Skip navigation

Add Security to Conference Bridge

score 25
You have not voted. New

I recently got our conference bridge set up and working for the first time.  I found out that any user whether internal or an external caller calling into the Conference Bridge could enter a 4 digit bridge number and create a bridge.  Two serious issues with this:


  1. If I add a DID number to the Conference Bridge then anyone calling in could create a bridge without any internal user even knowing or authorizing the conference.
  2. Say we schedule a Call for Bridge 1234 and the clients calling in type 1235. They end up creating a bridge to sit there while the conference goes on without them knowing on Bridge 1234.


How I would expect it to work...


I figure the Conference Bridge and the User Accounts are both in the UC software so why can't the Conference Bridge verify the user has the rights to open a new Bridge rather than just letting anybody that happens along x7050 creating Bridges at will?

A call into the Conference Bridge from a known internal account should just automatically be able to create AND enter a Bridge.

An unknown call should be allowed to enter a Bridge but NOT create

A menu option should be put in place so that say a known user could call in from an outside line and be able to create a Bridge by providing Ext+Pin credentials.


I tried to explain it in this thread but Mark didn't seem to understand why I would want this.


To me it is basic security.  An unknown user shouldn't be able to create a Bridge.  Simple as that.  Now Mark did mention I could put an AA on the x7050 and then assign a passcode, write accesses out to a database, and then manually monitor if the Conference Bridge is getting abused.  Seems like the long way around when the security credentials are right there on the server already.


I guess if I need to explain it better...  I'm just not sure I can, it's a pretty simple explanation as-is.  I'm not saying the programming is simple, just the idea.


Vote history