Phone

NEC SL1100 Hacker Defence

Hacker Defence on the NEC SL1100 System

NEC Digital System
Like all other phone systems or network connected devices, the NEC SL1100 can be a potential target for hackers. These SIP hackers typically attempt to register VOIP ports to make outbound calls, as well as manipulate some of the voicemail options such as External Notification or Find Me, Follow Me to international numbers of their choice. Some of the most common hacker defence options are:

  • Adding toll restrictions on all extensions
  • Blocking international calling on lines at the supplier level
  • Changing the default values for the system password and IP
  • Eliminating voicemail boxes that are not in use and having users make their voicemail box passwords secure using a code other that 1234, 0000, etc.
  • Changing the installer level password in in Program 90-02.

Here are more additional ways to defend your SL1100 from being hacked:

 

  1. The NEC SL1100 should be installed behind a firewall and all relative ports should be blocked from outside access. To ensure security, the following ports should also be blocked from outside access:
    • Port 80 (http) for the WebPro Port
    • Port 8000 for the PCPro Port
    • Port 5963 for the DIMM Port
  2. Only Ports that are needed should be port forwarded to the SL1100. Do not put the SL1100 phone system in the router/firewalls DMZ as this will allow the phone system to be visible to anyone running a port scan over the internet. Some of the ports that the SL1100 uses are:
    • 5080 – Register port for NEC Proprietary SIP Phones (This is the port that is used to connect an IP Phone over NAT)
    • 5070 – Register Port for 3rd party SIP (This is the port used to connect a Mobility Client, VOIP Polycom or an X-Lite Softphone)
    • 5060 – Default Proxy/Registrar Port for SIP Server (This is typically used for connecting SIP Trunks)
  3. All User Names and Passwords should be changed for maximum security in Program 90-02. User Names should be set to 10 characters and passwords can be set for up to 8 characters.
  4. All physical phone extensions that are in use should have a Voicemail Access Code Setup. Press the VM softkey on each phone and press “More”, then “Setup”, then “Code”. Enter the Access Code to be stored. Each time that a user attempts to access their voicemail box this code will be needed.
  5. Change ports for PCPro and WebPro. If ports are going to be forwarded in the router for remote maintenance, NEC recommends changing the default, well-known port numbers for WebPro and PCPro in Programs 90-54-01 and 90-54-02. If port forwarding of WebPro's port will be used (not recommended) then you should also go to Program 90-28 and change each extension password for UserPro (for the extensions that need access to UserPro) or delete the passwords for the extensions that do not need access to UserPro so that it may not be accessed. This will prevent hackers from being able to make changes to individual extensions such as call forwarding.