I recently got our conference bridge set up and working for the first time. I found out that any user whether internal or an external caller calling into the Conference Bridge could enter a 4 digit bridge number and create a bridge. Two serious issues with this:
- If I add a DID number to the Conference Bridge then anyone calling in could create a bridge without any internal user even knowing or authorizing the conference.
- Say we schedule a Call for Bridge 1234 and the clients calling in type 1235. They end up creating a bridge to sit there while the conference goes on without them knowing on Bridge 1234.
How I would expect it to work...
I figure the Conference Bridge and the User Accounts are both in the UC software so why can't the Conference Bridge verify the user has the rights to open a new Bridge rather than just letting anybody that happens along x7050 creating Bridges at will?
A call into the Conference Bridge from a known internal account should just automatically be able to create AND enter a Bridge.
An unknown call should be allowed to enter a Bridge but NOT create
A menu option should be put in place so that say a known user could call in from an outside line and be able to create a Bridge by providing Ext+Pin credentials.
I tried to explain it in this thread but Mark didn't seem to understand why I would want this.
To me it is basic security. An unknown user shouldn't be able to create a Bridge. Simple as that. Now Mark did mention I could put an AA on the x7050 and then assign a passcode, write accesses out to a database, and then manually monitor if the Conference Bridge is getting abused. Seems like the long way around when the security credentials are right there on the server already.
I guess if I need to explain it better... I'm just not sure I can, it's a pretty simple explanation as-is. I'm not saying the programming is simple, just the idea.