PBX systems facilitate seamless communication for businesses in today’s world. However, with the growing sophistication of cyber threats, the security of PBX systems has become a major concern. Securing your PBX keeps data safe and prevents unauthorized access to your communication.
We’ll examine PBX security, including threats and consequences of attacks, and ways to strengthen your PBX security. We’ll learn how terrible actors attack PBX systems with toll fraud, weak passwords, denial-of-service attacks, and exploiting outdated software.
Drawing on industry best practices and the expertise of security professionals, we will present a comprehensive guide on how to bolster the security of your PBX.
The topics will cover implementing access controls, encryption, security audits, and being aware of new threats.
By understanding the risks and adopting proactive security measures, businesses can ensure that their PBX remains a resilient and reliable communication platform in the face of ever-evolving cyber threats.
Currently, cloud PBXs are rapidly replacing traditional PBXs, but this transition poses an additional concern for the security of cloud PBXs.
When we select a PBX in the cloud or that will be exposed to the Internet, it is very important to consider the following security features.
Some PBXs only have 2 of these three features, which makes them less secure.
It is also very important that your PBX have the latest OS updates and use applications that are supported by the developers, which leads us to the following questions.
We ask these two questions because most Asterisk-based PBXs use PHP and Mariadb in their platforms.
A very simple test to determine what version your PBX has is to go to the console and run the following commands:
To see the PHP versión
#> php -v
To see the version of Mariadb
#> mysql –version
For OS version (For Centos)
#> cat /etc/readhat-release
No matter how up-to-date your operating system is, it is always necessary to have the supported versions of the work environment up-to-date. This is like in a house we close the door very well, but we leave a window open.
If in the case of PHP it returns a value less than or equal to 7.4, be very careful, your PBX is at high risk. To see more details about it, visit the following link:
https://www.php.net/supported-versions.php
Note from the PHP developers
“A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.”
PHP 7.4 reached its End of Life (EOL) on November 28, 2022.
If in the case of MariaDB it returns a value less than or equal to 10.0, be very careful, your PBX is at high risk. To see more details about it, visit the following link:
https://endoflife.date/mariadb
Note from the MariaDB developers:
” MariaDB 5.5 reached EOL also means that the MariaDB Foundation will no longer release new versions for MariaDB 5.5 or even fix security issues. “
Mariadb 5.5 reached its End of Life (EOL) on April 11, 2020.
CentOS Linux 7 will reach end of life (EOL) on June 30, 2024.
See following link:
https://www.redhat.com/en/topics/linux/centos-linux-eol
Since Centos 7 is coming to an end in 2024, you can use PBXs based on Centos 7, but it would be good to check with the manufacturer if they have plans to migrate to another operating system.
In order to install an SSL certificate, it is necessary or recommended to have a valid domain or subdomain published on the Internet, otherwise the certificate cannot be verified and will not work as expected.
On the other hand, we tend to believe that our PBX is secure if we install a certificate and force the connection to HTTPS.
This is a good practice since it adds an additional touch of security, however, we must always verify if we really have the security we are looking for. For which we go to the next page and perform the test.
https://www.ssllabs.com/ssltest/index.html
If you get a result lower than B, we recommend you follow the instructions explained there to make your PBX more secure.
If your PBX has versions that are no longer supported by its developers, definitely every day that passes your PBX runs a risk, if any of these versions had a security problem, it would not be repaired by the developer.
We strongly recommend using a firewall whitelist at least for web access. If you don’t use a firewall whitelist for SSH, then changing the port from 22 to an obscure number is an absolute must because sometimes Fail2Ban is not effective in blocking attacks from some high powered servers like Amazon. PHP and MySQL versions are less important if you have a whitelist that completely blocks all but a handful of trusted users from web access to your server.
To modify Port 22 follow the steps below:
Once again we recommend that you be very careful, even if they tell you that your PBX is secure, check that it has versions supported by developers, integrated firewall, intruder blocking, change the SSH port and of course use white lists and Geo Firewall.
Remember, security is an ongoing process. Stay informed about the latest threats and security best practices to ensure that your PBX in the cloud is adequately protected.
We’re thrilled to share a series of updates and improvements we’ve rolled out to ensure that your experience with our communication solutions is not only
The VitalPBX team is thrilled to announce the rollout of VitalPBX 4.1 R1, a significant update that brings cutting-edge features and improvements to your communication
PBX System Recognized for Industry Innovation Miami, Florida, 02/27/24 — VitalPBX announced today that TMC, a global, integrated media company, has named VitalPBX Unified Communications
VitalPBX provides a robust and scalable platform, which will allow you to manage your PBX in an easy and intuitive way.
