Hi,
I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This way even if the user move around their phone, it will be blocked. The disadvantage is that it will create opreration nightmare and will only work in ETTx environment. In a broadband wireless environment, there may be no layer 2 switch in between the network and subsriber.
There are 2 categories of subscribers. One is only want to use their home phone just like what the legacy voice network do. They won't bother to know about username/password. (For example illiterate elderly citizen). I must cater for these kind of users. Yet provide a secure environment for them.
Another is subscribers who want to have more flexibility. They may have hardphone, softphone, pda, notebook who can logon everywhere in the on-net network. These users may have more than one phone number to their home per user account. These users will have to be reseponsile for their username/password.
I am looking for all possibbilities and limitations there is before drawing any implementation plan.
So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway, Softphone/IPAQ w/WLAN, MSN Messenger, etc
Thanks
SSng
-----Original Message----- From: Jan Janak [mailto:jan@iptel.org] Sent: Tuesday, March 11, 2003 7:30 PM To: Ng, Soo Sim Cc: Jiri Kuthan; serusers@lists.iptel.org Subject: Re: [Serusers] multiple registration on one user login
Hello,
do you still need such a restriction ?
Jan.
On 10-03 11:12, Ng, Soo Sim wrote:
Thanks to all giving your thought and advice.
SSng
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Thursday, March 06, 2003 6:49 AM To: Ng, Soo Sim; serusers@lists.iptel.org Subject: RE: [Serusers] multiple registration on one user login
Hello,
I fear that such a case can't be avoided with allowing only a single registration. If I steal your phone away from your desk, you will not register with it anymore, but I will and we will have exactly one valid registration. Leaving SIP phones with hard-wired passwords on your desk has simply the same potential as leaving your credit-card or cell-phone there.
What can be done about fraud?
User education -- don't leave your money and phone unattended. Hotline -- report stolen phones to lock the account. PIN Lock -- use phones which can log-off and log-on (I'm not aware of any now -- only 3com used to do that)
-Jiri
ps -- ability to move is a feature. I know people who are very glad to use Vonage's US phone number and move with their ATAs and the US phone number around in Europe.
At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
Jiri,
Scenario is providing IP Telephony to the household. I am more concern about the security of the Hardphone. I am thinking of auto-provisioned the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know is their phone # (Just like legacy phone system).
Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the redisential area and still able to make a call. Potentially this will lead to abuse, as someone may take the phone to a different location when owner is not around and make a 'free' call, return back the phone and the billing still charge the original subsriber.
Any other suggestion to counter this issue is much appreacited.
SSng
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Wednesday, March 05, 2003 12:18 AM To: Ng, Soo Sim; serusers@lists.iptel.org Subject: Re: [Serusers] multiple registration on one user login
At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
I have such requirements. In providing sip-based residential ip telephony, I would like to restrict each home subsriber is only allowed to register one UA per account. This would make easy for billing purposes and for security reasons.
Is there a way to achieve this requirement with SER?
If that is your desparate wish, it is little overhead to make you happy. I'm still not sure though, it is a useful thing.
Maybe an operator can make more revennues if my wife can accept calls at any phone in my building and initiate calls in parallel with my doughter.
What are exactly the billing/security reasons here?
-Jiri
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hello,
On 12-03 07:22, Ng, Soo Sim wrote:
Hi,
I am thinking of locking the user hardphone MAC Address onto Layer 2 Switch level. This way even if the user move around their phone, it will be blocked. The disadvantage is that it will create opreration nightmare and will only work in ETTx environment. In a broadband wireless environment, there may be no layer 2 switch in between the network and subsriber.
It will be a problem ss long as user's credentials are stored in the phone (as opposed to PSTN where in fact the credentials is the phone line that the phone is connected to). Maybe you can use MAC address to lock your phone to a particular location, but that depends on type of the network used.
If your users are able to type phone numbers, they should be also able to type a simple numeric password and unlock the phone upon startup.
If they are not able to type such a simple password, then you can limit amount of money they can spend per day and allow emergency calls only if they exceed the amount.
But I admit that's not nice. If anybody steals your cell phone, you have the same problem unless you lock it by password.
If you have access to firmware of your phones, maybe you can detect that the network cable was pulled out and require password only in this case.
regards, Jan.
There are 2 categories of subscribers. One is only want to use their home phone just like what the legacy voice network do. They won't bother to know about username/password. (For example illiterate elderly citizen). I must cater for these kind of users. Yet provide a secure environment for them.
Another is subscribers who want to have more flexibility. They may have hardphone, softphone, pda, notebook who can logon everywhere in the on-net network. These users may have more than one phone number to their home per user account. These users will have to be reseponsile for their username/password.
I am looking for all possibbilities and limitations there is before drawing any implementation plan.
So far, my testing is working well. SER, Cisco 7960, ATA186, Cisco Voice Gateway, Softphone/IPAQ w/WLAN, MSN Messenger, etc
Thanks
SSng
-----Original Message----- From: Jan Janak [mailto:jan@iptel.org] Sent: Tuesday, March 11, 2003 7:30 PM To: Ng, Soo Sim Cc: Jiri Kuthan; serusers@lists.iptel.org Subject: Re: [Serusers] multiple registration on one user login
Hello,
do you still need such a restriction ?
Jan.
On 10-03 11:12, Ng, Soo Sim wrote:
Thanks to all giving your thought and advice.
SSng
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Thursday, March 06, 2003 6:49 AM To: Ng, Soo Sim; serusers@lists.iptel.org Subject: RE: [Serusers] multiple registration on one user login
Hello,
I fear that such a case can't be avoided with allowing only a single registration. If I steal your phone away from your desk, you will not register with it anymore, but I will and we will have exactly one valid registration. Leaving SIP phones with hard-wired passwords on your desk has simply the same potential as leaving your credit-card or cell-phone there.
What can be done about fraud?
User education -- don't leave your money and phone unattended. Hotline -- report stolen phones to lock the account. PIN Lock -- use phones which can log-off and log-on (I'm not aware of any now -- only 3com used to do that)
-Jiri
ps -- ability to move is a feature. I know people who are very glad to use Vonage's US phone number and move with their ATAs and the US phone number around in Europe.
At 11:37 PM 3/5/2003, Ng, Soo Sim wrote:
Jiri,
Scenario is providing IP Telephony to the household. I am more concern about the security of the Hardphone. I am thinking of auto-provisioned the hardphone (eg C7960, ATA186) without subsriber intervention. What the subscriber know is their phone # (Just like legacy phone system).
Since the Hardphone is 'hard-coded', the phone can move round the vicinity of the redisential area and still able to make a call. Potentially this will lead to abuse, as someone may take the phone to a different location when owner is not around and make a 'free' call, return back the phone and the billing still charge the original subsriber.
Any other suggestion to counter this issue is much appreacited.
SSng
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Wednesday, March 05, 2003 12:18 AM To: Ng, Soo Sim; serusers@lists.iptel.org Subject: Re: [Serusers] multiple registration on one user login
At 03:08 PM 3/4/2003, Ng, Soo Sim wrote:
I have such requirements. In providing sip-based residential ip telephony, I would like to restrict each home subsriber is only allowed to register one UA per account. This would make easy for billing purposes and for security reasons.
Is there a way to achieve this requirement with SER?
If that is your desparate wish, it is little overhead to make you happy. I'm still not sure though, it is a useful thing.
Maybe an operator can make more revennues if my wife can accept calls at any phone in my building and initiate calls in parallel with my doughter.
What are exactly the billing/security reasons here?
-Jiri
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Jan Janak -
Ng, Soo Sim