Extension Security Overview
This topic describes security options to prevent Yeastar P-Series PBX System from unauthorized SIP registrations and abused outbound calls.
SIP security options
Yeastar P-Series PBX System provides the following options to prevent unauthorized SIP registrations.
- Allow Remote Registration
- Anytime you use a remote extension to
access PBX, you expose your PBX to the public internet, which increases
the risk of VoIP hacking and attack. The option is disabled by
default.Note: We recommend that you keep the option disabled unless you need a remote extension.
- SIP User Agent Identification
-
By default, PBX allows phones to register extensions without user agent limit. To enhance extension security, you can restrict which user agent is allowed to register an extension.
When a phone is trying to register the extension, the phone will send SIP packets containing user agent. If the prefix of the user agent does not match the specified value, the registration will fail.
- SIP Registration IP Restriction
- By default, PBX allows SIP registrations without the limit of IP address.
Call restrictions options
Yeastar P-Series PBX System provides the following options to prevent abused outbound calls.
- Disable Outbound Calls
- Restrict users from making outbound calls.
- Disable Outbound Calls outside Business Hours
- Restrict users from making outbound calls during off-duty time and holidays.
- Disallow International Calls
- Restrict users from making international calls.Note: The option works only when you have enabled Enable Allowed Country/Region Code Dialaing Protection. For more information, see Block Outbound International Calls.
- Outbound Call Frequency Restriction
- When an extension makes outbound calls and the number of calls exceeds the outbound call frequency restriction within specified time period, the system would restrict the extension from making outbound calls.
- Max Outbound Call Duration (s)
- When the user is in an outbound call and the call duration reaches the limit, the system would end the call.
Outbound Route Permission
Login Security
- Two-Factor Authentication
- Yeastar P-Series PBX System supports Two-factor Authentication (2FA) for
extension users to protect their accounts by requiring an additional
authentication code for login.
- To make 2FA mandatory for all extensions, see Enforce Two-factor Authentication for All Extension
Users.Note: You cannot enable 2FA for a specific extension. But if a user has configured 2FA but failed to login via 2FA (e.g. unable to receive authentication code via email), you can disable 2FA for the specific extension individually (Path: ), so that the user can directly log in with the username and password.
- For more information about how users can configure 2FA, see Enable 2FA on Linkus Web Client and Enable 2FA on Linkus Desktop Client.
- To make 2FA mandatory for all extensions, see Enforce Two-factor Authentication for All Extension
Users.
- User must change password periodically
- As a super administrator, you can set whether to force extension users
to change password periodically, thus enhancing extension account
security.
For more information, see Set up Periodic Password Changes for an Extension.