Skip to content

Security Overview

Cloud Voice ships with several layers of protection you can combine to keep your phone system (the PBX, short for Private Branch Exchange) safe and your calls reliable. This page introduces each safeguard and points you to the detailed setup instructions.

A quick note on one term you will see throughout: toll fraud is when an attacker gains access to your system and places expensive calls (usually international or premium-rate) at your expense. Several of the controls below exist specifically to shut that down.

An IP (Internet Protocol) address is the numeric identifier a device uses on a network. Cloud Voice can treat individual addresses as always-trusted or block them automatically when they behave like an attacker.

Add trusted IP addresses or domain names to the allowlist so the system never blocks them, even if their traffic pattern would otherwise trigger a defense rule. See Add an Allowed IP Address and Manage Allowed IP Addresses.

When the system blocks an address, it appears in the Blocked IPs list. If a legitimate address was blocked by mistake, remove it from that list to restore access. See Manage Blocked IP Addresses.

This safeguard caps how many outbound calls may be placed within a given window of time, which helps shut down toll-fraud attempts. Out of the box, a default rule limits each extension to a maximum of 5 outbound calls per second. You can add your own rules on top of this to match how your business places calls. See Add an ‘Outbound Call Frequency Restriction’ Rule.

Cloud Voice includes several options you can mix and match to tighten access control.

If your service provider needs to reach your system for remote support but you would rather not hand over the administrator credentials, enable passwordless login so they can connect without a password. See Allow Passwordless Login to Cloud Voice.

When your company reaches the internet through more than one public IP address, list the exact addresses your staff’s Cloud Voice App (Web and Desktop) may connect from. The system then recognizes every authorized connection and accepts it, avoiding call failures or one-way audio caused by unexpected IP changes. See Add Allowed Client Public IP Addresses.

For mobile calls, Cloud Voice can route all SIP (Session Initiation Protocol, the signaling that sets up a call) and RTP (Real-time Transport Protocol, the audio itself) of the Cloud Voice App through an encrypted tunnel to the system. This strengthens call privacy and helps sidestep carrier-level SIP blocking, so extensions stay registered and calls stay stable even on restrictive networks. See Enable Encryption Tunnel for Cloud Voice App Mobile Calls.

Turn on two-factor authentication (2FA) for the administrator account so that logging in requires both the account password and an additional verification code. See Two-factor Authentication (2FA) Overview.

Enforce password policies for both the registration password and the user password of extensions, raising the bar for extension account security. The registration password is what a phone or app uses to sign in as the extension, while the user password is what the person uses to sign in to the Cloud Voice App. See Enforce Password Policy for Extensions.

Limit which IP addresses may be used to reach the administrator portal. See Restrict Access to Administrator Portal by IP Addresses.

Cloud Voice supports SSH (Secure Shell, a way to open a secure command-line connection to the system) so support engineers can open a temporary connection to inspect logs and troubleshoot the system. See Access the System via SSH.

Restrict access to your phone system so that only the countries or regions you choose can connect. This closes off a common attack path where intruders reach your system from abroad to place international or long-distance calls, listen in on conversations, or otherwise tamper with it. By default, every country and region is allowed. See Restrict Specific Countries or Regions from Accessing Cloud Voice.

Block outbound international calls to specific countries or regions, an effective way to contain toll fraud even when an outbound route permits international dialing. See Restrict International Calls to Specific Countries or Regions.