Companies are concerned about malicious parties eavesdropping on SIP signaling information, performing man-in-the-middle attacks that disrupt service or gaining unauthorized access to VoIP networks
TLS or VPN are good solutions with everything encrypted. However, they have issues of the manufacturer supports and the performance hit.
The Network Access Control Lists at the (ACL) should be a better solution. It will effectively prevent hackers to make calls from their network.
Features: 1: The ACL can be used to protect multiple objects, like User/Gateway accounts and AMI accounts. 2: It supports the vCloud multi-tenant environments, i.e. multiple ACLs should be supported and should be managed by either PBX tenants or the system admin with proper privileges. ACL rules should have state transitions. The possible states are: Pending|Approved|On|Off. For example: Any changes by a tenant will put the rule in Pending state; change to Approved after admin reviewed the rule; change to On/Off status when activation button clicked; 3: ACL rules are group into ACL rule sets. The rule sets can be turn On or turn Off all together by the system admin. 4: Any object have multiple ACL rulesets and any number of specific permit/deny rules in its ACL configuration. The ACL rules will be examed in the rule order in the Chain. For example: user account1 can have a ACL configuration like: acl = ruleset1 acl = ruleset2, ruleset3 permit = 60.33.55.0/255.255.255.0 deny = 60.33.55.1/255.255.255.255 5: The ACL rules can be changed on the fly. 6: The IP addresses obtain by the SIP registrar can be easily added into the ACL permit/deny rules.
« Go back