Security Overview
Cloud Voice ships with several layers of protection you can combine to keep your phone system (the PBX, short for Private Branch Exchange) safe and your calls reliable. This page introduces each safeguard and points you to the detailed setup instructions.
A quick note on one term you will see throughout: toll fraud is when an attacker gains access to your system and places expensive calls (usually international or premium-rate) at your expense. Several of the controls below exist specifically to shut that down.
IP allowlists and blocklists
Section titled “IP allowlists and blocklists”An IP (Internet Protocol) address is the numeric identifier a device uses on a network. Cloud Voice can treat individual addresses as always-trusted or block them automatically when they behave like an attacker.
Allowed IPs
Section titled “Allowed IPs”Add trusted IP addresses or domain names to the allowlist so the system never blocks them, even if their traffic pattern would otherwise trigger a defense rule. See Add an Allowed IP Address and Manage Allowed IP Addresses.
Blocked IPs
Section titled “Blocked IPs”When the system blocks an address, it appears in the Blocked IPs list. If a legitimate address was blocked by mistake, remove it from that list to restore access. See Manage Blocked IP Addresses.
Outbound Call Frequency Restriction
Section titled “Outbound Call Frequency Restriction”This safeguard caps how many outbound calls may be placed within a given window of time, which helps shut down toll-fraud attempts. Out of the box, a default rule limits each extension to a maximum of 5 outbound calls per second. You can add your own rules on top of this to match how your business places calls. See Add an ‘Outbound Call Frequency Restriction’ Rule.
Account and login security
Section titled “Account and login security”Cloud Voice includes several options you can mix and match to tighten access control.
Passwordless Login
Section titled “Passwordless Login”If your service provider needs to reach your system for remote support but you would rather not hand over the administrator credentials, enable passwordless login so they can connect without a password. See Allow Passwordless Login to Cloud Voice.
Allowed Client Public IP Address
Section titled “Allowed Client Public IP Address”When your company reaches the internet through more than one public IP address, list the exact addresses your staff’s Cloud Voice App (Web and Desktop) may connect from. The system then recognizes every authorized connection and accepts it, avoiding call failures or one-way audio caused by unexpected IP changes. See Add Allowed Client Public IP Addresses.
Call Encryption Tunnel
Section titled “Call Encryption Tunnel”For mobile calls, Cloud Voice can route all SIP (Session Initiation Protocol, the signaling that sets up a call) and RTP (Real-time Transport Protocol, the audio itself) of the Cloud Voice App through an encrypted tunnel to the system. This strengthens call privacy and helps sidestep carrier-level SIP blocking, so extensions stay registered and calls stay stable even on restrictive networks. See Enable Encryption Tunnel for Cloud Voice App Mobile Calls.
Two-Factor Authentication
Section titled “Two-Factor Authentication”Turn on two-factor authentication (2FA) for the administrator account so that logging in requires both the account password and an additional verification code. See Two-factor Authentication (2FA) Overview.
Extension Password Rule
Section titled “Extension Password Rule”Enforce password policies for both the registration password and the user password of extensions, raising the bar for extension account security. The registration password is what a phone or app uses to sign in as the extension, while the user password is what the person uses to sign in to the Cloud Voice App. See Enforce Password Policy for Extensions.
IP restriction for administrator login
Section titled “IP restriction for administrator login”Limit which IP addresses may be used to reach the administrator portal. See Restrict Access to Administrator Portal by IP Addresses.
Console / SSH access
Section titled “Console / SSH access”Cloud Voice supports SSH (Secure Shell, a way to open a secure command-line connection to the system) so support engineers can open a temporary connection to inspect logs and troubleshoot the system. See Access the System via SSH.
Country-based restrictions
Section titled “Country-based restrictions”Allowed Country IPs
Section titled “Allowed Country IPs”Restrict access to your phone system so that only the countries or regions you choose can connect. This closes off a common attack path where intruders reach your system from abroad to place international or long-distance calls, listen in on conversations, or otherwise tamper with it. By default, every country and region is allowed. See Restrict Specific Countries or Regions from Accessing Cloud Voice.
Allowed Country Codes
Section titled “Allowed Country Codes”Block outbound international calls to specific countries or regions, an effective way to contain toll fraud even when an outbound route permits international dialing. See Restrict International Calls to Specific Countries or Regions.