Provisioning Security

Discussion in '3CX Phone System - General' started by jtrollen, Sep 17, 2010.

Thread Status:
Not open for further replies.
  1. jtrollen

    Joined:
    May 17, 2010
    Messages:
    21
    Likes Received:
    0
    I'm in the process of installing and provisioning a handful of phones and it occurred to me that this could be a huge security hole. In theory, I could look on the bottom of a phone to get the MAC address and pull up the provisioning XML file in a web browser with all of the users information. I could then log in as another user if I wanted to. Am I missing something here? This just seems too easy. How are people securing the provisioning XML files?

    Thanks,

    -John
     
  2. abc123

    abc123 Active Member

    Joined:
    Nov 9, 2009
    Messages:
    712
    Likes Received:
    1
    We only allow access to the provisioning area for known IP addresses as source requestor.

    I have never tried (but will test it soon now you mention it) putting the config on a non standard port also, which should help.

    I dont see any other way that you can secure it to the outside world yet still let phones pick up configuration.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.