Professional Documents
Culture Documents
2. Never, Never, Never use the default passwords on any system. (Use Strong Passwords)
If you are truly concerned about PBX security, you will take this one piece of advice seriously!
Password security is easy and by far the best way to stop the top 99% of all hacks as it is easily the
most common way hackers enter IP PBX systems.
When installing your IP PBX, the very first step should be to replace both the username and passwords
of any account with administrator access. Secondly, when creating user accounts, be sure not to use or
allow easy to guess passwords like “1234”, “password”, “companyname1” etc.
Also, be sure to use a strong and unique password. This can't be stressed enough. As tempting and
simple as it may be to use your business name with a single digit added to the end of it, don't do it. You
would be surprised what these password detectors can figure out with just a little information.
When possible, place your IP PBX on a LAN with Network Address Translation (NAT). NAT basically
gives your IP PBX a private IP Address and makes it much more difficult to gain access to from the
internet. While it may be easy to simply disable NAT for simplicity (especially when you run into that
pesky one-way audio issue, don't do it. Take the time to set it up correctly, and you'll be glad you did.
Another way to make it hard for SIP scanners is to install a SIP port firewall. This will block “scanning”
of port 5060 and 5061 and can disable the attempting endpoint for a specific time when it detects a
violation.
10. Limit and restrict routing and phone number dial plans
Restrict calling to high-cost calling destination and don’t allow calling to 0900 + Premium numbers)