• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Harden Security with v16: Nuts & Bolts

Status
Not open for further replies.

KyriakosP

3CX Team
Staff member
Joined
Dec 6, 2018
Messages
185
Reaction score
123

Strength in Unity​

In herds under attack, the bigger and more experienced animals protect the smaller, more inexperienced ones. Taking a page from nature\'s play book, the new 3CX v16 implements this exact approach by enabling the more experienced members to notify and protect the 3CX herd. When an attacker\'s IP is reported thr...
Continue reading the Original Blog Post.
 
Last edited by a moderator:
  • Like
Reactions: Sasha Vortex
What about SRTP and SIP-TLS?
 
Ηι @poynter.net,

The post covers new and updated security features for 3CX v16. If you have any SRTP and SIP-TLS questions, please share them.
 
Ηι @poynter.net,

The post covers new and updated security features for 3CX v16. If you have any SRTP and SIP-TLS questions, please share them.

When will SRTP and SIP-TLS be fully supported? I understand you can enable them now in the 3cx client phone provisioning settings but be good to see this fully supported and set as the default with say padlock icon next to the phone, etc.
 
  • Like
Reactions: KyriakosP
How do you deal with people accidentally (or deliberately) blocking good addresses (like a carrier!) and then that being pushed out to everyone?

Is there a threshold before an address is added to the list?

Thanks
Paul
 
Great start 3CX Team! I am very please that while hardening the PBX you have realized that managing multiple PBX's can be a bear. Particularly like the group "regenerate key" and the IP Blacklist Export and Import.
 
  • Like
Reactions: KyriakosP
Hi @poynter.net,

As you can understand, 3CX needs to be able to work reliably with available hardware in the market. Security defaults and hardware compatibility can be competing issues, but 3CX pushes the security envelope forward with every new release, as is the case with v16. In the end, the security level and options are the admin's choice, as these are supported built-in by 3CX, but in some cases need to be left optional for backwards compatibility and ease of use.
 
- Hi @Paul Reynolds,

Very perceptive observation. 3CX receives reported blacklisted IPs from participating systems and indeed threshold and validation logic is employed to exclude false positives, before adding a reported IP to the Automatic Global 3CX IP Blacklist.
 
  • Like
Reactions: accentlogic
- Hi @clarityscg,

Thank you for you comments, we aim to please! Stay tuned for more upcoming v16 features and updates. ;-)
 
  • Like
Reactions: Sasha Vortex
I think @poynter.net means provisioning of TLS. At the moment 3CX is ready for TLS but you have to do it manually to the phones.
Also it makes sense to set default values to the client like do TLS on installation and optional SRTP and so on... Marking 100 User and change them to TLS is not practically.
 
  • Like
Reactions: bengi
I think @poynter.net means provisioning of TLS. At the moment 3CX is ready for TLS but you have to do it manually to the phones.
Also it makes sense to set default values to the client like do TLS on installation and optional SRTP and so on... Marking 100 User and change them to TLS is not practically.
Hi Patrick,

This is not something we can answer here to be honest. Obviously, at 3CX we realise how important security is and are always working on ways to beef up security from all aspects. If you could post your suggestion in our ideas forum that would be great. The the development team will see it and perhaps consider it. https://www.3cx.com/community/forums/3cx-ideas/
 
@Bianca, the TLS and SRTP requires are in the idea section and have been for a long time.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,625
Messages
748,891
Members
144,739
Latest member
Ghisl1
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.