Even when Voice over IP telephony opens up the door to incredible new features while reducing telephone costs, it does the same to VoIP security threats and attacks; while to hack conventional fixed lines you need physical access, is not like that in the All-IP world. So, how is VoIP security with Elastix?
There’s a huge number of possible VoIP attacks, for instance:
- Brute Force attacks
- DoS – Denial of Service
- Invite Floods (DOS)
- Dictionary Attacks
- Passwords Crackers (SIP Crack)
- Listen to VoIP Calls
- RTP Injection / RTP Flood
Bulletproof VoIP Security with Elastix
The good news is that you are protected. Elastix comes out-of-the-box with inbuilt bulletproof features like:
- Automatic generation and management of SSL certificates:
- Provisioning of phones via HTTPS
- Connections to client and console via SSL
- A+ rating from SSL lab.
- Encryption of Voice Traffic via SRTP
- All traffic to clients and via SBC is encrypted
- More secure web server configuration
- Detection and auto blacklisting of SIP Attack tools
- And more…
Best practices when choosing a secure password
Using a good password can save a lot of problems, most of them are incredibly expensive. As a recommendation, a good password must be long, strings with uppercase and lowercase letters, special characters and numbers.
Worst passwords are the ones including, for example, the same extension number, the classic admin/admin, admin123 or to use the same password for everything. So make sure to choose a strong password.
Extensions in Elastix are secured by automatically generated random alphanumeric strings. But not only extensions are classic entry points for hackers. The voicemail function is also backed up. If attackers enter the voicemail PIN incorrectly three times, a 2-minute lock on the PBX is set. Of course this values can be modified and customized trough the web-based management console.
Rules and Anti-fraud prevention
A well-known problem is the misuse of a telephone system for expensive international calls, kidnapping the POTS lines or/and SIP trunks. Usually it happens that the attack is not noticed until the arrival of a hefty bill.
As part of the VoIP security tools included in Elastix to protect you against this fraud, you can specify permissible country codes to allow calls and block outgoing calls to countries that most likely only one intruder would call.
Incorporated anti-hacking tools, also offers a variety of ways to block dangerous (or suspicious) IP addresses (IP blacklisting). For example, you can set the number of unanswered 407 authorization requests to block an IP address. Also, you can identify attackers per second based on the packets sent and block them for different time periods. You can also manually block a range of IP addresses, but you should be careful because very large areas of blocked IPs can cause complications with trusted incoming traffic.
Secure your Telephone System
It is recommended to consider the security already when setting up any telephone system, in order to avoid later security holes. But, no size fits all, in other words there is not absolute solution for all users, admins should segregate the system where possible. Not only this can simplify to work with a complex system, but to ensure that possible weak points remain as local as possible and do not affect the entire system. If voice and data networks have different security requirements, it may be useful to separate them both.
Moreover, the telephone system itself should be located behind a firewall or protected by the local firewall. Strict access rules can help prevent cyber attacks. If you want to connect multiple external extensions, the inbuilt tunnel in Elastix performs a similar function to a VPN, but easier to set up, without the hassle of server setups, network problems (one way audio), NAT traversal issues and minimizing firewall configuration.
In the VoIP world, it is vital to worry about security and foreseen possible security problems. A PBX system like Elastix with a little know-how setup, can help both administrators and users to secure their communications so you can be sure that your VoIP telephony is protected. Elastix has never been as secure and reliable as it is now!