Best Firewall to avoid hacking UCM6408?

physical-security

#1

Hello, folks,
My first time in this forum.

I have read in several forums in here, that the UCM security depends on the configuration and the firewall. Ie, for avoiding hackings.

Could some of you guys recommend me a robust and proof efficient Phisycal Firewall to set it up in my end user network to avoid this issue (if possible mencioning Brand Name and Model Number)?

I am located in Mexico city.

Thanks a lot!

Serge.


#2

Look into pfsense. But just as important as a firewall, you should also take precautions on the pbx side as well. Change your SIP port, lock it down to specific IP’s, enable fail2ban, use complex passwords for your extensions, etc etc.


#3

I use a combination of Mikrotik, Grandstream 7000’s, pfsence, Watchguard, and Sonic wall. Sometimes I have no say due to existing IT.

Really, it depends on the customer. I 100% agree with @Sifter that, regardless what firewall, you need to use complex passwords, non-standard ports, fail2ban, and also stay on top of firmware updates. Mikrotik had a number of security issues over the last year but all were promptly fixed via firmware update.

The Grandstream and Mikrotik firewall are akin to an alarm system. Set and forget but nothing is intelligently watching and alerting.

Pfsence, Watchguard, and Sonic wall (I don’t like Sonic wall) at least offer options, some paid license, that more akin to a guard walking around looking for problems.

Pfsence is open-source so you can build your own device. Also, you can buy premade pfsence appliances at a reasonable price.