6 Ways to Secure Your PBX

BUSINESS PHONE Jun 22 2021 / 6 min read

Both VoIP and PBX phone systems are susceptible to hacks that can be traced back to simple vulnerabilities that can easily be avoided.

Using the internet means that both these virtual phone systems are susceptible to hacks. This is why after you set up your phone system, you should take a few extra steps to make sure that your system is secure too.

You are not only keeping your own business safe by going through some simple security protocols, but you’re also protecting your clients and customers and maintaining their trust by doing everything you can to keep their information safe and secure.

1. Change your passwords

  • Change any default passwords. Even if these seem secure to you, there’s a reason that your provider will tell you to reset it once you’ve set everything up. This is because default passwords can be made public or be used repeatedly.
  • Choose a good password. Don’t change the default password to something that can be easily guessed (top contenders include ‘password’, ‘123456’, and ‘picture1’ and so on). Instead, make it long, include letters, numbers, and symbols, and avoid the common substitutions (0s instead of Os, 4s instead of As, etc.). Online tools can help you do this.
  • Don’t reuse passwords. Most people tend to overuse their personal passwords almost everywhere because they’re easier to remember. However, this just means that one password database leak can result in all your accounts being compromised.
  • Change your password periodically. It’s recommended that you change your password every 60-90 days for better security.

2. Keep up with software updates

Make sure that you frequently check and update your software to the latest version available. This version will have fewer bugs and weaknesses that can be exploited by hackers than older versions.

The updates can also sometimes include patches to major vulnerabilities identified by other users that you can avoid having to experience if you update.

With more and more updates, older versions also tend to stop supporting certain elements and features, which is another reason you should make you’re up to date, as this can also lead to problems with usage.

3. Don’t set up port-forwarding

Port forwarding is set up usually for remote access to the PBX system. However, this can increase your chances of being hacked as it leaves the system more vulnerable.

Instead, you would be better off using a VPN to let remote devices access the network, as it doesn’t require port forwarding.

If port forwarding is necessary:

  • Limit the number of unsuccessful attempts allowed to access the PBX system
  • Definitely use Fail2ban to protect your servers from brute-force attacks
  • Use non-standard ports

4. Disable international calls

Disable both international calls and other expensive features that you know you won’t be using. This is more damage control than anything else. Once a hacker does gain access to your system, they will probably use it to make and receive international calls.

If you are using your VoIP business phone system to make international calls, make sure that you block calls to countries you won’t be calling.

Regularly monitoring your call logs can also help to spot unauthorized access. However, hackers don’t tend to attack during business hours. You will often find that this kind of stuff happens either after working hours or during holidays and weekends. In this case, you can set up limits on call minutes (if it’s available with your provider) and push notifications for usage limits to try and prevent a silent attack.

Most providers offer advanced call analytics which will allow you to filter through your calls to easily spot unfamiliar calls.

5. Enable NAT (Network Address Translation)

NAT is a feature on your router that gives your PBX devices a private IP address only seen on your Local Area Network (LAN) so that hackers can't see it.

Hackers use tools to scan for systems that don't have NAT enabled, which can include making silent calls so that the hacker knows what device you're using.

6. Identify commonly hacked ports

According to AlertLogic, 65% of hacks are targeted at 3 ports – 20, 80, and 443. You can’t disable all those ports, so we’ll look at what to do with this terrifying statistic.

Port 20 is used to transfer data. Port 80 is used for HTTP connection, and port 443 is the secured HTTPS connection.

Port 80

While port 80 is infamously known as the most dangerous port that should be disabled, it is no worse than other ports. It also doesn’t mean that disabling it would make your server more secure. The best thing to do is to leave port 80 open but redirect port 80 requests.

Disabling port 80 would mean that you lose out on redirects. When people type HTTP instead of HTTPS and are met with an error page, they will most likely go back to google instead of trying with an s. A redirect is much better for the customer. Disabling port 80 also doesn’t stop hackers from interfering with the HTTP page and intercepting traffic from customers who have used HTTP.

Make sure that your port 443 is patched and that you're using a valid SSL certificate to keep things on that side secure too.


Sohah Ahmed

Marketing Manager
30 Day Free Trial