Difference between revisions of "Tech Update Security"

From IPitomy Wiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
'''Tech Update Security Security Best Practices'''
 +
 +
Security is a serious concern for any application on a network. There is no shortage of potential intruders intent on stealing services and otherwise causing problems with your system.
 +
 +
IPitomy has designed several security features into the systems to thwart those threats and to avoid the shock of getting hacked. Proper use of security and adhering to a diligent security policy is your best way to avoid security breaches.
  
'''Tech Update Security Security Best Practices'''
+
Here is a list of Best Practices to implement when installing an IP PBX System. Keep in mind that if users have access to the management interface and can add extensions or change passwords, they should be made aware of the best practices as well.
  
Security is a serious concern for any application on a network. There is no shortage of
+
== Passwords ==
potential intruders intent on stealing services and otherwise causing problems with your
 
system.
 
  
IPitomy has designed several security features into the systems to thwart those threats and
+
Passwords are the key to hacking into anything. Avoid using passwords that are dictionary words or number strings like 1234, 1111 etc. Never use words that can be associated with you or your business. IPitomy generates random strong passwords when a SIP account is created. It is recommended that those SIP passwords remain strong if modified, we would advise not changing them from the pre-generated passwords.
to avoid the shock of getting hacked. Proper use of security and adhering to a diligent
 
security policy is your best way to avoid security breaches.
 
  
Here is a list of Best Practices to implement when installing an IP PBX System. Keep in
+
A strong password has a combination of upper and lower case characters including numbers and punctuation characters.
mind that if users have access to the management interface and can add extensions or
 
change passwords, they should be made aware of the best practices as well.
 
  
==Passwords==
+
All users should be reminded that the PIN number for their mailbox should not be their extension number. The default password for the system administration should always be changed.
Passwords are the key to hacking into anything. Avoid using passwords that are dictionary
 
words or number strings like 1234, 1111 etc. Never use words that can be associated with
 
you or your business. IPitomy generates random strong passwords when a SIP account is
 
created. It is recommended that those SIP passwords remain strong if modified, we would advise not changing them from the pre-generated passwords.
 
  
A strong password has a combination of upper and lower case characters including
+
== Port Forwarding ==
numbers and punctuation characters.
 
  
All users should be reminded that the PIN number for their mailbox should not be their
+
If you are not using remote phones, turn off any unused port forwards. If 5060 is closed, malicious individuals can't send packets to hit the PBX.
extension number. The default password for the system administration should always be
 
changed.
 
  
==Port Forwarding==
+
== LAN vs. WAN ==
If you are not using remote phones, turn off any unused port forwards.
 
  
==LAN vs. WAN==
 
 
Always ensure local extensions are set to LAN.
 
Always ensure local extensions are set to LAN.
  
==Access Control List (ACL)==
+
== Access Control List (ACL) ==
This controls which IP addresses are allowed to be connected to the system. Unauthorized users are dropped before they get a chance
+
 
to try anything.
+
This controls which IP addresses are allowed to be connected to the system. Unauthorized users are dropped before they get a chance to try anything. ([http://wiki.ipitomy.com/wiki/IP_PBX_Manual_System_Networking#Access_Control_List http://wiki.ipitomy.com/wiki/IP_PBX_Manual_System_Networking#Access_Control_List])
  
==Create a Class of Service for Remote Phones==
+
== Create a Class of Service for Remote Phones ==
  
 
Clone the default class of service and remove access to international dialing.
 
Clone the default class of service and remove access to international dialing.
  
==International Dialing==
+
== International Dialing ==
Remove international dialing or restrict it to only users who require it. If you don't use it, restrict it. To do so, don't add a trunk to the Intl route, and then no one can make calls.
+
 
 +
Remove international dialing or restrict it to only users who require it. If you don't use it, restrict it. To do so, don't add a trunk to the Intl route, then extensions cannot make international calls.
 +
 
 +
== Log Watch & Ban Security Service ==
 +
 
 +
Log Watch + Ban Service: scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.  Log Watch + Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents.
 +
IP Addresses will remain in the ban list until the service is reloaded or restarted.

Latest revision as of 15:34, 29 May 2018

Tech Update Security Security Best Practices

Security is a serious concern for any application on a network. There is no shortage of potential intruders intent on stealing services and otherwise causing problems with your system.

IPitomy has designed several security features into the systems to thwart those threats and to avoid the shock of getting hacked. Proper use of security and adhering to a diligent security policy is your best way to avoid security breaches.

Here is a list of Best Practices to implement when installing an IP PBX System. Keep in mind that if users have access to the management interface and can add extensions or change passwords, they should be made aware of the best practices as well.

Passwords

Passwords are the key to hacking into anything. Avoid using passwords that are dictionary words or number strings like 1234, 1111 etc. Never use words that can be associated with you or your business. IPitomy generates random strong passwords when a SIP account is created. It is recommended that those SIP passwords remain strong if modified, we would advise not changing them from the pre-generated passwords.

A strong password has a combination of upper and lower case characters including numbers and punctuation characters.

All users should be reminded that the PIN number for their mailbox should not be their extension number. The default password for the system administration should always be changed.

Port Forwarding

If you are not using remote phones, turn off any unused port forwards. If 5060 is closed, malicious individuals can't send packets to hit the PBX.

LAN vs. WAN

Always ensure local extensions are set to LAN.

Access Control List (ACL)

This controls which IP addresses are allowed to be connected to the system. Unauthorized users are dropped before they get a chance to try anything. (http://wiki.ipitomy.com/wiki/IP_PBX_Manual_System_Networking#Access_Control_List)

Create a Class of Service for Remote Phones

Clone the default class of service and remove access to international dialing.

International Dialing

Remove international dialing or restrict it to only users who require it. If you don't use it, restrict it. To do so, don't add a trunk to the Intl route, then extensions cannot make international calls.

Log Watch & Ban Security Service

Log Watch + Ban Service: scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Log Watch + Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. IP Addresses will remain in the ban list until the service is reloaded or restarted.