What You Don’t Know Can Hurt You
When IT thinks about information security, VoIP is not usually the first thing that comes to mind. Then consider the reality that network security itself is just one of many priorities for IT to manage. We know that IT is under growing pressure to do more with less, and for all these reasons it’s not surprising that the topic of VoIP security may be difficult to get on your radar. If I can just hold your attention here for a few minutes, I’m hopeful that can change, and you’ll be better for it. For a host of reasons, IT devotes considerable resources to data security, and you are no doubt familiar with the threats posed to your network. You would be correct to say that security efforts are never enough and with new threats emerging all the time, IT has to be ever vigilant. Without trying to add to this stress, some of the greatest risks facing your network come from VoIP, even if you’ve been using it for a while.
Chances are, when you first deployed VoIP, the main driver was cost savings. Depending on the degree of savings, and possibly some strategic issues that made this a must-do move, more attention was paid to the benefits and little to the potential risks. A key reason would be the inclination to view VoIP as telephony – and only telephony. In literal terms, that is absolutely true. After all, you’re deploying VoIP for that purpose, and even if just doing a partial roll-out, the long-term plan is to fully migrate away from the PSTN. The cost savings may be attractive, but even more so is the prospect of network convergence. When the telephony infrastructure is totally VoIP, voice runs over the same network as all your data, creating a ripple effect of operational efficiencies. Aside from having a more streamlined IT environment to manage, you get an additional layer of cost savings by collapsing two separate networks into one.
With all that considered, the decision is pretty compelling, but it’s easy to lose sight of the fact that VoIP is also data. Given the long history you’ve likely had with TDM, the associations of telephony being voice, and a service that runs independently from your data network may make it hard to think of telephony in any other way.
Conversely, anyone steeped in the Internet – and especially if only having a limited history with the PSTN – will have an easier time seeing VoIP as just another application in your data network. That may be an accurate statement, but Sip Systems research indicates the opposite to be the norm, and that is where the security challenges arise with VoIP technology.
FREEPBX SERVER SECURED CONFIGURATION
Change your passwords
Administrator and other users should have strong, alphanumeric password, using both upper and lower case, combined with random chars. There are various web-based and software tools for password generation. Use password manager like KeePass (free open source) which helps you to store and get it in a secure way. Passwords should not be the same as the username or based on the user’s extension. This recommendation for all FreePBX services http, ssh, sip, iax, sql, ftp etc.
Securing SSH Access
First, it is recommended to change the default SSH port (22) to a different one – editing sshd_config + reload service. If you have additional firewall the new port should be open for remote access Use public and private key pairs for authentication instead of passwords. You can use ssh-keygen tool for this purpose. On the other hand, you can disable remote ssh login (from internet or other networks) and keep it opened only from local network access.
Integrated FreePBX Security
Fail2Ban is a free utilitiy which looks at log files for records of failures (to register, etc.) and then add their source IP to IPtables – generic firewall included with Linux. IPTables is a great add-on to a larger security solution. You can add static rules for every potential source or build more strong rules against bots and scanners like: “-A INPUT -m string –string “friendly-scanner” –algo bm -j drop”. Additional tool for secured configuration is FreePBX server built-in Firewall that created by security professionals, with deep understanding of the issues SIP pbx servers, other VoIP protocols and spread pbx server hardware
Place your server on local network behind firewall with Network Address Translation (NAT). NAT gives private IP Address and makes it much more difficult to gain access to from the internet. Restrict remote access to your FreePBX server to specific IP addresses (SIP providers, branch offices, remote workers etc.). Also we recommend setup VPN service for remote access – you can ask your hosting provider or configure it on local Network. Hardware firewalls typically provide much more security than software firewalls that cannot be just as effective and much cheaper or free.
Critical security issues for server virtualization
Virtualization is a wonderful thanks to build higher use of existing IT resources however utilizing them for multiple tasks. It additionally permits for hardware and package to be additional abstracted in order that hardware compatibilities abate of a difficulty. Virtual machines are extremely specialized since a complete physical box doesn’t ought to be allotted for it. This reduces potential conflicts of running multiple applications on one server and minimizes the impact of changes or upgrades. Virtualization affords to small and medium business deploy all required IT infrastructure using only few physical servers or one server only. There are some popular platforms that provide the most effective resource sharing like CPU power and RAM memory. For this purpose Sip Systems highly recommend VMware products or the best, for our opinion, open source solution for running VMs and deployment VoIP infrastructure is Proxmox. This technology widely used by our business partners, local VoIP providers or traffic resellers.
However, virtualization presents a brand-new set of risks to organizations adopting it and it’s important to bear in mind of risks and data security risk management methods once implementing a virtualization strategy.
Critical security issues include:
· Securing virtual exhausting disks
· Reducing the attack surface for hosts
· Classifying virtual machines
· Involving data security personnel throughout the lifecycle
· Segment traffic for administration and storage
SIGNUP TO HEAR FROM US ABOUT SPECIAL OFFERS AND BLOG UPDATES
VoIP market information, technology updates and new trends, cryptocurrency and financial news, legal pages and articles, business solutions and more …