System information
banned. For example if there are too much meaningless or not authenticated request from an IP address (probably the attacker), than that IP address will be
banned for a time period and the incoming messages from that IP will be silently dropped.
Users and devices will be allowed to access the system (and create new dialogs) only if they pass basic authorization which can be set from MManage ->
Users and Devices -> Edit tab.
For IVR access the server will authenticate the actual end-user based on the A number or will request a PIN code.
Basic authorization
Dialog authentication can be performed in the following ways:
-Open Relay: if you set the NeedAuth to 0 for a user, then your server becomes an open relay (this is forbidden by the “enforcestrongauth” global config by
default)
-Authentication based on IP address: for this you have to set NeedAuth to 1 and enter the peer IP address in the AuthIp field (can be a list of ip address
separated by comma). Instead of IP address you can also use a domain names here.
-Authentication based on tech prefix: this is mainly used in h323 network. Set the NeedAuth to 2 and enter a valid techprefix for the user (which is usually a
traffic sender)
-IP and techprefix: NeedAuth must be set to 3. The “TechPrefix” and “AuthIp” fields must be set correctly
-Username/password authentication: usually for your sip endusers. NeedAuth must be set to 4. Username and password fields must be accordingly
-Authentication based on username: A number authentication. NeedAuth must be set to 5 and with a valid username
-IP and port based authentication: gives you better security than just IP authentication and also it is useful when you have more traffic sender from the same
domain. NeedAuth must be set to 6. Port and IP have to be set accordingly. (port is stored in the callsigaddr field in tb_users. You need to edit it if needed)
-Username and IP: both username and authip must match
*SIP endusers are usually authenticated based on username and password.
*Traffic senders (carriers) are usually authenticated based on IP address.
Access numbers
Access numbers are special users. You will have to create them like usual users but their ivrid have to be set to a valid campaign id. (this is then linked with
an IVR script)
For callback access you also need to set the “iscallback” user field properly. Read the “callback” services for more details.
IVR authentication
For IVR calls the server will do a “callingcardauth” global config option based authentication.
Please note that in this case the caller device is already authenticated based on basic authorization settings. The IVR needs to find an enduser to allow
further operation, like call forward.