Security Configuration Guide for New Rock OM Series IP-PBX

Update Time：2017-06-19 15:23:28　Browse Times：3596　Amount Downloads：1

Safety and security are the primary concerns, when the OM device is deployed in a public network. Malicious users are extremely dangerous for they are trying to steal your account information or even remotely gain access to your device and control it.
This document describes how to configure the OM device to protect against malicious users.
You are strongly recommended to follow the procedures below to protect your device.

Configuration Procedures

1.Make sure to change the default web GUI password after the first login
Modify the default web GUI password for both administrator and operator, and improve the password strength to reduce guessing or brute-force attacks.

OM configuration page: go to System tool > Change password

To improve the password strength, you should use a complex password combination. For example: you can use the device MAC address which can be found on its printed label at the back of the device as the new password (shown below is 000EA92D01B2).

2.Make sure to change the default SIP port number
Modify the default SIP port number (5060). You can set any number within the port range (1-9999).

OM configuration page: go to Trunk > IP trunk

3.Make sure to change the password for each IP extension
Modify the password for each IP extension. Set a combination of letters, numbers and special characters (6 to 16 characters) to strength the password, such as 447669newrock%^&.

OM configuration page: go to Extension > IP

4.Make sure to enable the white list to access web service on the device
Enable the white list function and specify the source IP addresses that are allowed to access the device through Web GUI (HTTP/HTTPS).
Note that once this function is enabled, only addresses specified here are allowed to access the device through Web GUI, so make sure the IP address you are used now to configure the device is contained in the list.

OM configuration page: go to Advanced > Access list

5.Make sure to change the web server port number for HTTPS/HTTP
Modify the default web server port number for HTTPS/HTTP (443/80). You can set any number within the port range (1-9999).

OM configuration page: go to Advanced > Security

6.Make sure to disable Telnet and SSH services on the device.
Disable the Telnet and SSH services on the device. By default, the Telnet service is enabled.

OM configuration page: go to Advanced > Security

7.Make sure to block the inbound Ping request on the device
Block the inbound Ping request on the device. By default, the inbound Ping request is unblocked.

OM configuration page: go to Advanced > Security

8.Make sure to properly set the voice security level and its functions
Set properly the voice security level and other functions accordingly. It is recommended to set to Middle level.

OM configuration page: go to Advanced > Security

Level: If the security level is set to Middle, the device prohibits registration of an intranet IP extension whose SIP port number is greater than 10000 and the registration password is the same as the extension number. It also prohibits registration of an external IP extension whose registration password is the same as the extension number.
Prohibit the outgoing dialing by IP extension on public network: the IP extension on public network is only allowed to call extensions, when you enable this feature.
User-Agent header fields: Please enter the User-Agent headers of the terminals allowed to register with the device, separated with a comma”,” for multiple terminals.
Limit the number of authentication failures: When the number of authentication failures of the IP extension exceeds the specified threshold, the device will reject the registration request by the IP extension. The IP extension is allowed to register with the device only after the IP address of the extension is changed or the device is restarted.