Fraud is a common problem for IP Telecoms channel partners and if you don’t take steps to secure your extensions then it can also become quite an expensive problem!
- NEVER allow access to a handsets control panel from the public internet. This is a common mistake where handsets are either configured with a public IP address, or have a port forward set up. It is a simple task for anyone to log onto the handset and set up a call forward to any destination they want. They can then ring the local DDI of the handset and be connected to the call forwarded number only paying a local call rate, leaving you to pick up the cost of the expensive forwarded call.
- Always password protect handsets. Although you know what you are doing, you’re customers may not, and if you are not responsible for maintaining the customer network then if the network is compromised, it is very simple for a hacker to set up call forwards on the handsets as above.
- Always use a strong password on your SIP login credentials. Although this may seem like common sense, the use of weak passwords such as “password1”, “test123” and other such simple passwords is still prevalent and seriously compromises the security of your PBX.
- Lock down each extension to the end users IP address. With most connectivity providers now offering static IPs, there is very little reason not to do this. This greatly increases the security as even if a username and password is known, calls cannot be sent unless they are originating from the specified IP address.
- Block known fraudulent source networks. We maintain active lists of known source networks where fraud has originated from, and we block these at our network edge. This is updated on a daily basis depending on what activity we’ve seen from our active SIP traffic monitoring.
- Block user agents commonly associated with fraud. There are some well-known user agents that are associated with call fraud, and these should be blocked from any registration attempts on the PBX.
- Choose your allowed destinations wisely. Do your customers really need to dial Cuban Satellite phones at 3am? It is generally prudent to restrict call destinations to only those that you actually require and block everything else by default. Fraud is generally carried out on the more expensive call destinations so disallowing these reduces the chances of carrying fraudulent calls through your PBX.