Port Forwarding and Improper DMZ configuration

Examples would be forwarding Ports 80 and 443 to a web-server, or port 993 (S/IMAP) to an e-mail server.

A more comprehensive style of port-forwarding is to forward all incoming traffic to a specific device, effectively placing that device outside the firewall completely. This method is referred to as placing that device in the DMZ (demilitarized zone - a name chosen because the device in question is outside the security/protection of the firewall, in the way that a person standing in a DMZ is not protected by the nations on either side).

Both styles of port-forwarding present very real security risks - if the device that the forward points to is compromised, an attacker gains access to the entire network. However, port-forwarding is required if you wish to provide internet services (such as a web-server, FTP or e-mail server, remote desktop, and so on) from behind a firewall.

The Problem:
With regard to our services, it is critically important that no Intermedia device ever have any ports forwarded to it, and that no Intermedia device ever be placed in a firewall DMZ or have ANY ports forwarded to it's IP address.

Forwarding port 5060 or 6060 to a device is not an acceptable substitute for obtaining a compatible router. In addition to the fact that it exposes your phone to the public internet and creates a risk of fraud/intrusion, it will not work to correct connectivity issues, especially on networks with multiple phones and or VoIP devices (such as a fax adapter).

Placing an Intermedia device (phone, fax adapter, or XIP) in the DMZ, or forwarding ports to it, exposes it to the public internet and allows hackers to connect to it and steal the login information used by said device to make phone calls. With this information, a hacker may make fraudulent phone calls to international numbers using the stolen information. To prevent this, always keep all Intermedia hardware behind a NAT firewall.

Diagnosis:
Check the router's port-forwarding and DMZ configuration options.

Background:
Port Forwarding is a method of directing connections to a publicly available Internet address (such as the one held by a network router/gateway) to specific devices on the private-side of the network that are configured to handle connections of that type.

Solution:
Remove all Intermedia devices from the port-forwarding, port triggering, and DMZ configuration options of your router.