Overview
Under Security Settings, you configure central security features of your Virtual-Call Cloud PBX: passwordless login, two-factor authentication, password rules, console/SSH access, and country-specific IP and dialing code restrictions.
Prerequisites
- Administrator access to the Virtual-Call Cloud PBX
Page Overview
Navigate to Security → Security Settings. The page contains four tabs:
- Security Options: Passwordless login, 2FA, password rules, public client IP addresses, call encryption, and IP restriction for administrators.
- Console/SSH Access: Configure console account and SSH access.
- Allowed Country IPs: Enable IP access protection by country/region.
- Allowed Country Codes: Enable dialing protection by country/region codes.
Tab: Security Options
Navigate to Security → Security Settings → Security Options.
Passwordless Login
| Field | Description |
|---|---|
| Passwordless Login | Grants your PBX provider permission to log into the PBX with a dedicated, passwordless administrator account via the Central Management platform. |
Two-Factor Authentication
| Field | Description |
|---|---|
| Make Two-Factor Authentication Mandatory for All Extensions | If enabled, all extensions must log in through 2FA. Extensions that have already enabled 2FA won't be affected. |
Extension Password Rules
| Field | Description |
|---|---|
| Minimum Character Length of User Password | Minimum length for the extension user password. Required. |
| Minimum Character Length of Registration Password | Minimum length for the SIP registration password. Required. |
| Extensions Are Not Allowed to Reuse Any of Their Last X User Password(s) | Prevents reuse of the last X passwords. |
Allowed Client Public IP Address
When multiple public IP addresses exist in the client's network environment, you must specify the public IP addresses allowed for client access. If there is only one public IP address, it will be automatically detected, and no configuration is required.
Call Encryption Tunnel
| Field | Description |
|---|---|
| Enable Call Encryption Tunnel | When enabled, all call signaling and media for mobile clients in the PBX will be transmitted through an encrypted tunnel. |
Enable IP Restriction for Administrator Login
| Field | Description |
|---|---|
| Enable IP Restriction for Administrator Login | When enabled, administrators can only log in from the IP addresses listed in the IP List. |
| IP List | Table with Allowed IP Address and Subnet Mask. |
Tab: Console/SSH Access
Navigate to Security → Security Settings → Console/SSH Access.
Console
| Field | Description |
|---|---|
| Console Account | Username for console access. Required. |
| Console Password | Password for console access. Required. |
SSH Access
| Field | Description |
|---|---|
| SSH Access | Toggle to enable or disable SSH access. |
| SSH Address | Address for SSH access. |
| SSH Port | Port for SSH access. |
Tab: Allowed Country IPs
Navigate to Security → Security Settings → Allowed Country IPs.
Here you can enable IP access protection by country/region. The overview shows the columns Country/Region, Continent, and Operations (toggle to allow/block). Use the Allow and Disallow buttons to change multiple entries at once.
| Field | Description |
|---|---|
| Enable Allowed Country/Region IP Access Protection | Toggle to enable the feature. When enabled, only IP addresses from allowed countries will be permitted. |
Tab: Allowed Country Codes
Navigate to Security → Security Settings → Allowed Country Codes.
Here you can enable dialing protection by country/region codes. The overview shows the columns Country/Region Code, Country/Region, Continent, and Operations.
| Field | Description |
|---|---|
| Enable Allowed Country/Region Code Dialing Protection | Toggle to enable the feature. When enabled, only allowed country dialing codes can be dialed. |
| International Dialing Code | Your international dialing code (e.g., 00 or +). |
Configuring Security Settings
- Navigate to Security → Security Settings.
- In the Security Options tab, configure password rules, 2FA, and encryption as needed.
- In the Console/SSH Access tab: Change the console password and configure SSH if required.
- In the Allowed Country IPs tab: Enable geo-IP protection and allow only the countries from which your users access the system.
- In the Allowed Country Codes tab: Enable dialing code protection and allow only the country codes that your users need to dial.
- Click Save.
Best Practices
- Enable Two-Factor Authentication for all extensions to enhance account security.
- Set the minimum character length for passwords to at least 10 characters.
- Change the default console password immediately after initial setup.
- Enable SSH access only when needed and disable it again when no longer required.
- Enable Allowed Country IPs and restrict access to only the countries where your employees actually work.
- Enable allowed country codes and block dialing codes for countries you don't need to call to prevent toll fraud.
Comments
0 comments
Article is closed for comments.