VoIP and General IP Security

All Nehos Voice accounts have a number of security mechanisms to prevent or minimise exposure of unauthorised use. It is highly recommended and the account holders responsibility to use the tools provided to “lock down” your account. These tools include:

    • Account credit limit (set by Nehos) based on an assessment of your use and requirements. This limit should be custom for you’re monthly needs. These can be reduced or increased as required. Please contact us via email at accounts@nehos.net
    • International daily call limits are enforced on each account. This should reflect your given maximum you expect in any 24 hour period. The default is $0 per day (the balance and can be changed by the logging in to your Nehos Customer Panel under the Admin tab. Note any changes are not effected until 03:00 the next morning.
    • International Simultaneous call limits can be set also. This restricts the number of International calls that can be made at any one time. Default is 1. e.g if set to one then only one international call can be made at any one time.
  1. International call control – this is set by default – calls are limited to a set destination list from within the client panel based on international destinations you normally and authorise/expect to dial. If you do not edit the list and select the required destinations all international destinations will be disabled. Most toll fraud breaches happen to international destinations not normally called by you. If you do make International calls we strongly recommend keeping all allowed International destinations blank/unchecked. Else “Edit allowed international Destinations” and select ONLY the destinations you expect to call.
  2. Every SIP account has tools to lock calls to a single IP address. To do this:
    – login to your Nehos Customer Panel
    – click Services– click (Manage) Extensions
    – click Edit on an Extension
    – scroll down to Advanced Options
    – enter your public IP to limit calls to only your static IP address
    – click Submit
  3. All SIP account/user passwords should be a minimum of 6 chars and least 1 number and upper case letter and not be based on a dictionary word.- login to your Nehos Customer Panel
    – click Services
    – click (Manage) Extensions
    – click Edit on an Extension
    – scroll down to General Configuration
    – enter your complex password
    – click Submit

The customer panel employs industry standard SSL encryption. All correspondence and account changes should be done in the customer panel to encrypt communications over the internet.

Phreaking also known as Toll Fraud

Australian Police state “Telephone carriers are not liable for toll fraud call charges as it is the responsibility of each customer’s IT consultant to secure their system as they would secure their internet connection and local area network from outside intruders”. This also extends to use of your SIP/IAX accounts outside or inside of your network.

Whilst we provide all of these security features it is the customers responsibility for implementing, maintaining the security of their account, usernames and passwords, equipment and network.

The customer is liable for all unauthorised call charges on their account.

Please see additional information in our Terms & Conditions.

Recommended Additional Security Precautions

Modem/Router Security
Change the default ‘admin’ password and replace it with something complex. Once you have done that, document it and then store it in a safe place.

Disable remote access
If you aren’t planning to use this then make sure it is disabled. If you do, then configure your firewall to restrict access from trusted sources only.

Wireless networks
For best practice / restrict those that can use your internet – we strongly suggest that you:

  1. If you aren’t using wireless then disable it. Not all routers will have it disabled by default.
  2. Hide your Service Set Identifier (SSID). This is the network name that shows up when someone looks for available wireless networks to connect to. If you hide it, then no one will know that it is there. If you can’t hide it, then change the default SSID to a unique name.
  3. Use WPA2 encryption. This is currently the most secure and recommended way of protecting your wireless network.
  4. Use MAC address filtering (very strict). Using this you can limit access to your wireless network by adding trusted wireless devices to a permit list.

Configure and use a Firewall
Firewalls help protect against malicious software and prevent people from traveling through your internet connection to compromise your local network by limiting which ports can be used, from what source IP address, and what type of traffic. It’s recommended that you start with a block-all policy and then add rules to allow access from trusted or known sources.

Install and use a credible Anti-spyware / Anti-virus software
Spyware can present a major problem, especially in the form of key loggers that steal your passwords. Make sure that your anti-virus and anti-spyware definitions are kept up-to-date and run regular full system scans. Beware / scan all external hard drives and USB sticks, if brought in from outside these often circumvent all external security measures.

Keep your Operating System updated
Updates are critical to the security and reliability of your computer. Some of these updates address bugs and potential exploits in your computer so you should keep your operating system up to date to ensure you’re have the latest protection.

Common threats

  • Never open email attachments, email links or instant messages from people you don’t know.
  • Be careful about accessing your network from shared computers or public networks (wireless hotspots).
  • Be careful when web browsing. Downloading torrents or unauthorised versions of software is one of the easiest ways to undo your network security.

Related Post

NATNAT

If your equipment supports STUN then you should enable and use the following address for the stun server :  sip.nehos.com.au and port 5060 or cpbx.nehos.com.au and port 5060 Please note that our