Best Practices to Prevent Hacking and Fraud

Discussion in '3CX Phone System - General' started by Jono, Aug 19, 2014.

Thread Status:
Not open for further replies.
  1. Jono

    Joined:
    Jun 29, 2013
    Messages:
    27
    Likes Received:
    0
    Hello -

    For the 3rd time, AT&T has set a block on international calling because of some outside individual making int'l calls through our 3CX system. Is there a document on security best practices that might address how to setup the system to avoid this type of fraud? We need to be able to call internationally, but we obviously can't be paying huge bills because of some hacker using our system to call internationally.

    Thanks.

    Jono
     
  2. gschwab

    gschwab New Member

    Joined:
    Mar 21, 2012
    Messages:
    131
    Likes Received:
    0
    First thing I would look at is HOW are they getting through, check the logs as they should show the registration attempts.
    A lot depends on how your system is set up, do you use external extensions, remote locations,etc.
    this video explains most of it,

    http://www.3cx.com/3cxacademy/videos/advanced/security-with-3cx-phone-system/

    hard to believe that they are getting through if you have strong passwords.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    227
    Strong, random passwords are a must. That should stop anyone attempting to guess passwords and register a remote extension. I have seen many direct SIP call attempts but 3CX stops them. It could also be employees placing these calls, the 3CX log should show that It is also possible that someone has acquired your provider credentials and is calling direct to them.

    If international calls are not made by all employees, then you can introduce a "special" prefix, in the outbound rules, that is required before the international number. Give that only to those that require it and change it, when you feel the need to.

    International calling can be further restricted to certain countries, in the system settings. This can also be refined in the outbound rules. If you never call Africa, for example, then set-up rules that do not allow that country code to be called, same with mobile numbers in some countries, which can cost five to 10 times that of a landline call..
     
  4. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    what 3cx version are you using ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Jono

    Joined:
    Jun 29, 2013
    Messages:
    27
    Likes Received:
    0
    Thanks for the replies everyone.

    I'm using 3CX v12, SP6

    I found out that it was an extension with a weak password that allowed the hacker to register an extension. After the previous hack, I changed all of the extensions' passwords to complex and random passwords, but I was using the Phones tab to do that (where you can see the passwords). But what I didn't think about was that if an extension exists without a phone, it doesn't show up in that list. This particular extension fit that category.

    So I've gone through the Extension list and made sure all extensions have complex passwords.

    Just to be clear, we're talking about the Authentication Password on the General tab in the Extension Settings, right?

    Thanks, gschwab, for the video link. I'm making my way through that now.

    Jono
     
  6. telin

    Joined:
    Jul 28, 2015
    Messages:
    54
    Likes Received:
    6
    Do you have an example on V14, how it is done?
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    227
    This would be done in the outbound rules. Depending on how you currently dial outside (both local, long distant and international), this will vary. So here is an example, but you may have to do things a bit differently.

    If you always dial 9+ (so 9011XXXXXXXXXXX) for an international number, change the outbound rules to still allow 9+ local and (in country long distance), but remove the ability to dial 9011XXXXXXXXXXX. this may involve being more specific with the "other rules that use 9 as the first digit,

    Then add a rule such as 83543011XXXXXXXXXXXX, that matches the correct (total) digit length (if appropriate). You can even limit which extensions are able to access the rule. In fact you could have a different rule (prefix) specific to an extension. You would then strip the "prefix" 83543, and send the remaining digits out on the trunk group. You could use any number of "access digits" that you feel will work for you, you can also change these at any time. Just keep in mind that outbound rules are read top to bottom until a match is found. So...the more specific a rule the higher it should be, a general "catch-all' rule will be at the bottom of the list. this means that, depending on the digits you choose, you may have to relocate the new rule. You might be better off to keep the first two digits the same, and just change the last 3 (in the case of a 5 digit prefix).
     
Thread Status:
Not open for further replies.