Extension Registration Security
Endpoint Security is the third line of defense in multi-layered security strategy, preventing fraudsters from registering or logging in to extension accounts. Yeastar P-Series Cloud Edition has default rules to prevent malicious registration of SIP extensions by monitoring Registration Attempts, you can also enhance extension registration security by restricting Registration Credential, Concurrent Registration, User Agent, and IP Address.
Account Lockout for Failed Registration Attempts
Yeastar P-Series Cloud Edition has a built-in account lockout policy to prevent unauthorized access to extension accounts by automatically locking out the risky accounts after a certain number of failed registration attempts from the same IP address. When an account is locked out, the PBX will block the source IP address, display it in Block IPs, and send notifications of Extension Registration Blocked Out to the specified contacts.
To ensure that you can be notified when an account is locked out, you need to enable the event notification and add contacts to receive notifications.
- Go to .
- Under Event Type tab, turn on the notification of
Extension Registration Blocked Out.
- Under Notification
Contacts tab, add contacts to receive event
notifications.
Use Complex Credentials for SIP Registration
Weak SIP credentials can leave a potential security gap that fraudsters can easily exploit. Therefore, complex name and password should be used when registering extensions.
- Go to , edit the desired extension.
- In the Extension Information section, set complex
registration name and registration password.Tip: Here are some tips for a complex credential:
- At least 10 characters long.
- A combination of uppercase letters, lowercase letters, and numbers.
- Avoid 4 repeated or consecutive numbers.
- Avoid extension number or extension name.
- Click Save and Apply.
Restrict Multiple Registrations on the Same Extension
By default, Yeastar P-Series Cloud Edition allows one extension to be registered on a single device only. We recommend that you keep the restriction UNLESS you need multiple devices to register with a single SIP extension. If necessary, you can increase the concurrent registration limit for a SIP extension as follows:
- Go to , edit the desired extension.
- In the Extension Information section, select a value
from the drop-down list of .
- Click Save and Apply.
Restrict Extension Registration by User Agent
Restrict extension registration by authenticating user agent. When registering, SIP phones will send packets containing a user agent string. If the prefix of the user agent does not match the defined value, the registration will fail.
To restrict extension registration by user agent, follow the instructions below:
- Go to , edit the desired extension.
- Under Security tab, select the checkbox of
Enable User Agent Registration Authorization, and
set up the user agent.
- Click Save and Apply.
Restrict Extension Registration by IP Address
Restrict extension registration to trusted IP addresses. In this way, the system will automatically drop registration requests from untrusted IPs to prevent unauthorized devices from registering.
To restrict extension registration by IP address, follow the instructions below:
- Go to , edit the desired extension.
- Under Security tab, select the checkbox of
Enable IP Restriction and add the allowed IP
address.
- Click Save and Apply.