Securing Your 3CX Phone System

Jun 20, 2018 | Learn More, User Guides

When making the change to an IP PBX such as the 3CX Phone System, security is generally one of the main concerns.

 

Based on recommendations from 3CX, we have compiled the most important considerations when deploying a 3CX phone system.

Whether you intend on deploying 3CX in-house, or working with a 3CX partner, understanding these security principles will assist you in ensuring your phone system is resilient against network attacks.

Using a strong and unique password for the 3CX Management Console

Using a web browser to manage your IP PBX is practical and convenient, and most phone systems use this method today. When using this method, however, a strong password with capitalised and non-capitalised letters, numbers and symbols is crucial – as attackers are known to target these services with brute-force attacks on common usernames on the system.

Choosing a password for IP Phones

Some IP PBX servers do not require passwords on IP Phones, or allow blank or short, simple passwords. Despite the convenience of this, it is strongly recommended that each phone on the PBX has a strong and unique password. 3CX will automatically change the password on the phone when it is provisioned, this saves time and helps with management of the phone system as a whole.

Planning for Security

Security should be an integral part of the planning process of your IP PBX. Securing your 3CX phone system is made easier with additional anti-hacking features added to the phone system:

  • Secure SIP
  • IP blacklisting
  • Anti-hacking settings

Segregation

Due to the varying needs to business networks, there is no set solution for segregation of business phone networks, however investing time into this during the planning phase can see a number of benefits.

Segregated networks often see less congestion, which is particularly notable at busier times of the day, and should an issue arise on one network, it remains localised and other areas of the business are able to function as normal.

Segregation of networks for different departments may not be right for your business, however if it is something you are interested in we recommend speaking to your IT provider.

Allow only required services

There are many occasions in which your IP phones will not require access to the internet. In this case, the IP phone should be placed behind a firewall with strict access control rules.

Should you require your IP PBX to be connected to the internet, it is best practice to ensure only the required services are able to access the phone system.

Using an Intrusion Detection System (IDS)

An IDS is used to assist in identification of possible attacks, and alert system administrators and security analysts if an attempted attack/ intrusion is detected.

Host-based IDS – Analyses log files, file system modifications and event logs

Network IDS – Monitors activity across the network

Unnecessary services on the OS

Most operating systems will run services that are not necessary to their function, and are not required for the operation of the IP PBX. These unnecessary services should be disabled and steps should be taken to identify any security vulnerabilities.

Keeping the OS up to date

Operating systems generally have automated security updates and are patched regularly to remove security flaws. Ensure you have these updates enabled.

Keeping you IP phone up to date

IP phone firmware updates include security updates when the need for one arises. 3CX maintenance renewal includes all firmware and security updates for your 3CX phone system, taking the hassle and stress out of remembering to update your IP phone.

Taking the time to secure your IP PBX is the best way to avoid potential security breaches down the line.

3CX offers a range of features to assist in securing your 3CX IP PBX including 3CX maintenance, which ensures access to every firmware and security update.

[3cx-clicktotalk id="29505" title="AatroxComms"]