Best Practices to Avoid Getting Hacked on the NEC SL2100 and SL1100

Here we will cover proactive options that will limit and/or take away the ability for your NEC SL2100 or NEC SL1100 phone system to be compromised by hackers.

Introduction

Like all other phone systems or network connected devices, the NEC phone system can be a potential target for hackers. These SIP hackers typically attempt to register VoIP ports to make outbound calls, as well as manipulate some of the voicemail options such as; external notification of Find Me Follow Me to international numbers of their choice.

Below we will list some proactive options that will limit and/or take away the ability for your phone system to be compromised by such attacks. Here at My Tech Distributors, we include International Toll Restriction on all extensions (as part of our per-programming) and suggest you eliminate any personal mailboxes that are not in use. We encourage each user to apply an access code to each of their personal voicemail’s. Lastly, if the phone system resides on a network we do advise changing the installer level password in Program 90-02.

NOTE: The Installer Level Password is the highest level password. There is no backdoor, so please carefully log the credentials in a safe place if they are changed from the defaults. If you get locked out a full system program default will need to take place.

Best Practices

Much like other client sensitive network equipment, the NEC phone system should be placed behind a network firewall and in addition all relative ports should be blocked from outside access. To ensure security, Port 80 (HTTP) for the WebPro Port, Port 8000 for the PCPro Port, and also Port 5963 for the DIMM Port should all be blocked from outside internet access.

Only ports that are needed should be port forwarded to the phone system.

• Do not put the phone system in the router/firewall’s DMZ as this will allow your phone system to be visible to anyone running a port scan over the internet
• Some ports that the SL2100 and SL1100 uses are:
  • 5080- Register Port for NEC proprietary SIP Phones (Ex. This is the port used to connect an IP Phone over Nat)
  • 5070- Register Port for 3rd party SIP (Ex. This is the port used to connect a uMobility client, VoIP Polycom or an X-lite softphone)
  • 5060- Default Proxy/Registrar Port for SIP Server (Ex. This is typically used for connecting SIP trunks

All usernames and passwords should be changed for maximum security. You can change the passwords in program 90-02.

• User Names can be set for up to 10 upper case, lower case and special alphanumeric characters
• Passwords can be set for up to 8 digits using only digits 0-9, * and #
  Unlike the User Name, all special characters cannot be used in the password. Only * and # are allowed
• Avoid sequential numbers and mix in as many combinations of the allowed digits as possible. An example of an ideal username and password would be:
  Username: TeSt91%K#*#*
  Password: *538#*47
• When changing the username and passwords, the changes should be documented and stored by the Associate. These changes should also be provided to the customer for safe storage.

All Physical Phone Extensions that are in use should have a Voicemail Access Code Setup.

• Press the VM Soft Key on each phone and follow procedure below:
• More
• Setup
• Code
• Enter Access Code to be stored
• Each time that User attempts to access their voicemail this code will be needed

Change ports for PCPRO and WebPro

• If ports are going to be forwarded in the router for Remote Maintenance, then NEC recommends changing the default well known port numbers of Web Pro and PCPro in programs 90-54-01 and 90-54-02
• In addition to changing the port numbers and system passwords as described above, if port forwarding of Web Pro’s port will be used (Not recommended) then you should also go to program 90-28 and change each extension password for User Pro, for the extensions that need access to User Pro, or delete the passwords for extensions that do not need access to User Pro so that it may not be accessed.   This will prevent hackers from being able to make changes to individual extensions such as Call Forwarding.