Securing VitalPBX is essential for all of our partners and users, that is why we have decided to make the ultimate guide on how to do it.
One of the most common environments where the PBX are being installed nowadays is in the Cloud (VPS), due that it is economic, that we don’t have to worry about issues with the hard disk or the internet, etc. But one of the major problems of installing our PBX systems in the cloud is the SIP scanners that automatically scan all the network searching for SIP servers to attack them and try to find vulnerabilities.
So, the question is, how can we protect our PBX? Well, there are different ways, some are simpler than others and more efficient. Coming up we will list the ways we can protect our PBX. These procedures can also be applied to your local PBX, so don’t worry, the cloud is not necessary to apply them.
Read our tutorials and guides on how to implement new tools and technologies for your business with VitalPBX here.
Change the Default Ports
This is the most simple and quick way of protect our PBX, we can change the ports for others that are less common. The disadvantage of this method is that many SIP providers do not allow port 5060 to be exchanged for another one.
Define A Specific IP Address for the SIP/IAX2/PJSIP Devices
Another way to protect our PBX is to define an specific IP or network address for our devices, thus allowing only trusted devices to connect to our PBX. This is a method that although very simple and effective, will only work if we know the IP or the complete network of the devices, thus removing the flexibility that end users use dynamic IP addresses.
This is by far the best method to secure our PBX, for its simplicity, flexibility, efficiency, and high level of security. With this method there will be no need to worry about dynamic IP addresses, since each of the end users will have the necessary files to configure and authenticate their devices.
Although it may be a little complex for end users to configure their devices with this method, there are a series of posts, where step by step it is explained how to configure both the VPN server and its clients:
In addition, with this method you can eliminate in a large percentage the vulnerabilities of your system, since you can close all ports if necessary, except for the OpenVPN port, and only allow connections through the VPN. However, for any contingency, we recommend leaving at least the SSH port and the HTTP port open.Now, if we close all the ports, how do we connect to our VoIP provider ?. Well, the only thing that we will have to do in this case, will be to allow the IP / Domain of our provider in the firewall with the desired ports.
Although it is a commercial module, it is very cheap, and it is worth investing in something that protects your PBX from brute force attacks, toll fraud, and prevents that potential attackers listening in on conversations, etc. This module will save you a lot of money and many headaches. If you wish to acquire a license for the OpenVPN module, go to the VitalPBX virtual store at the following link: VPBX Store
Learn more about VitalPBX, our services and how we can help you achieve your goals in our official website.