3CX – Security Update September 2010admin
As part of our continual program of quality improvements, we would like to announce an important update to the 3CX Phone System Version 9. Today we have released the latest security pack that goes a long way to strengthening the 3CX Phone System from potential abuse.
We would like to strongly advise you to take the opportunity to undertake the following steps to review password strength on all your deployed systems:
1. Download the latest security update service pack from within your 3CX Phone System installation. Updates can be performed only through the 3CX Windows Management Console. This update will create a strong password for fax extensions and also suggest default strong passwords for newly created extensions.
2. In addition, we created a new function that allows you to re-generate strong and random passwords for one or more selected extensions. Go to the Extensions node and see which extensions are marked as red because they have a weak password. For these extensions, click the ‘Re-Generate password’ button to create new secure passwords. Of course this requires that you reboot the phones if using re-provisioning or enter the new password into each IP phone if phones are configured manually.
3. We have improved the concept of “Weak Extensions” highlighting in bold red all extensions that fall under this category. This is when the password, voicemail PIN or SIP ID are the same as the extension number. This will give a visual indication of weak extensions and the administrator can configure these appropriately.
4. We highly recommend upgrading to version 9 as it has strong inbuilt anti hacking measures which will block malicious attempts and dictionary attacks to guess system extension passwords. The Anti-Hacking module will also blacklist abusing IP Addresses. For more information see this blog post.
5. After you have performed all the mentioned changes, create a new backup.
More detailed information on the security update can be found here.