Network & VoIP Security Tips
For anyone who has an internet connection, paying attention to your network security should be one of the most important things you can do. With a well maintained and managed network, you won't need to worry about viruses or compromising sensitive data and access. Here are some simple steps you can take to make sure that you are protected, and further information is available from State Police Departments: Queensland Police Wireless Security Article and South Australia Police Toll Fraud Prevention Tips.
1. Modem/Router Security
- Change the default 'admin' password - Your router is like your front door and the passwords are the keys. Default router passwords are well documented and widely available on the internet. So protect your network by changing the locks. Change the default ‘admin’ password and replace it with something complex. Once you have done that, document it and then store it in a safe place.
- Disable remote access - Remote access (or remote management) is a convenient way for users and technicians to manage and access routers over the internet. This same access can also be used by hackers to change settings and steal your VoIP login details. If you aren’t planning to use this, then make sure it is disabled. If you do, then configure your firewall to restrict access from trusted sources only.
- Wireless networks - If you don’t want someone using your internet and using up your monthly download quota, we strongly suggest that you:
a. Firstly, if you aren’t using wireless, then make sure that it is disabled. Not all routers will have it disabled by default.
b. Hide your Service Set Identifier (SSID) – This is the network name that shows up when someone looks for available wireless networks to connect to. If you hide it, then no one will know that it is there. If you can’t hide it, then change the default SSID to a unique and non-descript name.
c. Use WPA2 encryption – This is currently the most secure and recommended way of protecting your wireless network. It has improved on the weak security protection of WEP.
d. Use MAC address filtering – Using this you can limit access to your wireless network by adding trusted wireless devices to a permit list.
Note: All Dynalink and Netcomm ADSL routers (purchased as of June 2011) pre-configured by MyNetFone will have the following defaults for your security:
- Remote management disabled
- Wireless access disabled
- For instructions on setting up wireless access, select your modem type: Dynalink RTA1046VW, Netcomm NB9WMAXXn
2. Configure and use a Firewall
Firewalls require some advanced configuration to work properly with some games and software, but it is well worth your time to configure and use them. Firewalls help protect against malicious software and prevent people from travelling through your internet connection to compromise your local network by limiting which ports can be used, from what source IP address, and what type of traffic. It’s recommended that you start with a block-all policy and then add rules to allow access from trusted or known sources.
3. Install and use a credible Anti-spyware, Anti-virus software package
Spyware can present a major problem, especially in the form of key loggers that steal your passwords so make sure that your anti-virus and anti-spyware definitions are kept up-to-date, and run regular full system scans.
4. Keep your Operating System updated
Updates are critical to the security and reliability of your computer. Some of these updates address bugs and potential exploits in your computer, so you should keep your operating system up to date to ensure you're have the latest protection.
5. Common threats
- Never open email attachments, email links or instant messages from people you don't know.
- Be careful about accessing your network from shared computers or public networks (wireless hotspots)
- Be careful when web browsing. Downloading torrents or unauthorised versions of software is one of the easiest ways to undo your network security.
6. VoIP Security
Protecting your computers from online threats is essential, as is protecting all devices that use and are connected to the internet. To make sure that your system is more resilient to network attacks and fraud, we recommend you do the following:
- Protect the administration and remote management interface by using a strong password and a non-standard access port. Treat them like credit card numbers and keep them confidential
- Use alphanumeric passwords and usernames, and make them different from your extensions; especially if you have remote extensions or Direct Inward Service Access (DSIA)
- Block outbound dialling from your voicemail system to prevent Dial Through Fraud (DTF)
- Only allow SIP authentication and inbound call requests from trusted IP addresses. Block all others
- Restrict the destinations phones can call by configuring dial plans, call routes, and user access
- Make use of an intrusion detection system (IDS) and actively monitor your calls
- Delete employee authorisation codes when they leave your company
- If you are selling or discarding your VoIP hardware, make sure that you factory reset it and check that all SIP authentication usernames and passwords have been removed
Failing to secure your PBX or VoIP adapter may result in the following:
- Toll Fraud – utilising your PBX or account details to make calls at your expense
- Obtain unauthorised access to your system resources, information, privileges and/or listening to your calls and voicemail (through fuzzing, sniffing, or brute force attacks)
- Denial of Service – disabling your voice communication using packet floods
These security steps are critical to ensure your protection against internet attackers. If you require assistance configuring or implementing any of these recommendations, contact a certified and credible IT professional or PBX system integrator.
By setting up your network properly and using reliable security policies and procedures, you can sleep more soundly and feel confident that your computers, network, and phones, are as safe as possible.
Asterisk Security - more info
Queensland Police Wireless Security Article - more info
S.A. Police 'Toll Fraud' Media Release - more info