You might think that cyber attacks only happen over the internet to large organisations and nation states, but smaller businesses and organisations are just as vulnerable. More so with the Russian invasion of Ukraine. 

And it’s not just servers and computers that are at risk. The internet of things includes all of the devices that you take for granted including your mobile devices like phones, smart watches, even central heating. And they could all provide access to your business systems. Your VOIP telephone system is an online system that should have the same attention to its security as everything else.  

If your VoIP phone lines are not protected, VoIP business phone systems could be vulnerable to on-line attack. This could allow hackers to gain access and be used by somebody else, at your expense.

Hackers use automated tools (bots) that cruise the Internet ‘phishing’ for VoIP phone systems that react to queries on SIP communications port 5060. When they find an Internet address that responds, they will bombard that address with other tools designed to look like the valid registration of a VoIP phone extension. 

Hackers will use your VoIP service to create a call route using the trunk lines of your phone system. That means that they can connect calls to anywhere in the world at your expense.They’ll do this by hacking an extension or SIP trunk registration.

VoIP telephone systems and VoIP securityVoIP Security: What are the security measures that we use to secure your 3CX and Yeastar VoIP telephone systems?


Foxhall Solutions install Draytek routers to connect 3CX systems to SIP Trunk services provided by different ‘Telephony Internet Service Providers’ [TISPs]. We create a Firewall filter rule that blocks port 5060 enquiries from any Internet address other than our TISP partners. This is also applied to any valid extensions at remote home or branch offices. 

This helps make your phone system ‘invisible’ to those phishing bot’s and puts an effective barrier in place to stop most attacks. Without filtering, the hackers are still bashing at the door and trying to pick the lock. With the filtering in place, they just can’t find the door!


3CX & Yeastar extensions are created with registration passwords and voicemail PIN numbers that are by default, randomly generated alphanumeric characters. Both can be manually replaced by longer and more complex passwords if necessary. 

Any hacking tool must make a lot of registration attempts to get anywhere near a valid registration password, making it easy to block after, say, 5 failed attempts.

International call-block

Part of a 3CX install, is to determine which International countries you need to call. Those ISD country codes can be white-listed and allowed, while calls to any non-selected countries will be blocked.

Network address

We also determine what local and public network IP addresses that calls will come from, and white-list those. For this reason, we recommend that remote extensions are on broadband services with static Public IP addresses (or connect in via Virtual Private Networks). 

3CX will automatically black-list and prevent access from Public Internet IP addresses that meet the criteria set up in the Security module.


Anti-hacking timeouts are configured. We specify the number of failed Authentication attempts allowed, before the offending Internet address is locked out (and specify how long that lock-out is maintained). This module protects against Denial of Service attacks which use excessive packets of data per second. It utilises timers to ensure lockout after a minimal amount of fraudulent traffic is detected.

It’s also notable that our carrier partners do some basic traffic ‘quantity’ and ‘routing’ monitoring to detect unusual usage. It’s possible to have SIP Trunk channels blocked for outbound calls, based on detection of excessive or unusual usage.

It’s also important to have a comprehensive error message library that can push e-mail alerts out to system administration and support. These messages will provide information if hacking attempts are made, and if calls to unauthorised numbers or countries are attempted from an extension.

In the past, we have seen phantom calls arriving on remote extensions due to the phones themselves reacting to ‘phishing’ on port 5060‘. 

Our phone-set partners Yealink have removed this problem with a feature to allow us to instruct the phone to react to SIP protocol from your phone server only. If you are really worried about calls to remote extensions being intercepted and monitored, we can apply Secure SIP (TLS encryption), to and from those extensions. As a final layer of protection, even though it is not exposed to web browsing and e-mail, we also install an anti-malware product (e.g. Avast!) on your 3CX server.

Due to their nature, VoIP phone systems must have access to the Internet. However, there are a lot of security facilities that can be built into these systems by responsible software developers. When you choose a new phone system you should ask your system supplier how your phone system is being protected. With 3CX & Yeastar, we have you covered!

Contact Foxhall Solutions – 01787 228 402 – to find out more about VoIP security, and how we can deliver and secure your VoIP telephone system.