VoIP Security: Difference between revisions
Content deleted Content added
| (14 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
[[File:Snom710.png|link=:Category:VoIP|Go to the VoIP Category]] |
|||
This page gives information about features on the AAISP side that can help secure your VoIP service, as well as what you can do on your network to secure your VoIP service. |
This page gives information about features on the AAISP side that can help secure your VoIP service, as well as what you can do on your network to secure your VoIP service. |
||
| Line 6: | Line 4: | ||
These settings are set on the [[:Category:Control Pages|Control Pages]]: http://aa.net.uk/login.html |
These settings are set on the [[:Category:Control Pages|Control Pages]]: http://aa.net.uk/login.html |
||
The control page will also show you the number of SIP registrations and the useragent and IP of the registered phones. |
The control page will also show you the number of SIP registrations and the useragent and IP of the registered phones. |
||
== SIP Password == |
== SIP Password == |
||
| Line 16: | Line 14: | ||
*National outgoing calls can have a price limit (default = 20p/min) |
*National outgoing calls can have a price limit (default = 20p/min) |
||
*International outgoing calls can have a price limit (default = 2p/min) |
*International outgoing calls can have a price limit (default = 2p/min) |
||
*International calls can be disabled (setting price limit to 'Free') |
|||
*National calls can be disabled (setting price limit to 'Free') |
|||
See: [[VoIP Call Rate Limits]] |
|||
Contact AAISP if you're needing these limits changed up, customers can reduce the limits though. |
|||
== IP |
== IP Access List (restrict access by IP) == |
||
IP |
IP Access List - a VoIP number can be given an IP address to which is only allowed to register (i.e. you can add the IP of your phone, and only that phone will be able to register) |
||
| ⚫ | |||
[[File:ControlPages-VoIP-IPLockdown.png|none|frame|IP Lockdown, comma separated etc.]] |
|||
| ⚫ | |||
Valid examples: |
Valid examples: |
||
| Line 41: | Line 35: | ||
The system can send advisory messages when a billing amount is reached. This is set per number on the [[:Category:Control Pages|Control Pages]]. The email set for the Number and for the Login is used. |
The system can send advisory messages when a billing amount is reached. This is set per number on the [[:Category:Control Pages|Control Pages]]. The email set for the Number and for the Login is used. |
||
During the month, each time the amount is reached an email will be sent. At the end of the month the amount is reset. |
During the month, each time the amount is reached an email will be sent. At the end of the month the amount is reset. |
||
This feature was added in October 2011, the default warning level is £10, and numbers |
This feature was added in October 2011, the default warning level is £10, and for numbers which used over £10 in September the rate was set to 1.2 times September's bill amount. |
||
== IP and User Agent Warning Emails == |
== IP and User Agent Warning Emails == |
||
| Line 80: | Line 74: | ||
==Keep the Software/Firmware updated== |
==Keep the Software/Firmware updated== |
||
Regularly checking for software updates is strongly recommended. |
Regularly checking for software updates is strongly recommended. e.g., check the website of the phone manufacturer for updates. |
||
*[[SNOM Firmware Updates]] |
*[[SNOM Firmware Updates]] |
||
==Set web interfaces to only use HTTPS== |
|||
This encrypts the data to and from your phone's web interface - this prevents eavesdroppers seeing your settings and passwords. |
|||
==Physical Security== |
|||
If you think your equipment may be in a semi-hostile environment, then look in to enabling pin codes on the actual phone - i.e. a key lock feature. |
|||
==Snom Phones== |
|||
Snom has a page about securing their devices on their wiki: https://service.snom.com/display/wiki/How+do+I+secure+my+Snom+phone |
|||
=Odd incoming calls that are not on the CDRs?= |
=Odd incoming calls that are not on the CDRs?= |
||
| Line 88: | Line 91: | ||
Solution: Firewall SIP as explained above. |
Solution: Firewall SIP as explained above. |
||
Also some equipment may support the disabling of calls being sent direct from the Internet. For example, Grandstream firmware often has a feature ''Allow Incoming SIP Messages from SIP Proxy Only'', which is worth using (unless you need to accept such calls). |
|||
Your equipment may also support a feature whereby incoming INVITE messages are only accepted if they use the User ID which you used when registering with the SIP server, maybe named ''Check SIP User ID for incoming INVITE''. The SIP server will know this User ID, random SIP spammers will not. This User ID is ''not'' the Authentication Username (e.g. +442083xxxxxx), but what is often termed ''Username'' in equipment configuration (where you can set a Username and a Real Name, e.g. ''fred'' and ''Fred Bloggs'') which is used in SIP calls. |
|||
[[File:aa-button.png|link=http://aa.net.uk/telecoms.html|Telecoms page on our main website]] |
[[File:aa-button.png|link=http://aa.net.uk/telecoms.html|Telecoms page on our main website]] |
||
| ⚫ | |||
[[Category:VoIP]] |
[[Category:VoIP]] |
||
[[Category:Control Pages]] |
|||
| ⚫ | |||