20 February 2023
Cyberattacks on NEC Phone Systems and How to Stay Safe
If you have an NEC phone system, you may be at risk of a cyberattack. In recent times, there has been an influx of support calls due to major cyber-attacks and hacking attempts on NEC phone systems. It is essential to take preventive measures to protect your phone system from being compromised.
One of the main reasons for the attacks is that hackers try to dial into the system and make unauthorized international calls using your credit or expense. Fortunately, there are some best practices you can follow to secure your phone system and avoid getting hacked.
1. Turn Off UPnP on Your Routers
The first thing you should do is turn off UPnP on your routers. If you don't take this seriously, continued hacking attempts can cause your system to reset up to every 20 minutes. UPnP (Universal Plug and Play) is a network protocol that allows devices to automatically discover and interact with each other on the same network. However, it is a security risk as it can create a hole in your network firewall, allowing hackers to exploit vulnerabilities in your system.
2. Place Your Phone System Behind a Network Firewall
The NEC phone system should be placed behind a network firewall to limit unauthorized access to your system. All relative ports should be blocked from outside access, and only ports that are needed should be port forwarded to the phone system. Some ports that the SL2100and SL1100 use are:
- 5080- Register Port for NEC proprietary SIP Phones (e.g., the port used to connect an IP Phone over Nat)
- 5070- Register Port for 3rd party SIP (e.g., the port used to connect a uMobility client, VoIP Polycom, or an X-lite softphone)
- 5060- Default Proxy/Registrar Port for SIP Server (e.g., typically used for connecting SIP trunks)
- Port 80 (HTTP) for the WebPro Port, Port 8000 for the PCPro Port, and Port 5963 for the DIMM Port should all be blocked from outside internet access to ensure security. Avoid putting the phone system in the router/firewall's DMZ as it will allow your phone system to be visible to anyone running a port scan over the internet.
3. Change Usernames and Passwords
All usernames and passwords should be changed for maximum security. Usernames can be set for up to 10 upper case, lower case, and special alphanumeric characters, while passwords can be set for up to 8 digits using only digits 0-9, * and #. Avoid sequential numbers and mix in as many combinations of the allowed digits as possible.
Here's an example of an ideal username and password:
When changing the username and passwords, the changes should be documented and stored by the associate. These changes should also be provided to the customer for safe storage. If ports are going to be forwarded to the router for remote maintenance, then change the default well-known port numbers of WebPro and PCPro in programs 90-54-01 and 90-54-02.
4. Set Up Voicemail Access Code
All physical phone extensions that are in use should have a voicemail access code set up. Each time the user attempts to access their voicemail, this code will be needed. To set up the access code:
Press the Voice Mail soft key on each phone and follow the procedure below:
- Enter the Access Code to be stored
5. Apply International Toll Restriction
International calls can be a major expense for businesses. In some cases, employees may unknowingly be making international calls, which can result in hefty bills. Applying international toll restrictions can prevent employees from making international calls, saving the business money.
Here are the steps to apply international toll restriction:
- Determine which countries should be blocked.
- Contact your phone service provider to request international toll restrictions.
- Provide a list of the countries you want to block.
- Test to make sure the restriction is working properly.
6. Eliminate Unused Personal Mailboxes
Personal mailboxes are often provided to employees as part of a phone service package. However, many employees may not even be using these mailboxes. By eliminating unused personal mailboxes, businesses can save money on their phone bills.
Here are the steps to eliminate unused personal mailboxes:
- Determine which employees have personal mailboxes.
- Contact your phone service provider to request the removal of personal mailboxes.
- Provide a list of the employees who no longer need personal mailboxes.
- Notify the employees that their personal mailboxes will be removed.
7. Consider Softphones and Other Alternatives to Keep Your Company Safe
In addition to implementing the security measures outlined above, there are alternative phone systems that can help keep your business safe. One such option is utilizing Databox Solutions software, specifically VOIP Express. With VOIP Express, you can take advantage of advanced security features that help protect your phone system from potential threats.
Some other alternative phone systems you may consider include:
Softphones are software applications that enable you to make phone calls over the internet. They are especially useful for remote workers as they allow employees to make and receive calls from their computer or mobile device without the need for a physical phone. Softphones are easy to install and are typically more affordable than traditional phone systems.
2. Cloud-based phone systems:
Cloud-based phone systems, also known as hosted VoIP systems, are phone systems that are delivered over the internet. They offer advanced features and are more scalable and cost-effective than traditional phone systems. Additionally, cloud-based phone systems are typically more secure as they are maintained and updated by the service provider.
Phone bills can be a significant expense for businesses, but there are ways to reduce costs without sacrificing communication capabilities. By following the tips above, businesses can save money on their phone bills and allocate resources towards more important aspects of the business.
Databox Solutions offers various cost-saving solutions for businesses, including phone service packages that include local and long-distance calls, and advanced features such as voicemail-to-email, call forwarding, and conference calling.
Contact us to learn more about how we can help reduce your phone bills, keep you safe and improve your business's communication capabilities.
Disclaimer: While the measures outlined in this blog post can help improve the security of your phone system, they may not protect against all types of cyber threats. We recommend seeking the advice of a professional and implementing additional security measures as necessary to ensure the safety of your business communications. Databox Solutions does not guarantee the security or safety of your phone system or any other aspect of your business.