Limit access to SIP service authentication!!!

freePBX server secured configuration

Change your passwords

password

Administrator and other users should have strong, alphanumeric password,  using both upper and lower case, combined with random chars. There are various web-based and software tools for password generation. Use password manager like KeePass (free open source) which helps you to store and get it in a secure way. Passwords should not be the same as the username or based on the user's extension. This recommendation for all FreePBX services http, ssh, sip, iax, sql, ftp etc.

Securing SSH Access

secured access

First, it is recommended to change the default SSH port (22) to a different one -  editing sshd_config + reload service. If you have additional firewall the new port should be open for remote access Use public and private key pairs for authentication instead of passwords. You can use ssh-keygen tool for this purpose. On the other hand, you can disable remote ssh login (from internet or other networks) and keep it opened only from local network access.

Integrated FreePBX Security

firewall freepbx

Fail2Ban is a free utilitiy which looks at log files for records of failures (to register, etc.) and then add their source IP to IPtables - generic firewall included with Linux. IPTables is a great add-on to a larger security solution. You can add static rules for every potential source or build more strong rules against bots and scanners like: "-A INPUT -m string --string "friendly-scanner" --algo bm -j drop". Sip Systems recommends an additional tool for secured configuration is FreePBX server built-in Firewall that created by security professionals, with deep understanding of the issues SIP pbx servers, other VoIP protocols and spread pbx server hardware



Perimeter Security

freepbx security

Place your server on local network behind firewall with Network Address Translation (NAT). NAT gives private IP Address and makes it much more difficult to gain access to from the internet. Restrict remote access to your FreePBX server to specific IP addresses (SIP providers, branch offices, remote workers etc.). Also we  recommend setup VPN service for remote access - you can ask your hosting provider or configure it on local Network. Hardware firewalls typically provide much more security than software firewalls that cannot be just as effective and much cheaper or free.

news from Sip Systems

Sign up to hear from us about special offers and actual VoIP market information