In today’s digital landscape, business communication systems are prime targets for cyber threats. A poorly secured PBX can open the door to a range of risks, including toll fraud, eavesdropping, data breaches, and even complete system takeovers. Attackers can exploit vulnerabilities to make unauthorized calls, intercept sensitive conversations, or disrupt business operations. With the rise of VoIP technology and remote access, securing your PBX is no longer optional, it’s essential. Without proper defenses in place, businesses risk financial losses, reputational damage, and compliance violations.

To safeguard your business communications, Cloud-PBX offers comprehensive security features designed to protect against cyber threats, ensuring a secure and reliable phone service. Key security components include

• Auto Defense: By monitoring the frequency of incoming packets, auto defense effectively prevents massive connection attempts or brute force attacks. The system includes default rules to protect SSH connections, SIP registrations, and web access, with the flexibility to add custom rules as needed.
  
• Static Defense: This feature allows control and filtering of traffic to the PBX based on IP address, domain, or MAC address. Default rules permit connections from local network devices, auto-provisioned devices, and Yeastar servers. Administrators can create additional rules to accept, drop, or reject access, enhancing control over network interactions.
  
• Blocked IPs Management: The system maintains a list of blocked IP addresses. If a trusted IP is mistakenly blocked, administrators can easily remove it from the blocked list, ensuring legitimate users maintain access.
  
• Outbound Call Frequency Restriction: To prevent potential abuse, this feature limits the number of outbound calls over a specified period. By default, users are restricted to a maximum of five outbound calls per second, with the option to customize this setting.

Additional Security Options

There are several additional configurable settings that can be used to fine-tune and enhance the system security further, including:

• Two-Factor Authentication (2FA): Implementing 2FA for the super administrator account to enhance login security.
• Allowed Country IPs and Codes: Administrators can configure the system to allow access only from specific countries or regions, preventing unauthorized international access. Additionally, outbound calls can be restricted to certain country codes, effectively mitigating toll fraud risks.
• SIP TLS and HTTPS: To secure SIP messaging, the PBX supports TLS and HTTPS protocols. Administrators can upload relevant certificates to the system to ensure encrypted communications.
• Extension Registration Defense: Enable SIP security on a per-extension basis.
• Drop All but Accepted IPs in Static Defense: Restricting PBX access exclusively to accepted addresses defined in static defense rules.
• Drop IP Ping Request: Disabling Ping responses (ICMP echo) to enhance security.
• Download Global Anti-hacking IP Blocklist: Incorporating the Global Anti-hacking IP Blocklist to automatically drop connections from known malicious IP addresses.
• Report PBX’s IP Blocklist: Reporting permanently blocked IP addresses to the Global Anti-hacking IP Blocklist, contributing to a broader security community.​
• Console/SSH Access: The system supports SSH access, enabling technical support engineers to establish temporary connections for troubleshooting and debugging purposes.
• Enable IP Restriction for Administrator Login: Specifying allowed IP addresses for super administrator access to the administrator portal.​

By leveraging these robust security features, businesses can protect their communication systems from unauthorized access and potential threats, ensuring secure and reliable operations.