Users with multiple phones and phones with multiple users
- 
 @JaredBusch Just learned a new term "hot desking." And that's exactly what these folks do when they come in once a week. As far as their phones go, it probably wouldn't be the end of the world if they have to press a button to make an outbound call as their extension, but I know there will be griping and complaining from simply "logging into my extension like I used to do." 
- 
 @EddieJennings said in Users with multiple phones and phones with multiple users: @JaredBusch Just learned a new term "hot desking." And that's exactly what these folks do when they come in once a week. As far as their phones go, it probably wouldn't be the end of the world if they have to press a button to make an outbound call as their extension, but I know there will be griping and complaining from simply "logging into my extension like I used to do." Lots of people hot desktop use soft phones for this reason, it's the default behaviour rather than an advanced feature. 
- 
 So I just took the time to check the settings. This looks simple to setup. Basically, you will have 2 DSS keys set to Line 1 (so they can get a 2nd call) and a hotdesking button to log in and out. For these extensions you will want to set a simple SIP password (because they have to type it on the phone) and that is bad, so you will also want to restrict these extensions to a certain IP block. Which then causes problems if you think you want to use the extension on another device. ####################################################################################### ## Hotdesking Startup ## ####################################################################################### #Enable or disable the phone to show the following items on the login wizard during startup; 0-Disabled, 1-Enabled; #hotdesking.startup_register_name_enable = 1 (default) #hotdesking.startup_username_enable = 1 (default) #hotdesking.startup_password_enable = 0 (default) #hotdesking.startup_sip_server_enable = 0 (default) #hotdesking.startup_outbound_enable = 0 (default) hotdesking.startup_register_name_enable = hotdesking.startup_username_enable = hotdesking.startup_password_enable = hotdesking.startup_sip_server_enable = hotdesking.startup_outbound_enable =####################################################################################### ## Hotdesking Dsskey ## ####################################################################################### #Enable or disable the phone to show the following items on the login wizard when pressing the Hot Desking DSS key; #0-Disabled, 1-Enabled; #hotdesking.dsskey_register_name_enable = 1 (default) #hotdesking.dsskey_username_enable = 1 (default) #hotdesking.dsskey_password_enable = 0 (default) #hotdesking.dsskey_sip_server_enable = 0 (default) #hotdesking.dsskey_outbound_enable = 0 (default) hotdesking.dsskey_register_name_enable = hotdesking.dsskey_username_enable = hotdesking.dsskey_password_enable = hotdesking.dsskey_sip_server_enable = hotdesking.dsskey_outbound_enable =
- 
 What I do at work which is similar to what you are trying to do is called Hoteling in Polycom phones. Ao you have one extension and you can login anywhere and dial out as you. There is also follow me but that is if you are out of the office and it calls your cell and so forth. 
- 
 @JaredBusch said in Users with multiple phones and phones with multiple users: So I just took the time to check the settings. For these extensions you will want to set a simple SIP password (because they have to type it on the phone) and that is bad, so you will also want to restrict these extensions to a certain IP block. Which then causes problems if you think you want to use the extension on another device. How does his current vendor secure this for home use? 
 How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)?It really sounds like a soft phone would solve this, but I'm guessing Mose people much prefer to use a traditional desktop phone versus some software on their computer, especially sales. 
 Of course good companies aren't normally run by the users, so don't rail me there, move on and answer the question. 
- 
 @Dashrender said in Users with multiple phones and phones with multiple users: How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)? Ideally, crazy long passwords, and better with TLS on the SIP channel. You can go further with port knocking and similar. VPN is an option. But good passwords go a long way, and adding TLS goes really far. 
- 
 @scottalanmiller said in Users with multiple phones and phones with multiple users: @Dashrender said in Users with multiple phones and phones with multiple users: How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)? Ideally, crazy long passwords, and better with TLS on the SIP channel. You can go further with port knocking and similar. VPN is an option. But good passwords go a long way, and adding TLS goes really far. Without TLS or some form of encryption, are you open to the old firesheep attack? 
- 
 @scottalanmiller said in Users with multiple phones and phones with multiple users: @Dashrender said in Users with multiple phones and phones with multiple users: How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)? Ideally, crazy long passwords, and better with TLS on the SIP channel. You can go further with port knocking and similar. VPN is an option. But good passwords go a long way, and adding TLS goes really far. You don't hotdesk with secure creds though because you cannot trust users type all of that in. That is why it is a bad idea for this scenario. The best option is simply to use secure credentials like always and just allow the extension to authenticate from more than one device. This requires training the users to push their ext button before dialing out when using the shared phone in the office. 
- 
 @JaredBusch said in Users with multiple phones and phones with multiple users: @scottalanmiller said in Users with multiple phones and phones with multiple users: @Dashrender said in Users with multiple phones and phones with multiple users: How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)? Ideally, crazy long passwords, and better with TLS on the SIP channel. You can go further with port knocking and similar. VPN is an option. But good passwords go a long way, and adding TLS goes really far. You don't hotdesk with secure creds though because you cannot trust users type all of that in. That is why it is a bad idea for this scenario. The best option is simply to use secure credentials like always and just allow the extension to authenticate from more than one device. This requires training the users to push their ext button before dialing out when using the shared phone in the office. This will likely be the way I'll handle the folks who come into the office once per week. This project is the perfect opportunity to introduce new behavior. @Dashrender Right now, there is no security outside of extension number and passcode. Out-of-office users, simply have their phones configured to talk to our on-premises server and they login using their extension's credentials. Everything's in the clear. 
- 
 @EddieJennings said in Users with multiple phones and phones with multiple users: @JaredBusch said in Users with multiple phones and phones with multiple users: @scottalanmiller said in Users with multiple phones and phones with multiple users: @Dashrender said in Users with multiple phones and phones with multiple users: How do you secure this for truly mobile use (crazy guy is allowed to demand the use of a physical phone from anywhere)? Ideally, crazy long passwords, and better with TLS on the SIP channel. You can go further with port knocking and similar. VPN is an option. But good passwords go a long way, and adding TLS goes really far. You don't hotdesk with secure creds though because you cannot trust users type all of that in. That is why it is a bad idea for this scenario. The best option is simply to use secure credentials like always and just allow the extension to authenticate from more than one device. This requires training the users to push their ext button before dialing out when using the shared phone in the office. This will likely be the way I'll handle the folks who come into the office once per week. This project is the perfect opportunity to introduce new behavior. @Dashrender Right now, there is no security outside of extension number and passcode. Out-of-office users, simply have their phones configured to talk to our on-premises server and they login using their extension's credentials. Everything's in the clear. Hence your toll fraud. I can log on to any of those extensions from anywhere. 




