Securing VitalPBX On The Cloud (and everywhere!)

Share on facebook
Share on google
Share on twitter
Share on linkedin

One of the most common environments where the PBX are being installed nowadays is in the Cloud (VPS), due that it is economic, that we don’t have to worry about issues with the hard disk or the internet, etc. But one of the major problems of installing our PBX systems in the cloud is the SIP scanners that automatically scan all the network searching for SIP servers to attack them and try to find vulnerabilities.

So, the question is, how can we protect our PBX? Well, there are different ways, some are simpler than others and more efficient. Coming up we will list the ways we can protect our PBX. These procedures can also be applied to your local PBX, so don’t worry, the cloud is not necessary to apply them.

Change the Default Ports

This is the most simple and quick way of protect our PBX, we can change the ports for others that are less common. The disadvantage of this method  is that many SIP providers do not allow port 5060 to be exchanged for another one.

Define A Specific IP Address for the SIP/IAX2/PJSIP Devices

Another way to protect our PBX is to define an specific IP or network address for our devices, thus allowing only trusted devices to connect to our PBX. This is a method that although very simple and effective, will only work if we know the IP or the complete network of the devices, thus removing the flexibility that end users use dynamic IP addresses.

Trusted Network

VPN Tunnel

This is by far the best method to secure our PBX, for its simplicity, flexibility, efficiency, and high level of security. With this method there will be no need to worry about dynamic IP addresses, since each of the end users will have the necessary files to configure and authenticate their devices.

Although it may be a little complex for end users to configure their devices with this method, there are a series of posts, where step by step it is explained how to configure both the VPN server and its clients:

 

In addition, with this method you can eliminate in a large percentage the vulnerabilities of your system, since you can close all ports if necessary, except for the OpenVPN port, and only allow connections through the VPN. However, for any contingency, we recommend leaving at least the SSH port and the HTTP port open.

Now, if we close all the ports, how do we connect to our VoIP provider ?. Well, the only thing that we will have to do in this case, will be to allow the IP / Domain of our provider in the firewall with the desired ports.
VitalPBX Firewall
Although it is a commercial module, it is very cheap, and it is worth investing in something that protects your PBX from brute force attacks, toll fraud, and prevents that potential attackers listening in on conversations, etc. This module will save you a lot of money and many headaches. If you wish to acquire a license for the OpenVPN module, go to the VitalPBX virtual store at the following link: VPBX Store

 

mrivera

mrivera

About Us

This project started with the objective of creating a system/interface for the administration of PBX systems based on Asterisk,  easy to use, totally adapted for different mobile devices (Fully Responsive Design), and with all the characteristics of an advanced telecommunications system; Combining the flexibility from Asterisk with concepts that have been satisfactorily used in traditional telephone systems, concepts that somehow were ignored by the new generations of IP telephony.

Recent Posts

Follow Us

VitalPBX Overview

Sign up for our Newsletter

Subscribe and keep up to date with our news.