12 Mar
2003
12 Mar
'03
1:22 a.m.
Hi,
I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This
way even if the user move around their phone, it will be blocked.
The disadvantage is that it will create opreration nightmare and will only work in ETTx
environment. In a broadband wireless environment, there may be no layer 2 switch in
between the network and subsriber.
There are 2 categories of subscribers. One is only want to use their home phone just like
what the legacy voice network do. They won't bother to know about username/password.
(For example illiterate elderly citizen). I must cater for these kind of users. Yet
provide a secure environment for them.
Another is subscribers who want to have more flexibility. They may have hardphone,
softphone, pda, notebook who can logon everywhere in the on-net network.
These users may have more than one phone number to their home per user account. These
users will have to be reseponsile for their username/password.
I am looking for all possibbilities and limitations there is before drawing any
implementation plan.
So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway,
Softphone/IPAQ w/WLAN, MSN Messenger, etc
Thanks
SSng
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: Tuesday, March 11, 2003 7:30 PM
To: Ng, Soo Sim
Cc: Jiri Kuthan; serusers(a)lists.iptel.org
Subject: Re: [Serusers] multiple registration on one user login
Hello,
do you still need such a restriction ?
Jan.
On 10-03 11:12, Ng, Soo Sim wrote:
Thanks to all giving your thought and advice.
SSng
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Thursday, March 06, 2003 6:49 AM
To: Ng, Soo Sim; serusers(a)lists.iptel.org
Subject: RE: [Serusers] multiple registration on one user login
Hello,
I fear that such a case can't be avoided with allowing only
a single registration. If I steal your phone away from your
desk, you will not register with it anymore, but I will and
we will have exactly one valid registration. Leaving SIP
phones with hard-wired passwords on your desk has simply the
same potential as leaving your credit-card or cell-phone there.
What can be done about fraud?
User education -- don't leave your money and phone unattended.
Hotline -- report stolen phones to lock the account.
PIN Lock -- use phones which can log-off and log-on (I'm not aware
of any now -- only 3com used to do that)
-Jiri
ps -- ability to move is a feature. I know people who are very glad
to use Vonage's US phone number and move with their ATAs and the
US phone number around in Europe.
At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
Jiri,
Scenario is providing IP Telephony to the household.
I am more concern about the security of the Hardphone. I am thinking of auto-provisioned
the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know
is their phone # (Just like legacy phone system).
Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the
redisential area and still able to make a call. Potentially this will lead to abuse, as
someone may take the phone to a different location when owner is not around and make a
'free' call, return back the phone and the billing still charge the original
subsriber.
Any other suggestion to counter this issue is much appreacited.
SSng
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Wednesday, March 05, 2003 12:18 AM
To: Ng, Soo Sim; serusers(a)lists.iptel.org
Subject: Re: [Serusers] multiple registration on one user login
At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
--
Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers I have such requirements. In providing sip-based
residential ip telephony, I would like to restrict each home subsriber is only allowed to
register one UA per account. This would make easy for billing purposes and for security
reasons.
Is there a way to achieve this requirement with SER?
If that is your desparate wish, it is little overhead to make you happy.
I'm still not sure though, it is a useful thing.
Maybe an operator can make more revennues if my wife can accept calls at
any phone in my building and initiate calls in parallel with my doughter.
What are exactly the billing/security reasons here?
-Jiri 
13 Mar
13 Mar
3:04 a.m.
New subject: [Serusers] multiple registration on one user login
Hello,
On 12-03 07:22, Ng, Soo Sim wrote:
Hi,
I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This
way even if the user move around their phone, it will be blocked.
The disadvantage is that it will create opreration nightmare and will only work in ETTx
environment. In a broadband wireless environment, there may be no layer 2 switch in
between the network and subsriber.
It will be a problem ss long as user's credentials are stored in the
phone (as opposed to PSTN where in fact the credentials is the phone line
that the phone is connected to). Maybe you can use MAC address to lock
your phone to a particular location, but that depends on type of the
network used.
If your users are able to type phone numbers, they should be also able
to type a simple numeric password and unlock the phone upon startup.
If they are not able to type such a simple password, then you can
limit amount of money they can spend per day and allow emergency calls
only if they exceed the amount.
But I admit that's not nice. If anybody steals your cell phone, you
have the same problem unless you lock it by password.
If you have access to firmware of your phones, maybe you can detect that
the network cable was pulled out and require password only in this
case.
regards, Jan.
There are 2 categories of subscribers. One is only
want to use their home phone just like what the legacy voice network do. They won't
bother to know about username/password. (For example illiterate elderly citizen). I must
cater for these kind of users. Yet provide a secure environment for them.
Another is subscribers who want to have more flexibility. They may have hardphone,
softphone, pda, notebook who can logon everywhere in the on-net network.
These users may have more than one phone number to their home per user account. These
users will have to be reseponsile for their username/password.
I am looking for all possibbilities and limitations there is before drawing any
implementation plan.
So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway,
Softphone/IPAQ w/WLAN, MSN Messenger, etc
Thanks
SSng
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: Tuesday, March 11, 2003 7:30 PM
To: Ng, Soo Sim
Cc: Jiri Kuthan; serusers(a)lists.iptel.org
Subject: Re: [Serusers] multiple registration on one user login
Hello,
do you still need such a restriction ?
Jan.
On 10-03 11:12, Ng, Soo Sim wrote:
Thanks to all giving your thought and advice.
SSng
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Thursday, March 06, 2003 6:49 AM
To: Ng, Soo Sim; serusers(a)lists.iptel.org
Subject: RE: [Serusers] multiple registration on one user login
Hello,
I fear that such a case can't be avoided with allowing only
a single registration. If I steal your phone away from your
desk, you will not register with it anymore, but I will and
we will have exactly one valid registration. Leaving SIP
phones with hard-wired passwords on your desk has simply the
same potential as leaving your credit-card or cell-phone there.
What can be done about fraud?
User education -- don't leave your money and phone unattended.
Hotline -- report stolen phones to lock the account.
PIN Lock -- use phones which can log-off and log-on (I'm not aware
of any now -- only 3com used to do that)
-Jiri
ps -- ability to move is a feature. I know people who are very glad
to use Vonage's US phone number and move with their ATAs and the
US phone number around in Europe.
At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Jiri,
Scenario is providing IP Telephony to the household.
I am more concern about the security of the Hardphone. I am thinking of auto-provisioned
the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know
is their phone # (Just like legacy phone system).
Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the
redisential area and still able to make a call. Potentially this will lead to abuse, as
someone may take the phone to a different location when owner is not around and make a
'free' call, return back the phone and the billing still charge the original
subsriber.
Any other suggestion to counter this issue is much appreacited.
SSng
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Wednesday, March 05, 2003 12:18 AM
To: Ng, Soo Sim; serusers(a)lists.iptel.org
Subject: Re: [Serusers] multiple registration on one user login
At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
--
Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers I have such requirements. In providing sip-based
residential ip telephony, I would like to restrict each home subsriber is only allowed to
register one UA per account. This would make easy for billing purposes and for security
reasons.
Is there a way to achieve this requirement with SER?
If that is your desparate wish, it is little overhead to make you happy.
I'm still not sure though, it is a useful thing.
Maybe an operator can make more revennues if my wife can accept calls at
any phone in my building and initiate calls in parallel with my doughter.
What are exactly the billing/security reasons here?
-Jiri
7925
days inactive
7927
days old
1 comments
2 participants
participants (2)
-
Jan Janak -
Ng, Soo Sim