To maintain integrity on our network as high as possible and to help protect our customers, Flowroute has implemented additional fraud prevention functionality. The following tips enable you to apply added security to your VoIP deployments.In this article: Prevention Tips
If you operate one or more PBX systems on public IP addresses, we urge you to conduct a security audit of your system. The number of VoIP fraud cases is on the rise, and your best defense is the security of your systems. Here are some tips:
Ensure your password for your Flowroute account is very secure.
Ensure that all SIP accounts or phone extensions on your PBX use strong passwords. Never choose simple passwords such as 100, password, or phone. Fraudsters are now using automated tools to brute-force attack PBX systems, finding accounts with weak passwords and using them to their advantage. You might want to generate random passwords using such sites as Password Generator or Gibson Research Center Perfect Passwords.
If your PBX has a setting for allowing anonymous inbound calls from the Internet, please disable it. Some PBX configurations are set up to automatically forward inbound calls to the first available outbound trunk if the call cannot be routed to any internal SIP account or phone extension which, when combined with the setting for allowing anonymous inbound calls, makes for a very vulnerable PBX system.
Do comprehensive security audits of your systems. If the system hosting your PBX is hacked, your PBX could be used for fraudulent calls, or your Flowroute SIP credentials may even be stolen and used to originate fraudulent calls from a remote location. Please consult a qualified System Administrator if you are unsure how to security audit your systems.
If you are using IP Tables or a nix-based system, you can further automatically "ban" an IP address that is attempting to breach your system if it fails more than a certain number of authentication attempts. See Fail2ban main page for more information.
If you are using an Asterisk-based system, see our Asterisk Security tips section.
Use IP Tables to restrict web traffic and even SIP traffic to your system. For more information on how to do this, please see our IP Tables Tips page.
Review access logs regularly and you can keep up to date on security patches and practices for your network services. You may use SIP auditing tools such as SIPvicious.
You can adjust and define the maximum outbound rate for your account. This rate is a ceiling rate for calls coming out of your account.
You can adjust this rate if you intend to call countries with a higher per-minute rate by setting a Maximum Outbound Rate on the Fraud Control page of Flowroute Manage. See Set a Maximum Outbound Rate to configure this option.Set up a Destination Whitelist
In addition to the maximum outbound rate, we also offer whitelist features. You may use a strict whitelist such that your account would only be authorized to call specific destinations. All other fraud tools are ignored for destinations listed in your whitelist. See Set up a Destination Whitelist for more information.
Want to see how to do this? View our how-to videos: