to cater to their own security requirements. In short, telecommunication resellers’ roles should not only extend to selling software and hardware but to also provide users with effective solutions to run a safe and protected unified communications solution.