VoIP Security: Difference between revisions

From AAISP Support Site
No edit summary
Line 32: Line 32:
= Your Firewall =
= Your Firewall =


Protect your phone from the outside world.
Protect your phones and VoIP servers from the outside world.


See http://aa.net.uk/kb-telecoms-voip.html for more info, but:
See http://aa.net.uk/kb-telecoms-voip.html for more info, but:

Revision as of 10:20, 17 June 2013

Go to the VoIP Category

Here are some features that A&A provide that will help prevent fraudulent activity on your VoIP service.

Security Settings on the AAISP Control Pages

These settings are set on the control pages: http://aa.net.uk/login.html

The control page will also show you the number of SIP registrations and the useragent and IP of the registered phones. (not on the legacy 'A' server)

SIP Password

  • A number will have a sip password, this can be changed from the control pages, the 'Make Password' button will generate a password for you.

Call Rate Limits

  • National outgoing calls can have a price limit (default = 20p/min)
  • International outgoing calls can have a price limit (default = 2p/min)
  • International calls can be disabled (setting price limit to 'Free')
  • National calls can be disabled (setting price limit to 'Free')

Contact AAISP if you're needing these limits changed up, customers can reduce the limits though.

IP access

  • IP Lockdown - a VoIP number can be given an IP address to which is only allowed to register (ie you can add the IP of your phone, and only that phone will be able to register) (this feature is only on the C server, the legacy A server does not have this feature)

Warning Emails

The system can send advisory messages when a billing amount is reached. This is set per number on the control pages. The email set for the Number and for the Login is used. During the month, each time the amount is reached an email will be sent. At the end of the month the amount is reset. This feature was added in October 2011, the default warning level is £10, and numbers who used over £10 in September the rate was set to 1.2 times Septembers bill amount.

Your Firewall

Protect your phones and VoIP servers from the outside world.

See http://aa.net.uk/kb-telecoms-voip.html for more info, but:

  • Allow SIP from our servers to your phones: UDP port 5060 and 2002 from 81.187.30.110 - 81.187.30.119, and 2001:8b0:0:30::5060::/112 if you use IPv6 (we may add more servers in the future, but will be on the above URL when we do)
  • Allow RTP from everywhere to your phones: UDP 1024-65535* from everywhere (which also covers SIP above)
  • Don't allow access to your phone or servers web configuration pages from the Internet.

SIP is the call routing information that creates and manages calls, this will only come form our servers. RTP is the actual audio. RTP will be as direct as possible, the audio can be sent from anywhere on the internet, which is why these ports need to be open.

  • on most phones/clients you can configure which ports to use for RTP, so you can restrict this range further eg on a SNOM phone the default range for RTP is 49152 through to 65534.

If you run your own server and allow phones to use it from your WAN/Internet, then lock this down as much as possible - perhaps only allow access to your PBX from the Internet via a VPN.

Secure Your Equipment

Many Phone systems and VoIP phones will have their own security features, do make use of them and use strong passwords. See your equipment documentation for further information.

Other Tips

  • Secure your VoIP phone, eg have HTTP passwords or PINs, or/and firewall to prevent outside access - it has been known for 'hackers' to access voip phones and remote-control them to get them to dial out
  • If you run your own PBX, ensure passwords are secure