Yeastar Cloud PBX Security Guide

You are here:
Estimated reading time: 4 min

PBX Service Security

PBX Service

Go to Settings > System > Security > Service to check all the service status and port.

Note: We suggest you to change the default port.
Service Default Port Description
SIP UDP 5060 Registration port of SIP UDP.
SIP TCP 5060 Registration port of SIP TCP.
SIP TLS 5061 Secure SIP packets with TLS encryption. TLS allows safe transactions over untrusted networks and with authenticated parties.

Web Access Security

Secure the web access of your PBX.

Password of Web Login

After you log in the PBX web interface for the first time, we suggest you to change the web login password.

Click Option icon at the top-right corner, then click My Settings to change the login password and enter your email address.

Note:

  • The email address can be used to reset the password of web login.

The Password should meet all the following requirements:

  • At least 8 characters
  • At least 1 number
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • Avoid word or name

    For example, avoid word like yeastarpasswordcarol etc. Use random password like 8lsS*!08k_s922.

Login Settings

Go to Settings > System > Security > Service to change the login settings.

  • Auto Logout Time: The PBX will logout automatically after the period of inactivity.

Login Attempts

For login protection, the PBX will block an web address after 3 login attempts.

The blocked user should try to log in the PBX web interface after 10 minutes.

 

Extension Security

Secure the VoIP extensions.

Extension Password

The PBX will generate a random password for a new extension. If you want to set the password manually, the password should meet the following requirements:

  • At least 8 characters
  • At least 1 number
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • Avoid word or name

    For example, avoid word like yeastarpasswordcarol etc. Use password like 8lsS*!08k_s922.

Restrict Extension Registration

You can limit which IP address or which User Agent is allowed to register a certain extension.

Go to Settings > PBX > Extensions to edit the extension’s Advanced setting.

  • User Agent Registration Authorization

    By default, the PBX allows phones to register extensions without user agent limit. To enhance the extension security, you can restrict which user agent is allowed to register the extension.

    When a phone is trying to register the extension, the phone will send SIP packets that contain the user agent. If the user agent is not allowed, the registration will fail.

  • IP Restriction

    To enhance the extension security, you can restrict which IP is allowed to register the extension.

SRTP

SRTP is used to encrypt audio streams. If SRTP is enabled for an extension, the extension will support SRTP and will allow negotiation with calls without SRTP.

Go to Settings > PBX > Extensions to edit the extension’s Advanced setting.

 

Trunk Security

Secure the trunks on the PBX.

To prevent unauthorized international calls and long-distance calls through the PBX trunks, you need to take steps to protect your trunks on the PBX.

Outbound Route Permission

When you are setting up outbound routes on your PBX, you need to consider outbound route permission for different users.

We suggest you to set up different outbound routes for different trunks, and assign outbound route permission to the users.

For example, you can set up outbound routes as below:

  • Outbound route for local calls

    Select the trunk that is least-cost for local calls, and set the outbound route permission for all the users.

  • Outbound route for long-distance calls

    Select the trunk that is least-cost for national calls, and set the outbound route permission for all the sales and managers.

  • Outbound route for international calls

    Select the trunk that is least-cost for international calls, and set the outbound route permission for the international sales who need to make international calls.

Disable Guest Calls

Go to Settings > PBX > General > SIP > Advanced, uncheck the option Allow Guest.

If Allow Guest is checked, the PBX will allow unknown/anonymous incoming calls.

Important:

  • The unknown calls may be charged to the bill of your trunks.
  • Do NOT enable Allow Guest optionally.
  • If the number is not known, don’t call back.

Outbound Restriction

Yeastar Cloud PBX has a default rule to limit users to make maximum 5 outbound calls in 1 minute. You can add an Outbound Restriction rule to define how many outbound calls the extension users can make during a period of time.

If a user makes outbound calls over the limit, the extension will be locked and has permission to make internal calls only.

Go to Settings > PBX > Call Control > Outbound Restriction to edit the rule or add a rule.

 

International Call Limit

To prevent toll fraud, you need to pay particular attention to the trunk that is used to make international calls.

Limit Call Credit

Before you set up the trunk on your PBX, ask the trunk provider to limit the credit of international calls.

If you don’t need to make international calls, ask the provider to disable international call service on the trunk.

Set Password for the International Outbound Calls

Set a single PIN for the outbound route that allows international calls, when the users dial international numbers, the PBX will ask the users to enter a PIN.

Note: You can also set a PIN list for the outbound route, and assign different PIN numbers to the users who have permission to make international calls.
  • If the PIN is correct, the PBX will call the international number.
  • If the PIN is incorrect, the PBX will drop the call.

Disable International Calls on the PBX

If the trunk provider cannot disable international calls for the trunk, you can add an invalid outbound route on the PBX to disable international calls.

  1. Create an invalid SIP trunk like the following figure.

  2. Create an outbound route for the invalid SIP trunk.
    • Set Patterns to 00.
    • Select the invalid SIP trunk
    • Select all the extensions

  3. Place the invalid outbound route to the top.

 

Contingency Plan

There is no absolute safety. Make a contingency plan for your PBX.

In case an attacker successfully forced your PBX to fail, you should have a contingency plan for your PBX.

Event Center

To get informed of the events that occur to your PBX, you need to configure Event Center on the PBX. Enable event notifications and add contacts to receive the notifications by email or phone number.

Schedule Auto Backup

Set auto backup on the PBX. If the PBX cannot work, you can reset the PBX, and restore the PBX configurations from the backup file.

 

 

Previous: Yeastar Cloud PBX Auto Provisioning
Next: Yeastar Cloud PBX Conference

Install linkus on mobile & desktop, next make some calls!

Don't worry, a free trial is a free trial

Book an online demo appointment with our sales specialists.

Don't worry, it's a free consultation and no-obligation to purchase.