Importance of Firewall in PBX server

VoIP is becoming the lifeline for most businesses when it comes to communicating with clients or having internal team interactions. Not only do they save money on the calling and equipment costs, but also offer multiple features such as follow me, call hold/forwarding, call transcription, call barge, real-time analytics, etc. All you need is an internet connection with decent bandwidth, a microphone and earpiece-enabled devices, and a PBX server for smart call management.

However, the internet is full of people with ill-intent and wrong motives who are waiting to find a backdoor vulnerability to hijack the PBX servers and misuse it. Hence, maintaining a secure PBX server is of utmost importance. We shall be looking into the importance of adding a firewall to the PBX server.

What is Firewall for the PBX server?

A firewall, in general terms, is a module whose purpose is to monitor the incoming and outgoing traffic across a network and quarantine any irregularities. VoIP phones use the internet connection of an organization to send and receive voice calls in form of data packets. So, it is prone to DOS attacks as well as brute force attacks unless you have a firewall in place when data packets from a private network are sent across the internet. Firewalls are the first line of defense for your network, protecting it from incoming traffic from outside networks (usually the Internet). This is especially vital when you have a multi-tenant PBX solution.

The firewall for the PBX server tends to compare the web traffic against a connection log placed in ‘fail2ban’ and ‘IPTables’. The log can be updated automatically by filtering out malicious IP addresses or by manually adding the IP tables to the log. Additionally, you can configure individual IP bans for different servers.

Consequences of not having a Firewall system

  •  High phone bills, because others use your system and let you pay for their calls
  •  The system gets “taken over”
  •  Passwords get sold (for example for provider & e-mail accounts)
  •  Call-through and fax devices are used for spam
  •  The system is used as a spam distributor
  •  Trojans/Viruses are installed
  •  Additional IT systems get infected (for example the internal network)
  •  Negative impact on your customer relations
  •  Excessive DOS attacks put additional load on your server
  •  Business comes to a stand still if server overloaded

VSPL’s FusionPBX Firewall System

Most PBX servers such as FusionPBX, or FreePBX offer a command-line option to add malicious IP addresses to the ‘fail2ban’ and ‘IPTables’. This might be a slight inconvenience for someone non-technical. VSPL’s FusionPBX Firewall System is an attempt to make it accessible for everyone. It has a user-friendly UI and is compatible with most of the PBX servers.

FusionPBX Firewall System

The GUI can be deployed and configured on any PBX server in no time. Moreover, you can create individual jails for different purposes and manually add banned IP addresses for each jail. Some of the other features in the Firewall Management menu include:

  1. Ban IP from the Firewall Management menu for any Jail. Just select jail from the Drop-down and add IP.
  2. View the banned IPs
  3. Remove IP from the REJECT list
  4. IP Whitelisting
  5. Revoke IP permissions from the ACCEPT list
  6. Email notifications to admin on access from banned IPs

If you are interested, need more information, or need a live demo to understand our product, let’s get in touch.

Author: sandippatel