Securing FreePBX

[You can tell this is my first post here.]

I am looking at securing my FreePBX system. Looking on these Forums and on Nerd Vittles, I’ve made a list of things to secure. I want to make this a complete list, so please let me know if I am missing something:

  • System root password needs to be changed
  • FreePBX admin account password needs to be changed
  • Extensions need obscure passwords
  • Database password (for feepbx) needs to be changed
    (which seems a bit more complex than necessary, IMHO)
  • Extensions that are inside the company need “permit” IPs changed (set)
  • Firewall needs to only allow UDP/5060 and RTP ports in (for incoming calls)
  • SIP provide password needs to be “good”

Anything else? Thanks.