Network Security
Separate Voice Traffic and Data Traffic
For some VoIP ISPs, they provide dedicated SIP trunks that supports NGN ports (Next Generation Network). NGN can separate data, voice and video networks or any combination of the three to form a converged network.
You can also set up VLAN (Virtual Local Networks) on the PBX. VLAN can improve the call quality, but also can secure your PBX.
The voice traffic and data traffic can be logically separated by a VLAN switch. If one VLAN is penetrated, the other will remain secured. Also, limiting the rate of traffic to IP telephony VLANs can slow down an outside attack.
Use VPN - Avoid Port Forwarding
We strongly recommend you to set up VPN network for your PBX. Avoid port forwarding on your router and do not enable DMZ on your router.
VPN can secure communications between remote devices and your PBX.
Yeastar S-Series VoIP PBX can be set as an OpenVPN server and also can be an OpenVPN client.