PBX security, Firewall, Banned IP: how to better protect the server from hackers?

Hello dear team

What is the good way to avoid exposing the PBX (as it’s in the Cloud) to the hackers please?

What happening:

  1. each day, more than 50 agents are connecting to the VitXi Softphone to make and receive calls
  2. usually, many of them sometime try wrong password and their IP get banned, after that, they nolonger have access, this happens many times in each day
    To avoid having to go and whitelist IPs every time, sometime we decide to desable the firewall, i understand that this is very bad but i do this to let people not have breaks in their work.

Is there any safe way to keep keep the firewall Active and avoid agents to be everytime banned?
Do we need a SBC?

Do you have your VitalPBX box NAT’d behind a real Hardware Firewall and or behind a virtual firewall in the cloud? if you do, what I would do, is create a rule to ONLY allow your Gateway provider to your VitalPBX. ALL OTHER CONNECTIONS are dropped. that way the connection is dropped from the NAT BEFORE they even get to your VitalPBX box. So the rule should say only allow connections from the gateway provider and only allow what is EXACTLY needed for the gateway provider to function with your PBX, so all needed SIP/RTP ports. I don’t believe in turning on the software firewall on VitalPBX or any PBX Server and making the box live on the Internet. It really should always be NAT’d behind an enterprise firewall, Virtual or Otherwise. Let your NAT’ing do that, and then only allow your gateway provider to the box.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.