What can your Call Provider do?

Our providers use a few tricks to help keep you safe, one puts a cap on your bill and warns you / blocks any more calls when that amount is reached. They also let you set a maximum cost for the first minute of the call, as this protects you from high connection as well as per second charges. The other looks for repetitive International calls, and then blocks the line for a given time.

What can be done to secure my phone system?

Get us to Call Bar International numbers starting 00 – we can then allow specific countries / numbers that you need to call

Get us to Call Bar expensive UK numbers i.e. 070, 087, 09

If your system supports dial 9 for an outside line, then Call Bar 9070, 9087, 909

Hacks predominantly happen out of hours, so we can load some call cost data and put a limit of say £10 worth of calls then the SpliceCom SV1000 will Call Bar the lines when that amount is exceeded out of hours say between 7pm and 7 am

Sometimes they just make long expensive calls, with the cost not being calculated until the end of the call, when the damage has been done. Another feature of Vision is that if a call is more than say 2 hours it can drop the call, if it was an expensive one at this point the £10 block will stop it being dialled again.

Securing the Splicecom SV1000

Splicecom have designed in some security features:

• When Yealink phones are auto-provisioned by your SpliceCom SV1000 it issues them with a certificate that is unique to that system, then the phone can register using secure SIP on port 5061 and the system knows it's a trusted device. Without the certificate SIP phones can't register
  

• If you have a fixed IP address then the SpliceCom SV1000 will only let the phone connect and as well as the user name and password
  

• The SpliceCom Navigate Pro or PCS60 softphone on your PC or MAC uses the non-standard port 5000 as well as being SpliceCom proprietary software so only SpliceCom devices will work
  Being a non-standard port, phone system hackers aren't looking for port 5000 and SIP hacking tools can't connect to the system via this port either
  

• Each computer that wants to connect as a softphone has to have its MAC address accepted by the system before it can make calls, again stopping a computer from forcing its way in using the SpliceCom specific port
  

• The iPCS app on your smartphone also uses the non-standard port 5000, limiting your remote staff to just Navigate Pro softphone, PCS 60 softphone or iPCS means only one port is open to remote attacks
  

Block more with your firewall

Normally the phone system ports are locked to just the exchange and support team, once you have people working remotely they need access. If they don’t have a fixed public IP address then those ports should be restricted to just UK IP addresses and the countries needed for those working away while on holiday / International staff. There is however a catch, some ISPs are running out of IP addresses so they have bought in blocks of IP address from other countries, so your staff could be blocked - be careful.

In a Draytek, set the following up as individual Object Settings 🡺 Service Type Objects:

Add all the individual Service Type Objects into a single "SpliceCom Ports" Service Type Group, then set the following Firewall filters:

Then create the next rule as: