CALL NOW: 403.451.1400

Email us : 

Resources

Other Interesting Stuff

Latest News

  • Mobile Manners

    2643 hits
    I came across this interesting article which discusses Cell Phone Etiquette around the world. Worki...
  • Spring's a-Ringin'

    5657 hits
    Even though it is the middle of January here in Calgary, with the recent warm weather, it has certai...
  • PBX Hacking

    4853 hits
    A client of ours recently moved from a self hosted to cloud hosted PBX solution. We helped in the m...

A client of ours recently moved from a self hosted to cloud hosted PBX solution.

We helped in the migration of the new PBX and were still in the process of moving everyone over, when we were informed by the provider, that someone was attempting to make calls to known hacking test numbers. No calls were actually made, but the alarm had been tripped.

Bill Shock

We discovered that an extension had been compromised and was registered to an IP address outside of North America. We were using very strong SIP secrets and doubted that the secret could have been guessed or brute forced in the short time that the PBX was operational. How was this extension compromised?

 After investigating further, we found that one of the employees had connected their phone directly to the internet and not behind their router as recommended. This allowed an unknown person to access the phone's configuration, with all details and passwords via a vulnerability in the phone's web interface.

From this, we can reiterate our advice...

- By default block all inbound traffic to your cloud hosted system

- Only allow specific, known IP addresses to access your system

- Use access control lists in the PBX wherever possible

- Have a system for monitoring and detecting abnormal activity

- Keep all components up-to-date, including phone and PBX firmware

 

If you have been hacked or are concerned that your system has been compromised, give us a call to help!

 

 

 

Navigation

Contact Us

 Email: 

Phone: 403.451.1400

  •    We received five competing quotes before moving forward with eGuest, and found Martin’s solution was the best combination of service, insight and price!...

    Andy Feltmate, PBS
  •     "I would recommend eGuest to any company looking to improve their telecommunications infrastructure.”...

    Andy Feltmate, PBS
 

Custom CSS