Jump to content

Securing your SIP trunk


andrewgroup

Recommended Posts

On he public Facing side of the PBX do not add a default gateway to the Internet Connection. Instead, create single routes (linux) or persistent routes (windows) to the IP address of the ITSP proxy or gateway. Create a Host entry or local DNS entry for the FQDN of the proxy or gateway. This will go a long way to lock all SIP/TRP traffic to the provider.

 

Of course, what do you do about remote SIP phones? Your suggestions/guesses go here, These to can be easily protected too....

Link to comment
Share on other sites

95% of the fraud I have seen has been from blank SIP passwords. double check this. Never let the password be your extension.

 

a great thing you can do to prevent unwanted traffic is to block your dialplan. if you dont ever dial international block it. block '0' operator access. block 900 numbers, etc etc.

 

also make sure users dont use easy voicemail PIN numbers...

Link to comment
Share on other sites

Other things you must do

Use the Trusted IP Addresses: settings;

If home users are cable modem, add static routes to the IP range that would cover the dynamic IP changes

Add a unique Dial Out Code in the dial plan,,, (basically a code to dial out) save a button on the phone with the code presaved..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...