PBX Service Security
PBX Service
Go to to check all the service status and port.
| Service | Default Port | Description |
|---|---|---|
| SIP UDP | 5060 | Registration port of SIP UDP. |
| SIP TCP | 5060 | Registration port of SIP TCP. |
| SIP TLS | 5061 | Secure SIP packets with TLS encryption. TLS allows safe transactions over untrusted networks and with authenticated parties. |
Web Access Security
Secure the web access of your PBX.
Password of Web Login
After you log in the PBX web interface for the first time, we suggest you to change the web login password.
- The email address can be used to reset the password of web login.
The Password should meet all the following requirements:
- At least 8 characters
- At least 1 number
- At least 1 uppercase letter
- At least 1 lowercase letter
- Avoid word or name
For example, avoid word like
yeastar,password,caroletc. Use random password like8lsS*!08k_s922.
Login Settings
Go to to change the login settings.
- Auto Logout Time: The PBX will logout automatically after the period of inactivity.
Login Attempts
For login protection, the PBX will block an web address after 3 login attempts.
The blocked user should try to log in the PBX web interface after 10 minutes.
Extension Security
Secure the VoIP extensions.
Extension Password
The PBX will generate a random password for a new extension. If you want to set the password manually, the password should meet the following requirements:
- At least 8 characters
- At least 1 number
- At least 1 uppercase letter
- At least 1 lowercase letter
- Avoid word or name
For example, avoid word like
yeastar,password,caroletc. Use password like8lsS*!08k_s922.
Restrict Extension Registration
You can limit which IP address or which User Agent is allowed to register a certain extension.
Go to to edit the extension’s Advanced setting.
- User Agent Registration Authorization
By default, the PBX allows phones to register extensions without user agent limit. To enhance the extension security, you can restrict which user agent is allowed to register the extension.
When a phone is trying to register the extension, the phone will send SIP packets that contain the user agent. If the user agent is not allowed, the registration will fail.
- IP Restriction
To enhance the extension security, you can restrict which IP is allowed to register the extension.
SRTP
SRTP is used to encrypt audio streams. If SRTP is enabled for an extension, the extension will support SRTP and will allow negotiation with calls without SRTP.
Go to to edit the extension’s Advanced setting.
Trunk Security
Secure the trunks on the PBX.
To prevent unauthorized international calls and long-distance calls through the PBX trunks, you need to take steps to protect your trunks on the PBX.
Outbound Route Permission
When you are setting up outbound routes on your PBX, you need to consider outbound route permission for different users.
We suggest you to set up different outbound routes for different trunks, and assign outbound route permission to the users.
For example, you can set up outbound routes as below:
- Outbound route for local calls
Select the trunk that is least-cost for local calls, and set the outbound route permission for all the users.
- Outbound route for long-distance calls
Select the trunk that is least-cost for national calls, and set the outbound route permission for all the sales and managers.
- Outbound route for international calls
Select the trunk that is least-cost for international calls, and set the outbound route permission for the international sales who need to make international calls.
Disable Guest Calls
Go to , uncheck the option Allow Guest.
If Allow Guest is checked, the PBX will allow unknown/anonymous incoming calls.
- The unknown calls may be charged to the bill of your trunks.
- Do NOT enable Allow Guest optionally.
- If the number is not known, don’t call back.
Outbound Restriction
Yeastar Cloud PBX has a default rule to limit users to make maximum 5 outbound calls in 1 minute. You can add an Outbound Restriction rule to define how many outbound calls the extension users can make during a period of time.
If a user makes outbound calls over the limit, the extension will be locked and has permission to make internal calls only.
Go to to edit the rule or add a rule.
International Call Limit
To prevent toll fraud, you need to pay particular attention to the trunk that is used to make international calls.
Limit Call Credit
Before you set up the trunk on your PBX, ask the trunk provider to limit the credit of international calls.
If you don’t need to make international calls, ask the provider to disable international call service on the trunk.
Set Password for the International Outbound Calls
Set a single PIN for the outbound route that allows international calls, when the users dial international numbers, the PBX will ask the users to enter a PIN.
- If the PIN is correct, the PBX will call the international number.
- If the PIN is incorrect, the PBX will drop the call.
Disable International Calls on the PBX
If the trunk provider cannot disable international calls for the trunk, you can add an invalid outbound route on the PBX to disable international calls.
- Create an invalid SIP trunk like the following figure.
- Create an outbound route for the invalid SIP trunk.
- Set Patterns to
00. - Select the invalid SIP trunk
- Select all the extensions
- Set Patterns to
- Place the invalid outbound route to the top.
Contingency Plan
There is no absolute safety. Make a contingency plan for your PBX.
In case an attacker successfully forced your PBX to fail, you should have a contingency plan for your PBX.
Event Center
To get informed of the events that occur to your PBX, you need to configure Event Center on the PBX. Enable event notifications and add contacts to receive the notifications by email or phone number.
Schedule Auto Backup
Set auto backup on the PBX. If the PBX cannot work, you can reset the PBX, and restore the PBX configurations from the backup file.
