Tech Tips

support@mytelpros.com
,

Best Practices to Avoid Getting Hacked on the NEC SL2100 and SL1100

This guide outlines proactive steps to help protect your NEC SL2100 or SL1100 system from compromise.

Introduction

Like all other phone systems or network connected devices, the NEC phone system can be a potential target for hackers. These SIP hackers typically attempt to register VoIP ports to make outbound calls, as well as manipulate some of the voicemail options such as external notification of Find Me Follow Me to international numbers of their choice.

Default Protections from My Tel Pros

  • International Toll Restriction applied to all extensions
  • Removal of unused personal mailboxes
  • Recommendation that each user sets a voicemail access code
  • Advice to change the installer-level password in Program 90-02

Firewall and Port Security

Treat your NEC phone system like any other sensitive network device:

  • Place it behind a firewall
  • Block all ports from external access unless absolutely required
  • Do not place the phone system in the router/firewall’s DMZ — this exposes it to internet-wide port scans

Ports to Block Unless Required

  • 80 – WebPro (HTTP Admin)
  • 8000 – PCPro Programming
  • 5963 – DIMM Port

Ports Used by the NEC SL2100/SL1100
Only forward these if needed:

  • 5080 – NEC IP Phones (over NAT)
  • 5070 – 3rd-Party SIP Devices (X-lite, Polycom, uMobility)
  • 5060 – SIP Server Proxy/Registrar (for SIP Trunks)

Change Installer Username & Password

Go to Program 90-02 to update both the username and password. This is one of the most critical security steps.

Username Guidelines

  • Up to 10 characters
  • Supports uppercase, lowercase, and special characters

Password Guidelines

  • Up to 8 digits
  • Digits 0–9, *, and # are allowed
  • Sequential numbers are discouraged

Example

  • Username: TeSt91%K#*#*
  • Password: *538#*47

Reminder: Document all username/password changes. Provide them to the customer for secure storage.

Add Voicemail Access Codes to Each Phone

All physical phone extensions in use should have voicemail access codes configured:

  1. Press the VM Soft Key
  2. Navigate: MoreSetupCode
  3. Enter an access code
  4. This code will now be required for voicemail access

Change Default WebPro and PCPro Ports

If remote maintenance requires port forwarding, NEC recommends changing default port numbers to improve security:

  • Program 90-54-01 – Change WebPro Port
  • Program 90-54-02 – Change PCPro Port

‼️ Important: If WebPro’s port is forwarded (not recommended), also do the following:

  • Go to Program 90-28
  • Change or remove User Pro passwords for each extension
  • This prevents remote attackers from modifying call forwarding or voicemail settings on individual phones