Outbound SIP Trunk Security

When exposing any SIP-based service to the public internet, it is essential to implement strong security controls to prevent unauthorized access and misuse. VoIP systems are frequent targets for automated scans, credential-guessing attempts, and toll fraud. DIDWW Outbound SIP Trunks include multiple layers of protection to help secure your outbound traffic.

---

Authentication Methods

DIDWW Outbound SIP Trunks provide two layers of authentication for enhanced security:

• IP-based Authentication – Outbound calls are accepted only when they originate from customer-defined, trusted IP addresses.

• Digest Authentication – SIP requests are challenged and must be authenticated with a valid username and password.

Using both methods in combination provides the highest level of protection.

Note

If you would like to disable Digest Authentication and authenticate your calls via IP-based Authentication only, contact support@didww.com .

---

Additional Protective Features

• 24-hour limit (USD) – Defines the maximum amount of funds allowed per trunk within a rolling 24-hour period. Once the limit is reached, the trunk is blocked, and all active outbound calls will be disconnected shortly after. New outbound calls are rejected until the trunk is manually unblocked.

  Note

  Active calls are disconnected shortly after the spending limit is reached. As a result, the final billed amount may slightly exceed the configured 24-hour limit.

• Capacity limit – Restricts the maximum number of simultaneous outbound calls per trunk, preventing unexpected call bursts and limiting potential abuse.

• Voice OUT Trunk usage limit notification – Sends an email notification when 80% of the 24-hour limit is reached. Notifications are sent once every 12 hours.

---

Recommended Best Practices

The following best practices help ensure secure and reliable outbound traffic through your SIP trunk.

Review call activity regularly

• Compare call records across different periods.

• Look for unusual patterns or high-value destinations.

• Investigate any unauthorized or unexpected traffic.

Restrict international calling

• Allow calling only to approved destinations.

• Block unwanted prefixes using dialing settings.

• Periodically review allowed destinations.

Keep VoIP equipment secure and updated

• Update PBXs, SBCs, and routers to the latest firmware.

• Replace default administrative passwords.

• Apply vendor security patches promptly.

Secure your firewall or SBC

• Allow SIP traffic only from trusted IP ranges.

• Enable rate limits or flood protection.

• Monitor access attempts and block suspicious sources.

Educate operational staff

• Follow proper credential-handling practices.

• Train teams to recognize abnormal call behavior.

• Review account permissions regularly.

Configure limits and alerts

• Set 24-hour spending or credit limits.

• Apply concurrent call capacity limits.

• Enable usage notifications for unexpected activity.