Release & Upgrade
NeeHau Client V2.0.0.23 (with OM20/20G/50/50G)
OM20G V177 P2
OM50G V177 P2
OM80E V177 P3
OM200G V177 P3
MX8G V367
HX4G V367
OM20 V134.P4
OM50 V134.P4
OM500 V121.P3

FAQ
Analog VoIP adapter
Can voip phones be used at home?
Are VoIP calls secure and can the call be encrypted?
How SIP works in the VoIP Gateway
General
Network and Improper Operation
Configurations
Voice Quality
Firmware Upgrade

Application Notes
How to Integrate MX Gateway with OM IP-PBX
Interconnect Two PBXs with FXO Gateways
Interconnect Two or More Extension Lines with FXS Gateways
Connecting MX100G-S SIP-ISDN Gateway to Elastix
Connecting MX100G-S SIP-ISDN Gateway to Asterisk
Expanding PBX Extensions to Remote Sites through IP Network
Multi-site Configuration for Gateways with Analog PBX
How to Troubleshoot Caller ID Detection Issues on FXO Port
Security Configuration Guide for New Rock OM Series IP-PBX
Connecting FXO Gateway to Asterisk
Connecting FXO Gateway to Elastix
Tie Trunk Configuration for OM with Elastix

Training Materials
What is VoIP gateway?
What’s the Difference between VoIP Gateway and SIP Trunk?
Smart Switchboard Introduces Exclusive Premium Customer Services
What's the Difference Between VoIP Gateway and ATA?
What's the Difference Between VoIP gateway and SBC?
New Rock’s New Gateway Security measures
Global VoIP Gateway Service Provider
How to Setup VoIP Gateway - A Complete Installation Guide
What is HX&MX VoIP Gateway Default Password?
Auto Provisioning
Six Practices for Audio Security
“PSTN failover” - Strong Support for High-availability IP Audio Communications
New Rock IP-PBX: Your All-In-One IP Office Telephony System
Connecting E1/T1-Based PBX to IP Telephony Networks
Popular IP-PBX Features Favored by Highly Efficient Officers
Five-star Customer Services
Top Three Advantages of Gateways with Imbedded VPN Clients
Low-Cost, High-Quality Gateway
Smart FoIP
Two Typical Applications for Telephone Networks
IPv6’s Top Three Advantages in VoIP Applications
MX100G-S SIP-ISDN Trunking Gateway Training
MX Series VoIP Gateway Training

Demo

Installation & Maintenance
IP-PBX Installation (Video)
OM20G&OM50G Quick Installation Guide
OM80E Quick Start Guide
OM200G Quick Start Guide
OM500 Quick Installation Guide
HX4G&MX8G Quick Reference Guide
MX60E Quick Installation Guide
MX120G Quick Installation Guide
MX100G-S Quick Start Guide
SX3000 Quick Installation Guide
PT2400 Quick Installation Guide
PT4800 Quick Installation Guide

Others
Manuals
Datasheet
Marketing Materials

Videos
USER EXPERIENCE IMPROVEMENT INITIATIVE
USER LICENSE AGREEMENT
用户许可使用协议
用户体验改进计划
Are VoIP calls secure and can the call be encrypted?
Update Time:2020-08-04 11:23:36 Browse Times:150 Amount Downloads:1
Why VoIP security matters?
Now that VoIP is gaining wide acceptance and becoming one of the mainstream communication technologies with its various pros, an attacker would love to exploit your VoIP network when you’re not looking. Security is becoming essential to every business. Your VoIP security can be hacked easily no matter you have a large organization or a small business. Businesses make and receive confidential phone calls all the time, with confidential details among some of the sensitive data users share. A disruption to your phone system would be nothing short of catastrophic.
Can VoIP be hacked?
There are some common VoIP security threats.
Toll Fraud
A common attack against business phone systems where the malicious agent attempts to gain access to your long-distance, toll-bearing trunks. If the attacker is able to make calls using your long-distance account, they can make calls for free, while you are left liable for the fees.
Phone System Exploitation
Hackers can gain access to a phone system via endpoints by either exploiting vulnerabilities in the unprotected system or using software to crack the system administrator’s credentials. These credentials give unlimited access to system functionality and stored information.
Denial of Service (DoS)
An attack which compromises your system in such a way that it is inaccessible to users. DoS attacks can target specific services such as access to remote UC features and the ability to dial out trunks – or even bring down your entire system.
Social Engineering
A social engineering attack occurs when a malicious agent is able to gain access to your system by fraudulently networking with your staff. For example, an attacker may pretend to be a member of your IT department in order to obtain network or endpoint access.
Man in the Middle
This attack occurs when your encrypted traffic is intercepted. While your services appear to be working normally, if the attacker can intercept authentication credentials, they can use this information to perform a DoS or Toll Fraud attack or gain access to privileged information.
Is VoIP secure?
So, is VoIP secure? Yes, VoIP can be secure. In fact, VoIP can be more secure than traditional telephony. However, depending upon your provider’s set up and your own, some VoIP calls may be more secure than others.
Are VoIP calls encrypted?
There are the ways for VoIP encryption.
VoIP call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call. 
All IP-PBX and VoIP communications must have some in-built encryption so that your communication and collaboration setup is all the more reliable, strengthened and most importantly, secure.
Ask your VoIP provider about call encryption to ensure your SIP devices can use TLS and SRTP.
Let us have a look at two ways of VoIP encryption:
1 .One option is SIP Signaling Encryption using Transport Layer Security (TLS). With this setup, all the information is passed on from the client to the server. TLS which needs a secure certificate to identify each side, is used here for SIP signaling payload encryption. 
2. SRTP (Secure Real-Time Transport Protocol) is the secure version of RTP. It is used to deliver audio and video over IP protocol with encryption, message authentication and integrity. To strengthen the security and VoIP encryption methods, TLS should be used with SRTP on all VoIP systems. This ensures SIP signaling and voice/video sessions are end-to-end encrypted and safe from any malicious activity. 
How we reduce the risks in the New Rock VoIP gateway setting?

1. Pay attention to alerts and alarm levels on device (HX4G,MX8G,MX60E and MX120G)web GUI. The administrator can see the total number of security incidents after logging in the device, click the Basic > Alarms to view the details. After confirmation, the entry will not be displayed.

2. Change the default Web password for the device.
Note: The operator password cannot be the same as the administrator password.
3. Change the default SIP port for the device.
4. Check the anti-brute force mechanism including CAPTCHA for logging into Web GUI limiting the number of login attempts, and access whitelist of trusted IP addresses.
Main manifestation: The same attack source IP address are made to the Web GUI or SSH in a short time. The IP addresses whose login attempts exceeding the specified limit will be added to the locked IP address list with the locked time which can be set by minute or hour or day.
5. Disable the Telnet and SSH services on the device.
Note: You need to set root and operator password to access SSH.
6. Block the inbound Ping request on the device.
Note: Ping is allowed by factory default but it is recommended to change, as the hacker could trigger an attack if he detects an address.
7. Added restrictions on special number of roads.
8. Let the operator open only those international call areas that need to be opened.
9. Check the voice security configuration
Note: When the gateway cannot call outside, first check whether the connection is normal(as long as there is a FXO connection, the defense mechanism is effective) , then examine the configuration.
10. Set the access whitelist.
11 .Change the http and https port.
12. Configure static defense.
Notes: ①Multiple rules can be added and working from the top down.
②Individual IP address of IP address segments can be configured but domain names are not supported.
③Configuration protocol types are optional including TCP,UDP and any.
④The local port can be configured in the range 0~65535.
13. Configure dynamic defense.
14. Enable TLS and SRTP encryption.
Notes: There must be a supported device or soft switch in the environment.
It is recommended to force TLS encrypted signaling and SRTP encrypted voice to be selected and to be checked/enabled on the line because it is disabled by default.
15. Establish a VPN connection.

Leave a Comment

Fill in your info. and we're ready to answer your questions.
We will do our best to contact you as soon as possible. In the meantime, please email us or contact a New Rock partner for more information.
Thank you for your interest in New Rock.
About New Rock
Corporate Information
Honor
Contact Us
Partner
Partner Benefits
Join the Program
News
Latest News
Industry Insights
Announcements
Support
Release & Upgrade
FAQ
Application Notes
Training Materials
Demo
Installation & Maintenance
Others
Videos
Contact Us

 +86 21-61202700

 global@newrocktech.com
     5/F Block B, Building 1, 

     No.188 Pingfu Road, 

     Xuhui District, Shanghai

     200231, China