Secure VoIP Auto Provisioning

Posted by On

Auto provisioning is an essential tool used by cloud-based SIP Internet Telephony Service Providers (ITSPs). Using cloud-based auto provisioning, ITSPs can easily provision and deploy any number of VoIP end-points providing hassle-free, plug-n-play, zero-configuration service. But Is Auto Provisioning Secure?

With auto provisioning, a new phone will automatically contact the ISTPs provisioning server when connected to a network and identify itself by sending its hardware (MAC) address. This MAC address is used by the provisioning server to download the correct provisioning profile to the phone, without the need for installer visits or manual configuration. This process can also be used to activate or deactivate phone features, update firmware, perform remote reboots, and more.

This enables ISTPs and E-commerce websites to drop-ship a VoIP phone to their customers that can simply be connected to the their local network.

Automatic Provisioning has a number of benefits including:

  • it saves both time and costs during deployments
  • it is somewhat more secure as the SIP credentials don’t have to be shared with end users
  • it allows replacing a defective phone by just entering the new MAC address

Is Your Auto Provisioning Secure?

The issue with auto provisioning is security. In order to facilitate auto provisioning, the VoIP server needs to remain open to accept inbound provisioning requests from phones all over the world. However, by leaving it open, individuals with some technical knowledge can hack into the server or spoof your MAC address and gain access to these configuration files. This can result in fraudulent activity on your account. This leaves you paying their telephone bill.

Secure provisioning protects customer SIP credentials and adds safeguards against hackers attempting to compromise the customer’s system.

CrescentCX Secure Provisioning

CrescentCX Secure provisioning method includes three measures to protect customers from phishing attacks, fraud, and hacks.

  1. All communications with CrescentCX is encrypted using SSL security.
  2. Each customer requires a unique private provisioning URL.
  3. Any provisioning download request requires strong https authentication.

All of the above requirements have to be met before any provisioning is permitted.

How CrescentCX Secure Provisioning Works

#1. SSL Encrypted Connection

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client – typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use that information.

All CrescentCX provisioning is communicated over HTTPS protocol.

#2. A Secure Location

When customers sign-up for CrescentCX’s Cloud service, they are given a randomly generated unique domain URL for provisioning – for example, a customer may receive a URL of “p3kb6gk7.crescentcx.com” when signing up. The provisioning server will only accept provisioning requests from this URL for this client. A unique private location significantly reduces the likelihood it will be discovered and subsequently attacked.

#3. Strong Passwords

A strong password provides essential protection from financial fraud and identity theft. One of the most common ways that hackers break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to easily gain access and control of a computing device.

Generic company assigned passwords are a potential security risk. CrescentCX assigns a unique strong password for each client PBX. Additionally, CrescentCX always run all authentication requests over HTTPs. If you’re not using SSL, than no matter what authentication protocol you use, you’ll never be secure.

Are Your Business Calls Secure?

As you are researching business phone system providers, make sure that you pay special attention to security. A Hosted VoIP provider should safeguard your company against hackers with secure provisioning.

At CrescentCX, your security is our number one concern. Ask yourself if a provider’s provisioning meets CrescentCX’s security standards.

Contact us today to discuss your cloud voice requirements.