Protecting VoIP infrastructure and telephony services from unauthorized access and fraud is essential for maintaining secure communications.
This guide outlines the recommended VoIP security best practices for equipment configuration, network protection, PBX security, and account access management on the modulus network.
1. General Guidelines
-
Software / Firmware Upgrade:
As mentioned in all configuration guides within the Help Center, you should upgrade your equipment software to the latest firmware version. It is also recommended to regularly check for new releases and proceed with updates whenever available.
-
Changing Default Credentials:
Before configuring any VoIP equipment or software, it is important to change the default login credentials. Each device should use a unique username/password combination.
-
Do Not Share Access Credentials:
The access credentials you receive for your VoIP accounts are strictly personal and will never be requested by a modulus representative. If you suspect that your credentials have been compromised, contact customer support immediately to have them changed and identify the source of the breach in order to restore the security gap.
2. Network Configuration Guidelines
-
Do Not Use Port Forwarding:
Port forwarding practices may create security vulnerabilities. By opening a port from the Internet to your equipment, you expose your system to potential attacks. For secure connectivity of remote internal devices, use the vPBX service for additional protection.
-
Do Not Configure Public IPs on PBX Interfaces:
Avoid using public IP addresses on PBX interfaces, as this may increase security risks. If necessary, enable the Firewall on your PBX system or router.
-
Use a Separate VLAN for Telephony:
For corporate networks, it is important to separate the VoIP phone network from the rest of the network devices by using VLANs, firewalls, or other isolation techniques.
3. Asterisk Configuration Guidelines
-
Do Not Use the Default Asterisk Context:
Avoid using the default context for answering incoming calls. In FreePBX-based distributions, disable the “Allow Anonymous Inbound SIP Calls” option under “General SIP Settings”.
-
Additional Security Measures:
modulus provides additional security safeguards to protect you against fraud incidents, beyond the recommended measures.
4. Features Provided by modulus
-
Charge-Based Call Restriction:
You may request call restrictions for calls exceeding a specified amount. This helps protect against unwanted charges and allows different limits to be configured per terminal.
-
Destination-Based Call Restriction:
You may request restrictions for specific destinations, such as international calls or short codes.
-
Account Access Limited to Specific IPs:
You may request that your account is configured to be accessible only from specific IP addresses. This way, even if your account credentials are exposed to unauthorized individuals, they will not be able to use them from another IP address.