MyPBX Security Configuration Guide(Part 3)--Service Security

1. Disable Guest Call
Path: PBX--Advanced Settings--SIP Settings--Advanced Settings--Allow Guest

Note: Allow Guest is disabled by default; please keep it to ‍“No” for general use.

2. SSH Access Enhancement

2.1 Disable SSH
Path: System--Network Settings--LAN Settings--Enable SSH
If external debugging isn’t required, please select “No”.

Note: SSH access is disabled by default; please keep it to ‍“No” if not needed.

2.2 Change the Default Password for SSH
We can use the Linux command passwd to change the root password of MyPBX.
Step1. Log in via putty.exe.


Step2. The default username is root and the default password is ys123456.


Step3. Use command passwd to change the root’s password

You need to input the new password twice to take effect.

3. FTP Access Enhancement*
Path: System--Network Preferences--LAN Settings--FTP
If you won't log in MyPBX via FTP, please select “No” to disable it.

Note: FTP access is disabled by default; please keep it to ‍“No” if not needed.

4. AMI settings
The Asterisk Manager Interface (AMI) allows a client program to connect to an Asterisk instance and issue commands or read events over a TCP/IP stream. Integrators will find this particularly useful when trying to track the state of a telephony client inside Asterisk, and directing that client based on custom (and possibly dynamic) rules.
For more information, you can refer to this page:
http://www.voip-info.org/wiki/view/Asterisk+manager+API

Note: this feature is disabled by default; there is no need to enable generally. If it’s enabled, please change the account and configure IP restriction.


To manage the accounts to access AMI, we can configure it in AMI page directly.
Path: System--Security Settings--AMI Settings.

For example, the AMI account can be:
User name: Developer
Password: Developer
The only IP address that’s allowed to log in is 192.168.1.71.

We can configure it like this:

Save it and apply the changes.
To confirm more details, please try command ‍“cat /etc/asterisk/manager.conf

5. TFTP
MyPBX can work as a TFTP server when using ‍“phone provisioning”, and this feature is enabled by default. If all the phones are well provisioned, you can disable this access to protect the configuration files of MyPBX.
Click ‍“System--Security Center--Service” to disable it directly.


6. Database Grant
MyPBX has integrated MySQL since x.18.0.xx, which provides convenience for users to manage the CDR and the Recording log. To protect the database access, we need to set up user name and password separately before login.
There is no account configured by default, if you need to connect the database using third party software, you need to set up this first.
For example, username: Harry, password: Harry123

Save it and apply the changes.


When logging in using other software, we can check the CDR.

7. Alert settings
After enabling alert settings, if the device is attacked, the system will notify users the alert via call or e-mail. The attack modes include IP attack and Web Login.

7.1 IPATTACK
When the system is attacked by some IP addresses, the firewall will add the IP to auto IP Blacklist and notify the user if it matches the protection rule.
Example: configure to notify extension 500, outbound number 5503301 and E-mail alert@yeastar.com.

Note: If there’s an outbound number to notify, the number should fit the dial pattern of the outbound route.


7.2 WEBLOGIN
Entering the password incorrectly five times when logging in MyPBX Web interface will be deemed as an attack, the system will limit the IP login within 10 minutes and notify the user.
Example: configure to notify extension 500, outbound number 5503301 and E-mail alert@yeastar.com.

Have more questions? Submit a request

1 Comments

  • 0
    Avatar

    Actualy the issue which am facing with device that I forget the admin password please give me solution to restore the password without reset the device

    Is it possible kindly to support me remotely by teamviwer to solve these issue ( admin password lost)

    We bought these mypbx u100 and all 30 sip phones  and all network materials from sysvigour in dubai ( see contacts details below ) but we tried to contact them it seems they closed

     SysVigour Technologies LLC
    Office: +971-42 618300
    Office No 17, Sama Residence ,P.O 120604
    Al Qusais, Dubai . UAE
    www.sysvigour.com

     That is why kindly please Justin I request to help us regarding these issue?

Please sign in to leave a comment.