Category: 3CX

3CX, Chicago, Partners, Telephony

3CX Phone System on Campus

Dec 23, 2019 by Sam Taylor

Higher Learning at a Lower Cost​

Universities are places where ideas can be communicated freely. What better way to do this, than through a unified communications system like 3CX. As the central communications system on-campus, 3CX offers multiple opportunities to encourage and facilitate learning. It can connect staff members and students with benefits for everyone, including free audio/video calls, low-cost external calls, access to all areas, integrations with other used systems, and more. Let’s examine this use case in more detail.

Affordable Communication on a Shoe-string Budget​

3CX is the ideal tool for universities that require all the advanced features of a unified communication system, without the hefty price tag. Apart from a PBX server, 3CX requires no additional hardware to be installed, making it easily accessible to your staff. The only requirement is a PC with a modern web browser. This simplifies administration, drastically reduces support requests and is a more cost-effective solution overall. What’s more, 3CX provides built-in support for a multitude of IP phones and SIP devices, making it easy to choose a desk phone or SIP device that suits everyone’s budget.

Keep in Contact, at the Lecture Theatre, Dorm or While Roaming

Add the 3CX Android and iOS apps to the mix, and your staff can talk, chat and access a university-wide shared phonebook/directory from their smartphones – wherever they may be. When calling on the move, the app reconnects calls automatically through available WiFi or 4G networks. They can also use Chat to exchange messages and documents while at the campus or anywhere else. 3CX can really empower you to do more with your devices!

Extend Your Reach to Facilitate Teamwork

Universities can typically span multiple buildings and areas, which makes setting up difficult under a single communications solution. Not so with 3CX, as it can unify all your remote offices and dorms using bridges and SBCs (Session Border Controllers), to allow your personnel and students to communicate, irrespective of their location. Academic staff and students can also use WebMeeting at no extra cost, to join on-line video meetings for study groups, or webinar sessions with teaching assistants, lab technicians, and so on.

Never Alone. Integrate & Automate

Traditionally a phone system functions in isolation, with little or no ability to interface with other university systems and services. On the contrary, 3CX includes built-in integration options with Office 365, databases, CRMs and other network-enabled systems.

As a quick example, consider a 3CX script-based IVR (Interactive Voice Response) menu, that services students’ course enrollment requests. The student calls the IVR, enters the ID for the chosen course and 3CX will deliver the student’s telephone number and course selection to the university’s course management system. What’s more, by using the Call Flow Designer (CFD), you can create call flows to automate your procedures, from course billing to announcements via text-to-speech. And CFD does not require any programming knowledge!

Keep in Control of Access & Security

Universities need to maintain controlled and secure access to areas like offices, labs, and dorms. 3CX supports popular video door phone devices which can be used with 3CX. Through this, you can attend to visitors seeking entry, or even control activity and access to specific areas – doing away with employing costly security personnel. You can also use PA systems connected to 3CX, to perform announcements in university common areas, classrooms and halls.

No Master’s Degree Required to Administer

With 3CX, administrators have freedom of choice! Install with ease on LinuxWindowsRaspberry Pi and on popular cloud providers like Google CloudAzure, and AWS. Not only is it easy to install, but easy to manage too. Keep your data safe by securing and managing your backups, recordings and voicemails with flexible options, on local or remote storage (FTP, SSH and SMB). What’s more, administrators can use the built-in Instance Manager to remotely monitor, manage and update a Linux PBX.

In Conclusion​

Universities are by definition communities of teachers and scholars. 3CX bridges the communication gap between these communities facilitates learning and strengthens relationships. It is the perfect fit for organizations that value communication as the primary means of education. And it comes with an affordable price tag, to boot!

3CX, Business Continuity, Chicago, CyberSecurity, Data Protection

FROM THE TRENCHES: 3CX SECURITY

Jul 11, 2019 by Sam Taylor

This past month one of our clients experienced a security compromise with their phone system, where 3 extensions had their credentials swiped. Among the information taken was the remote phone login information, including username, extension and password for their 3CX phone system.

Our first tip off of the attack was the mass amount of international calls being made. We quickly realized that this was not your traditional voicemail attack, or SIP viscous scanner attack because the signature of it was different (more below). To alleviate the situation we immediately changed their login credentials, but to our surprise the attack happened again with the same extensions within minutes of us changing their configuration.

For those of you thinking that the issue can be related to a simple or easy username and password (extension number and a simple 7-digit password), that wouldn’t be the case here. It’s important to note that with 3CX version 15.5 and higher, the login credentials are randomized and do not include the extension id, which makes it a lot harder to guess or brute force attack.

We locked down International dialing while we investigated the issue, and our next target was the server’s operating system. We wasted hours sifting through the logs to see if there were any signs of attack, but absolutely none were present. We next checked the firewall and again saw no signs of attack– so how was this happening? How were they able to figure out the user ID and password so quickly and without triggering the built-in protections that 3CX has, like blacklisting IP addresses and preventing password guessing attempts?

Right back to square one, we needed more information. After contacting different contacts of the client, we found out that the three extensions were present at an International venue, which interestingly enough, was the target of all the International calls!!! Phew, finally a decent clue. Under the assumption of a rogue wireless access point present at the hotel, we asked them to switch to VPN before using their extension, which stopped any new authentication fields from being guessed  – – –

While we were able to get our client up and running again, there was something a bit more interesting going on here. The hackers were using a program to establish connections and then use those connections to allow people to dial an International country on the cheap (margins here are extraordinary). That program is using an identifier “user_agent” when establishing a connection to make the calls. If we filter for that, they will have to redo their programming before they can launch the attack again, which proved to be a quick and instantaneous end to this attack irrespective of source– even if they acquire the necessary credentials.

Here’s how I would deal with this next time, in 3CX you can follow the following steps:

Go to

  1. Settings
  2. Parameters

3. Filter for “user_agent”

4. Add the user agent used (The Signature) in the attack to either fields and restart services

Eg. The Signature (Ozeki, Gbomba, Mizuphone)