The ultimate goal of most VOIP system hackers is to place calls using your system or passwords. This is not a new problem and is equally applicable if you have a traditional phone system connected to BT.
Should your phone system be compromised calls costing many thousands of pounds can be placed very quickly. The last line of defence should your system be compromised is to ensure that the damage is limited.
Where at all possible you should restrict access to the web configuration GUI. This will prevent your system being compromised should a new vulnerability be discovered in the web interface of Trixbox, Elastix, FreePBX, A2Billing, etc.
It is easy to restrict access to a fixed pool of IP addresses, or only allowing access via an SSH tunnel (useful if you don’t have a fixed IP). If you would like either of the methods below implementing on your SysAdminMan VPS please raise a support ticket.
If you have any more general security tips please get in touch via the contact form