Extension Security Overview

This topic describes security options to prevent Yeastar P-Series PBX System from unauthorized SIP registrations and abused outbound calls.

SIP security options

Yeastar P-Series PBX System provides the following options to prevent unauthorized SIP registrations.

Allow Remote Registration
Anytime you use a remote extension to access PBX, you expose your PBX to the public internet, which increases the risk of VoIP hacking and attack. The option is disabled by default.
Note: We recommend that you keep the option disabled unless you need a remote extension.
SIP User Agent Identification

By default, PBX allows phones to register extensions without user agent limit. To enhance extension security, you can restrict which user agent is allowed to register an extension.

When a phone is trying to register the extension, the phone will send SIP packets containing user agent. If the prefix of the user agent does not match the specified value, the registration will fail.

SIP Registration IP Restriction
By default, PBX allows SIP registrations without the limit of IP address.
To enhance extension security, you can specify which IP address or IP section is allowed to register an extension.

Call restrictions options

Yeastar P-Series PBX System provides the following options to prevent abused outbound calls.

Note: These restrictions don't apply to emergency calls. If you want to set up emergency calling, see Emergency Calling Overview.
Disable Outbound Calls
Restrict users from making outbound calls.
Disable Outbound Calls outside Business Hours
Restrict users from making outbound calls during off-duty time and holidays.
Disallow International Calls
Restrict users from making international calls.
Note: The option works only when you have enabled Enable Allowed Country/Region Code Dialaing Protection. For more information, see Block Outbound International Calls.
Outbound Call Frequency Restriction
When an extension makes outbound calls and the number of calls exceeds the outbound call frequency restriction within specified time period, the system would restrict the extension from making outbound calls.
For more information, see Limit Outbound Call Frequency of an Extension.
Max Outbound Call Duration (s)
When the user is in an outbound call and the call duration reaches the limit, the system would end the call.

Outbound Route Permission

Specify the outbound routes that an extension is allowed to use.
Note: If this extension belongs to an organization or an extension group that has permission to use a specific outbound route, then you can't change the extension's permission to the outbound route here.

Login Security

Yeastar P-Series PBX System provides the following security options to protect extension user's account.
Two-Factor Authentication
Yeastar P-Series PBX System supports Two-factor Authentication (2FA) for extension users to protect their accounts by requiring an additional authentication code for login.
  • To make 2FA mandatory for all extensions, see Enforce Two-factor Authentication for All Extension Users.
    Note: You cannot enable 2FA for a specific extension. But if a user has configured 2FA but failed to login via 2FA (e.g. unable to receive authentication code via email), you can disable 2FA for the specific extension individually (Path: Extension and Trunk > Extension > Security > Login Security > Two-Factor Authentication), so that the user can directly log in with the username and password.
  • For more information about how users can configure 2FA, see Enable 2FA on Linkus Web Client and Enable 2FA on Linkus Desktop Client.
User must change password periodically
As a super administrator, you can set whether to force extension users to change password periodically, thus enhancing extension account security.

For more information, see Set up Periodic Password Changes for an Extension.