0

Ability to restrict mobility extension

Ron Romano

November 17, 2018 14:05

None

Follow

As far as I know the only way to restrict an extensions ability to use the mobility feature is to not tell the user the password to extensions web portal.  As a security measuer I would like 2 things to be implemented.

1.  By default ALL extensions access to the mobility extension feature be restricted.

2. Administrator ability to ALLOW access to mobility extension on a per extension basis.

Not all extensions need mobility.  More need web access to extension than need mobility and mobility is the only feature that is a true security risk.  We need the ability to give web access but no mobility.  This feature should be reserved for those the admin deems worthy.

• Facebook
• Twitter
• LinkedIn

3 comments

• 0
  
  Ina Tang November 23, 2018 05:23

  The Mobiliy features is mostly been used to ring user's mobile simultaneously. Basically when an extension is off of office and they don't want to miss any calls, they are tended to enable this function.

  So it is designed for extensions. And I am not sure what you mentioned security measuers? Seems there is no relastionship between it and mobility features. Maybe you are worring about the outbound calling fee?

• 0
  
  Ron Romano November 23, 2018 14:06

  Ina you are describing Simultaneous ring.  If you think about it, this is a security risk as well.  Someone could hack the user account and turn on simultaneous ring to a number used for fraud.  But it is mobility extension that gives direct access to the system to then make calls.  The fact is it not every user needs OR SHOULD HAVE web access to the phone account.  At the very least there should be a setting to turn an extensions web account on or off per user.  A phone in the lobby or cafeteria of a company does not ever need web access to the user account.

  Even if a phone needs web access to the account, this does not mean it needs access to all of the forwarding/mobility features.  These are the features that open up fraud. 

  You cannot assume that employees of a company will not misuse the system as well.

• 0
  
  Ina Tang November 30, 2018 11:51

  Ron,

  At the very least if you hope turn off extensions web account, currently the way is to generate a random password for them. And now as I've learned, the firmware version which higher than 30.10.0.9 generates random password by default. In this way, the users are not allowed to log into PBX without helping from admin to set a new password.

   

  For further discussion on it, I will write emails to you.