It is not the question "if", it is the question "when".
When an attack happens, make sure that the price to get anything useful from your PBX will be quite high.
Controlling who can access what information and who has to stay out can be achieved with these features.
- TLS and SRTP. Calls can be encrypted using TLS and SRTP. The PBX uses a PKI infrastructure based on X.509 certificates to set up trust relationships. The same mechanisms are used to secure the traffic to the built-in web server.
- Intrusion detection. Automatic intrusion detection puts IP addresses on a list of denied access for a certain time, dramatically reducing the risk of brute-force password attacks gaining access to the system. Addresses can be explicitly approved on a net mask basis to avoid false alarms.
- Strict password requirements. The strongest security mechanisms are useless when users use weak passwords or don't use passwords at all. A programmable password policy can filter user passwords from the web interface to avoid trivial passwords.
- Built-in certificates. Provisioning of snom phones can be secured to use the built-in certificates of selected snom phones.
- File system encryption. User passwords are encrypted on the file system, so that even when someone should gain file system access there are no plain text passwords on file.
More information can be found on the security whitepaper.