Securing your PBX
PBX phone systems are one the most attractive protocols that hackers are interested in taking advantage of. Why?.. Obviously free phone calls at your expense!
Here are some things to consider:
1) Turning on a firewall is useless unless inbound/outbound rules are configured properly, try to allow access only to specific I.P. addresses
2) Using DDOS protection apps like Fail2Ban can play a powerful role in securing your network and your PBX.
3) Use IP restrictions in your PBX, any good PBX has this option, if not get a different phone system
4) If your company offers a VPN......USE IT! Possibly have extensions register through it exclusively.
5) If this stuff sounds like a foreign language to you, make sure a professional configures your VOIP phone system.
Selecting A VOIP Service Provider
A good service provider could be a great resource in limiting the cost of an intrusion on your phone system.
1) Limit calls to only the countries you call.
2) Limit outbound calls to be approved only from your PBX.
3) Set a limit on auto-pay , so your credit card isn't billed without a limit.
4) Phone systems offer updates and patches it is important to apply these updates.
whether you host your PBX in the cloud or locally and you have remote extensions have a look at "OpenVPN" or "Soft-Ether" as a VPN solution.
While no plan is absolutely full proof it is important to take these extra steps to secure your phone system.