Security Overview

Yeastar P-Series Software Edition provides robust security options to ensure a secure and reliable phone service to your business operation, such as static defense rules, auto defense rules, IP blocking and so on.

Static defense

Static defense rules can control and filter traffic sent to the PBX based on IP address, domain, or MAC address.

Yeastar P-Series Software Edition has default static defense rules to accept connections from devices on local network, auto provisioned devices, and Yeastar servers. You can also set up new rules to accept, drop, or reject access to the PBX. The IP addresses that are denied access to the PBX would be blocked when trying to connect to the PBX, you can check the blocked IP address in Block IPs.

For more information, see Add a Static Defense Rule and Manage Blocked IP Addresses.

Auto defense

Auto defense rules can control and filter traffic sent to the PBX based on the frequency of packets sent, effectively preventing massive connection attempts or brute force attacks.

Yeastar P-Series Software Edition has default auto defense rules to protect SSH connection, SIP registration, and Web access. You can also set up new rules according to your needs. When a source address sends packets over the limit within the specified time period, the PBX will block the source address, you can check the blocked IP address in Block IPs.

For more information, see Add an Auto Defense Rule and Manage Blocked IP Addresses.

Blocked IPs

The blocked IP addresses would be listed in the Blocked IPs. If a trusted IP address was blocked, you can go to Blocked IPs to delete the IP address.

For more information, see Manage Blocked IP Addresses.

Outbound Call Frequency Restriction

Outbound Call Frequency Restriction rule is used to limit the number of outbound calls over specified time period.

The PBX has a default rule to limit extension users to make maximum 5 outbound calls in 1 second.

You can also set up new rules according to your needs. For more information, see Add an 'Outbound Call Frequency Restriction' Rule.

Security options

The PBX provides additional options so that you can flexibly adjust your security scheme:
Disable Auto Defense
If the option is enabled, the auto defense feature will not work.
Disable Extension Registration Defense
If the option is enabled, the SIP security settings will not work.
Drop All but Accepted IPs in Static Defense
If the option is enabled, the PBX will drop all the packets and connections from other hosts except the accepted addresses defined in static defense rules.
Note: We recommend that you create a backup on the PBX before you enable the feature.
Drop IP Ping Request
If the option is enabled, the PBX will disable Ping response (ICMP echo).
Download Global Anti-hacking IP Blocklist
If the option is enabled, Yeastar Global Anti-hacking IP Blocklist will be downloaded to the PBX. Any connections from the IP addresses in the blocklist will be dropped.
Report PBX's IP Blocklist
If the option is enabled, the IP addresses that are permanently blocked by the PBX will be reported to Yeastar Global Anti-hacking IP Blocklist.
Two-Factor Authentication
Yeastar P-Series Software Edition supports to set two-factor authentication for super administrator account to ensure login security.
For more information, see Two-factor Authentication (2FA) Overview.
Enable IP Restriction for Administrator Login
Yeastar P-Series Software Edition supports to add IP restrictions to specify the IP addresses from which super administrator are allowed to access administrator portal.

For more information, see Restrict Access to Administrator Portal by IP Addresses.

Console/SSH Access

Yeastar P-Series Software Edition supports SSH access. Technical supporter engineers can establish a temporary SSH connection on the PBX to check logs and debug the PBX.

For more information, see Access the System via SSH.

Certificates

Yeastar P-Series Software Edition supports TLS protocol and HTTPS protocol to secure SIP messaging. Before using TLS protocol and HTTPS protocol, you need to upload the relevant certificates to the PBX.

For more information, see the following topics:

Allowed Country IPs

You can set up Allowed Country IPs to only allow specific countries or regions to access your phone system, thus preventing the situations that hackers remotely access your phone system to make international and long-distance calls, monitor conversations, or do other operations that may cause security threats to your phone system.

For more information, see Restrict Specific Countries or Regions from Accessing Yeastar P-Series Software Edition.

Allowed Country Codes

You can set up Allowed Country Codes to restrict users from making international calls to specific countries or regions, thus effectively preventing toll fraud.

For more information, see Restrict International Calls to Specific Countries or Regions.