Separate Voice Traffic and Data Traffic for some VoIP ISPs, and provide dedicated SIP trunks that support NGN ports (Next Generation Network). NGN can separate data, voice, and video networks or any combination of the three to form a converged network.

For the on-premise deployment, the best practice is to suggest setting up VLAN (Virtual Local Networks) on the PBX. VLAN can improve the call quality but also can secure PBX. The voice traffic and data traffic can be logically separated by a VLAN switch. If one VLAN is penetrated, the other will remain secure. Also, limiting the rate of traffic to IP telephony VLANs can slow down an outside attack..

TLS and WSS for SIP Signaling
Transport Layer Security (TLS) is a mechanism for securing SIP connections. It is recommended to use TLS as PortSIP PBX SIP transport to prevent data from being passed between other SIP endpoints and PortSIP PBX.

For the WebRTC client, PortSIP offers WSS transport (WebSockets over SSL/TLS). WSS is encrypted, just like HTTPS, and so protects against man-in-the-middle attacks. If the transport is secured, a range of attacks against WebSockets becomes unfeasible.

Password for Tenant Administrator

Once you recieve your credentials with the "Admin" role, a tenant administrator was created, since it's also the extension, there are two passwords for him.

SIP Password. It's used for the IP Phone, Softphone, and WebRTC client to register to PortSIP PBX

User Password. It's used for the user to sign the PBX Web Portal to check voicemail, recording, CDR

There are strongly suggested to change the password after the tenant administrator first logs in to the Web Portal.

myphonesystem.ca Canada's leading channel direct telephony service.