Security Question

Discussion in 'Windows' started by blabla, Mar 7, 2008.

Thread Status:
Not open for further replies.
  1. blabla

    Joined:
    Jan 20, 2008
    Messages:
    32
    Likes Received:
    0
    How do a prevent misuse of the 3CX system when it is possible to login with just a possibly weak mailbox PIN ?

    In many cases port 5060 will have to be open to the internet (when using VoIP DIDs or VoIP termination). How wo prevent that weak mailbox PINs get exploited ? Can I somehow disable certain users from the ability to login just with the mailbox PIN ?

    There should be an option to allow login with PIN only over the tunnel functioality.
     
  2. darrellchapman

    Joined:
    Nov 26, 2007
    Messages:
    268
    Likes Received:
    0
    Great question, and possibly just the tip of the iceberg.

    If you are running a firewall you can set some rules that only certain IPs (or MAC addresses, for DHCP) can gain access to the 3CX server. Externally the only hosts that should contacting your server are remote PCs or your VoIP provider(s). And for all of those you should have an idea of their IP address (or MAC address) actually is. Would this work for you?

    If I think of another solution, I'll post it then.

    Darrell Chapman
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. blabla

    Joined:
    Jan 20, 2008
    Messages:
    32
    Likes Received:
    0
    As a stop-gap mearure.
    But of course that would necessitate that your VoIP Provider would inform you about IP changes, something that will cetainly not work reliably with all providers.

    Secondly: You use the ability to login from remote with "normal" extension credentials, something that is of use and associated with less of a security problem.

    As written in my first post, I think it would be best if:

    -Login with PIN from remote destination only works over tunnel
    -Login from remote destinations are possible with normal username/pw combinations (configurable)
     
  4. darrellchapman

    Joined:
    Nov 26, 2007
    Messages:
    268
    Likes Received:
    0
    I absolutely 100% agree with you. However, I was recommending something you can do immediately without waiting for these changes to get implemented in to 3CX. Your requests will require the 3CX Developers to step in.

    Darrell Chapman
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.