I would like to see an option to randomize the authentication name of an extension. This will make it harder for attackers to hack phones.
Or at least add a randomized prefix or suffix to the extension authentication name.
How are you planning to register phones though, Are you auto provisioning?
New firmware requires 16 digit registration passwords that are quite secure. Could you possibly use more advance firewall rules and register on another port other than 5060 as this is trolled through constantly. There is also mac address filtering etc.
Yes we use auto provisioning. Even if the user has to enter a long string from time to time for user name I'm OK with that. We use every available setting to create obstacles to registration from port change to user agent. Any additional obstacle has value. If a system is getting attacked, the IP is already known. Then they start by using common extension numbers. I want to take that away.