Increase the security of Mediatrix gateways
In this article we will describe a simple method to prevent malicious people, once they have entered the corporate network, from making calls over ISDN by contacting a Mediatrix gateway from a PC on the network even without going through the PBX. In these cases, in fact, since the call has not passed through the PBX, there will be no trace in the switchboard Call Reports.
The protection of the Mediatrix is carried out by making it accept only the calls coming from an accredited IP (in this case the PBX), the call requests coming from other IP addresses will be discarded. It is obvious that this mechanism does not protect against malicious requests coming from the same machine where the VOIspeed PBX resides.
The configuration of the Mediatrix is done by the Routing Rules (menu Routing Rules).
- Change the route (s) for outgoing calls, ie those in which the Source interface is sip-default or sip-BRIx and the Destination interface is Hunt-ISDN or an isdn-BRIx.
- Set the Properties Criteria field with the Calling Host parameter.
- Set the Expression Criteria field with the IP address of the VOIspeed server with the notation xxx \ .yyy \ .zzz \ .www (ex: if the IP of the PBX is 192.168.0.220 the expression criteria field must be 192 \ .168 \ .0 \ .220).
These considerations apply especially in the case of use in an On Premises environment (VOIspeed 6), which do not require specific authentication of the PBX or gateway. In the UCloud environment, the gateways register and the calls pass exclusively through the authenticated account on the PBX, so the problem is less urgent, but it may be worthwhile to enter the accredited IP address anyway, this will be the IP of the UCloud server.