Security Considerations

Technical:

Disallow routes to countries that customers don't need, especially high fraud countries. This is set in System -> Routes.
Set a daily spending limit and maximum concurrent calls limit for all customers. This is set in customers and rate plan fields "Maximum call spending per day" and "Maximum concurrent total calls".
Set phones and people to be locked out after too many failed login attempts. This is set in the "Telephone line failed registrations lock" and "Person failed logins lock" system configurations.
Require long password lengths for phones and people. This is set in the "Person minimum password length" and "Telephone line minimum password length" system configurations.
Change the SSH port from 22 to something non-standard.
Use iptables to lock out countries where you do not have customers.
Set Asterisk servers to use non default ports for SIP like 5065 instead of 5060.
Make sure all handsets have a username and password which are not the devices default.
Monitor servers with a tool like Zabbix, Nagios, or Cacti to alert if there are more calls than expected.
Use SIPSentry to automatically block brute-force attacks: http://sipsentry.com/

Secure provisioning with a solution such as:

Use a provisioning password in Enswitch 4.1 and above. This is set in the "Provision password global" system configuration.
Restrict telephones to specific IP address(es). This is set in the "Only allow from source IP address(es)" field on the edit telephone line page.
Restrict access by user-agent, by customising the Apache configuration.
Restrict access to a private domain, by customising the Apache configuration.
Use HTTP basic authentication if supported by telephones, by customising the Apache configuration.
Use TFTP username and password authentication if supported by telephones, by customising the TFTP configuration.

Non-technical:

Educate customers on choosing good passwords.
Have contracts to make sure the right person pays if they are hacked and run up a huge bill.

Navigation menu