The firewalls in front of our PBX’s are configured to only allow SIP traffic from UK IP addresses, this reduces the attack surface and is usually not an issue as almost all legitimate traffic is from the UK.
As we expand there is greater need for international connections, this is fine if they have a static WAN IP or FQDN, but the more recent requirements are for “home” users with phones on their residential connections where dynamic IPs are the standard.
Changing the whitelisted IP every time their IP changes is not only tedious, but gives poor service, plus due to recent events (here and here) I’m not prepared to open access to another country for a single extension.
In my case, these internationals are satellites of a UK based office, so the idea is having the overseas phone route all voice traffic through the UK office where its free to connect to the PBX…
When a phone is no longer required on your service, there is
always trepidation on what will happen to it, the hope is that’s its unplugged,
stuffed in a drawer and never sees the light of day again. But in reality,
there’s a good chance that it will end up on the likes of eBay and Gumtree, and
since a phone is already provisioned with your server details, the next person
to get their hands on it could have unauthorised access to the system.
The simple step to prevent unauthorised access is to delete / change the secret to the extension, if your will to put up with the constant failed registration attempts. But what about the personal data on the phone? BLFs, local directories and the like.
Yealink devices since firmware version 81 have had the
ability to factory reset via a SIP notify command, meaning should a phone still
be online, a factory reset can be handled remotely and without end user