Security Overview
Yeastar P-Series PBX System provides robust security options to ensure a secure and reliable phone service to your business operation, such as static defense rules, auto defense rules, IP blocking and so on.
Static defense
Static defense rules are used to control and filter traffic sent to the PBX by IP address, domain, or MAC address.
Yeastar P-Series PBX System has default static defense rules to ensure the communication among Yeastar server, Yeastar P-Series PBX System, and devices in your local network.
By default, the PBX always accepts connections from the following addresses:
- Local network
- 10.0.0.0/255.0.0.0
- 172.16.0.0/255.240.0.0
- 192.168.0.0/255.255.0.0
- 169.254.0.0/255.255.0.0Note: These rules can NOT be edited or deleted.
- Domain related with Yeastar
- update.yeastar.com
- rmtunnel.yeastar.com
- ctltunnel.yeastar.com
- tunnel.yeastar.com
- appcenter.yeastar.com
- mail.pbxsmtp.com
- active.yeastar.com
- IP address of phones that have been auto provisioned
You can also set up new rules to accept, drop, or reject access to the PBX. The IP address that was denied access to the PBX would be blocked when trying to connect to the PBX. You can check the blocked IP address in Block IPs.
For more information, see Add a Static Defense Rule and Manage Blocked IP Addresses.
Auto defense
Auto defense rules are used to prevent massive connection attempts or brute force attacks. When a source address sends packets over the limit within the specified time period, the PBX will block the source address. You can check the blocked IP address in Block IPs.
Yeastar P-Series PBX System has default auto defense rules as below:
Rule Name | Defense Object | ||||
Type | Port | Protocol | Number of IP Packets | Time Interval (s) | |
SSH | Service | 8022 | TCP | 10 | 60s |
SIP UDP | Service | 5060 | UDP | 40 | 2s |
SIP TCP | Service | 5060 | TCP | 40 | 2s |
HTTP | Service | 80 | Both | 120 | 60s |
HTTPS | Service | 8088 | Both | 120 | 60s |
You can also set up new rules according to your needs.
For more information, see Add an Auto Defense Rule.
Blocked IPs
The blocked IP addresses would be listed in the Blocked IPs. If a trusted IP address was blocked, you can go to Blocked IPs to delete the IP address.
For more information, see Manage Blocked IP Addresses.
Outbound Call Frequency Restriction
Outbound Call Frequency Restriction rule is used to limit the number of outbound calls over specified time period.
The PBX has a default rule to limit extension users to make maximum 5 outbound calls in 1 second.
You can also set up new rules according to your needs. For more information, see Add an 'Outbound Call Frequency Restriction' Rule.
Security options
-
Disable Auto Defense: If the option is enabled, the auto defense feature will not work.
-
Disable Extension Registration Defense: If the option is enabled, the SIP security settings will not work.
-
Drop All but Accepted IPs in Static Defense: If the option is enabled, the PBX will drop all the packets and connections from other hosts except the accepted addresses defined in static defense rules.Note: We recommend that you create a backup on the PBX before you enable the feature.
- Drop IP Ping Request: If the option is enabled, the PBX will disable Ping response (ICMP echo).