In the past most telephone hackers have been based abroad, registered a device on your phone system and overnight / over the weekend made thousands of calls, many simultaneously to premium rate international numbers. Come Monday morning your call provider alerts you to this and then presents you with a bill for thousands of pounds.
Recently we have found that hackers are now exploiting premium UK numbers as well.
Our providers use a few tricks to help keep you safe, one puts a cap on your bill and warns you / blocks any more calls when that amount is reached. They also let you set a maximum cost for the first minute of the call, as this protects you from high connection as well as per second charges. The other looks for repetitive International calls, and then blocks the line for a given time.
Get us to Call Bar International numbers starting 00 – we can then allow specific countries / numbers that you need to call
Get us to Call Bar expensive UK numbers i.e. 070, 087, 09
If your system supports dial 9 for an outside line, then Call Bar 9070, 9087, 909
Hacks predominantly happen out of hours, so we can load some call cost data and put a limit of say £10 worth of calls then the SpliceCom SV1000 will Call Bar the lines when that amount is exceeded out of hours say between 7pm and 7 am
Sometimes they just make long expensive calls, with the cost not being calculated until the end of the call, when the damage has been done. Another feature of Vision is that if a call is more than say 2 hours
it can drop the call, if it was an expensive one at this point the £10 block will stop it being dialled again.
Splicecom have designed in some security features:
When Yealink phones are auto-provisioned by your SpliceCom SV1000 it issues them with a certificate that is unique to that system, then the phone can register using secure SIP on port 5061 and the
system knows it's a trusted device. Without the certificate SIP phones can't register
If you have a fixed IP address then the SpliceCom SV1000 will only let the phone connect and as well as the user name and password
The SpliceCom Navigate Pro or PCS60 softphone on your PC or MAC uses the non-standard port 5000 as well as being SpliceCom proprietary software so only SpliceCom devices will work
Being a non-standard port, phone system hackers aren't looking for port 5000 and SIP hacking tools can't connect to the system via this port either
Each computer that wants to connect as a softphone has to have its MAC address accepted by the system before it can make calls, again stopping a computer from forcing its way in using the
SpliceCom specific port
The iPCS app on your smartphone also uses the non-standard port 5000, limiting your remote staff to just Navigate Pro softphone, PCS 60 softphone or iPCS means only one port is open to remote attacks
Normally the phone system ports are locked to just the exchange and support team, once you have people working remotely they need access. If they don’t have a fixed public IP address then those ports should be restricted to just UK IP addresses and the countries needed for those working away while on holiday / International staff. There is however a catch, some ISPs are running out of IP addresses so they have bought in blocks of IP address from other countries, so your staff could be blocked - be careful.
In a Draytek, set the following up as individual Object Settings 🡺 Service Type Objects:
|Secure Centralised Partner||4018||TCP/UDP|
|Secure SSL / TLS Gateway||5000||TCP/UDP|
|SIP & Secure SIP||5060 - 5061||TCP/UDP|
|Secure RTP||6900 to 10899||TCP/UDP - these ports should now be removed from the Splice Exchanges list, see SIP / RTP tab|
Add all the individual Service Type Objects into a single "SpliceCom Ports" Service Type Group, then set the following Firewall filters:
Then create the next rule as: