Protect your SIP VoIP system (Asterisk, Trixbox, Digium, etc) from intrusion and abuse

JohnMHoyt Business, Connectivity, Fun Stuff, Linux, Microsoft, security, Technology, VoIP (Voice over IP) 1 Comment

Do you have a SIP Voice over IP system in use at your business? Then you may want to take a couple minutes to read this…Security Padlock

It seems that many of these systems are being setup without any consideration for security at all. Leaving the potential for a malicious person to do things such as attack your system by sending a DoS flood to it, or even to make phone calls from your VoIP system! (This is referred to as “Toll Fraud”)

So how do you protect yourself? The best thing to do is to cut off access to your VoIP server via a firewall. If you don’t need access to something, disable it.

Try not to put your VoIP system in the DMZ (De-Militarized Zone) that offers no protection.

The most obvious way into your system is via the web configuration, usually on port 80. If that is wide open and default passwords are in use, a person could log into your box, add extensions, voice mail, etc. So be sure to change your default passwords and disable access to the machine from outside, unless you NEED access from outside, and then if that is the case, setup your firewall to allow connections ONLY from specific IP addresses you use.

The standard SIP port of 5060 is another gaping hole. If you must have SIP open to the outside world, consider changing the port from the default to something else so it doesn’t easily show up on the radar of people who might be doing port scans. You could also set your firewall to only allow connections from known outside IP addresses.

Either of those options can help prevent a SIP flood which could make your VoIP system unusable.

The SIP extensions probably have default passwords when you create those, depending upon which VoIP system you are using. Do not be tempted to use easy passwords…

One of the best ways to protect your SIP VoIP system is to use a VPN connection from any location that will be connecting to your main site. Cisco SPA 525g phones have the capability built-in to connect via VPN, making them a great phone to deploy to those who work out of their home.

If you would like further information, please call 864.990.4748 or email info@homelandsecureit.com. We sell Cisco, Polycom, Digium and other VoIP systems, phones and components, and offer consultation, installation and service in the Greenville / Upstate SC area.

Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Add to favorites
  • email
  • PDF
  • Posterous
  • Reddit
  • RSS
  • StumbleUpon
  • Twitter

Comments 1

  1. Post
    Author

Leave a Reply

Your email address will not be published. Required fields are marked *