The growing popularity of Voice over IP technology has lead to an increase in threats targeting the quickly growing technology. This recipe guides you through the process of ensuring the safety of your FortiVoice Enterprise unit (FVE).
Using a Firewall
The first line of security is to place your FVE behind a firewall, such as the FortiGate unit, which supports a lot of VoIP features like SIP message rate limit, content inspection, and intrusion detection.
Do not open static ports for media on the firewall. The firewall should only open ports that are needed for each conversation or demand. The firewall will open the single port for the FVE when needed and will close it when the VoIP call is terminated.
Restrict all non-administrative access to the FVE unit on the firewall. All unneeded services such as SSH, HTTP, HTTPS, SNMP, ICMP, and TELNET should be disable if possible. The less exposure to the internet, the less chance of a breach in security.
Hardening the FVE Configuration
The FVE features a variety of built-in security features.
Disable unnecessary access
- Go to System > Network > Routing.
- Double-click any public-facing interface.
- Deselect all check-boxes in the Access section of the Edit Interface panel.
- Select OK.
Restrict administrative access and remove unused accounts
- Go to System > Admin > Administrator.
- Create a new account or edit an existing account.
- Restrict all trusted host entries to administrative hosts on your trusted private network. For example, if your FVE administrators log in only from the 10.10.10.10/24 subnet, to prevent possibly fraudulent login attempts from unauthorized locations, you could configure that subnet in the Trusted Host #1, Trusted Host #2, and Trusted Host #3 fields.
- Enter a strong password and select OK.
- Remove any unused accounts.
Enforce stronger passwords by enabling all of the password options under System > Configuration > Options.
Configure trusted host extensions by going to PBX > User Privileged > User Privileged and entering your internal network.
Monitoring the System Operation
Monitoring the system for anomalies on a regular basis helps prevent unwanted intrusions and keeps the system safe.
- Monitor call records, system, and voice related event logs. Pay close attention to system login attempts in the system event log, CDR and call reports and SIP register attempts.
- Audit your password strength regularly. A weak password is the most common security vulnerability.
- Enable alert email by going to Log Settings > Alert Email > Configuration and creating a new email account to send alerts to.
- Back up configuration regularly.