|Security considerations for Callcentric customers|
Your calls and login process for Callcentric are very secure. To login to your account you will need to enter your information on our secure HTTPS portal (https://my.callcentric.com). This information is encrypted and is not sent in the open.
Calls are made with the SIP/2.0 protocol which is built to work with point to point connections. Essentially your call authentication information is only sent between your VoIP equipment (hardware or software) and Callcentric and is encrypted.
|How can I be sure?|
To further protect yourself there are a few steps you may take with your Callcentric account. The information provided below is provided to assist you in both securing your end and protecting your account(s) with Callcentric.
Choose passwords which are not easy to decipher when opening your account. You may use a random password generator, such as the one found here. In addition to choosing a secure password for your Callcentric account you will want to make sure that your email password is also secured. You may change your web login password and/or phone password at any time here.
For users using devices/software requiring login, a secure password will also help. Most notably users using PBX software such as Asterisk, pbxnsip, 3CX... etc will definitely want to ensure they are using complex passwords as PBX systems are common targets for third parties to hack and use for fraudulent purposes. Weak passwords are the most common way a PBX extension(s) can be compromised and used for calls that will be charged to your Callcentric account.
We are not responsible for unwanted access to software or hardware, and calls made from these software and hardware, on the user's end.
Restrict calling areas
If you only call certain countries or areas of the world from your Callcentric account we suggest you disable calling to areas you either never or infrequently call. You can configure within Preferences under the setting "Allow calls" to allow calls "Everywhere" in the world (no restrictions), or you can choose to only allow calls to specific countries and/or regions of the world. For example if you never or rarely call anywhere in Africa you can choose to disable calls to all of Africa. When calling a region/country that has not been allowed you will be directed to an error message stating calls are not enabled to this area.
We strongly recommend customers using IP PBX's (such as Asterisk, 3CX, pbxnsip, etc) only enable calling to areas/countries you actually call as a fraud control should your IP PBX be compromised. This will in many cases prevent expensive calls from being placed on your Callcentric account should your IP PBX be compromised, as most fraudulent calls are placed to generally expensive and frequently un-called areas of the world by most of our customers.
Most users today use routers to access the internet. While this may be advanced for some users we highly recommend that you check the basic security settings for your router to make sure that remote login is not enabled and, if it is, that it is secured with a strong password.
Remote access may also be investigated to make sure that only the wanted users have access to make changes and actually login to your network. A secure network will also lead to less worry, and not just with Callcentric.
Finally for some users, mainly users of PBX systems such as 3CX and especially Asterisk based systems, unwanted access should be a top concern. In general if you do not have a basic understanding of networks and authentication it is highly recommended that you speak to a professional or someone with more experience in these fields in order to make sure you are using the correct solution for your needs.
The list below provides some information which will certainly be beneficial in these cases:
NOTE: Some of the information below may be too advanced for certain users. If you do not understand the information below then we highly recommend visiting a forum or speaking with someone more familiar with these concepts.
- Use port security options, such as fail2ban, portsentry, portmap...etc to secure local ports and monitor for unwanted traffic
- Use firewalls to secure the system locally by limiting access for the services you actually need to run on your system
- Blocking ports at the gateway/router level can also provide extra security for your network and is recommended
- Block services which are not being used using xinetd.conf or inetd.conf
- Properly secure ssh, ftp and/or telnet services to prevent unwanted access
- Make sure the sudo command allows access to only the necessary users. This is done in the /etc/sudoers file on most unix systems
- Make sure that the root account is secured and if necessary is disabled in favor of a user who can use the sudo command
- Check your running services and disable any unneeded services. For example if you do not need an ftp server you may want to disable it
- Make sure that local extensions on your PBX have secured passwords to prevent easy access
Callcentric services have proven to be among the best offered on the internet. We take pride in knowing that our clients have found what they are looking for.
As such we believe that any single Callcentric client should be able to trust that we can deliver the features and services they need as well as believe that the client can access their accounts and use their software or hardware without any serious concern. We do hope that the above information has helped you secure your initial account options and welcome you to contact us if you have any further questions or issues.