Extension-Specific Security

Navigate to SIP Settings

Go to Extensions > Select extension > Advanced > SIP Settings.

Configure Authentication

Enable Encryption

Navigate to Extensions > Select extension > Advanced.

Configure Transport and Media

• Transport: Select TLS
• Media Encryption: Enable SRTP (Mandatory)

Save

Click Save to enforce encryption.

Navigate to Permissions

Go to Extensions > Select extension > Permissions.

Configure Route Permissions

Available Routes:

• Local: Local calls only
• Long Distance: Domestic long distance
• International: International calling
• Premium: Premium-rate numbers (900, etc.)
• Emergency: Emergency services (911, 112)

Assignment:

• Check routes to allow
• Uncheck routes to block
• Emergency always enabled by default

Save

Click Save to apply restrictions.

Add Patterns

Navigate to Extensions > Select extension > Call Restrictions, then click Add Pattern.

Enter Patterns

Examples:

• 900XXXXXXX: Block all premium-rate 900 numbers
• 1-976-XXX-XXXX: Block adult services
• 011: Block all international (overrides route permission)
• Specific Number: Block ex-employee's number

Wildcards:

• X: Any single digit
• N: Any digit 2-9
• Z: Any digit 1-9
• .: Wildcard (any length)

Save

Click Save to enforce blocks.

Enable IP Restriction

Navigate to Extensions > Select extension > Advanced > IP Restrictions and enable Restrict Registration by IP.

Add Allowed IPs

Click Add IP and enter allowed IPs or ranges:

• Single IP: 192.168.1.100
• Range: 192.168.1.0/24
• Multiple: Add multiple entries

Save

Click Save to enforce restriction.

Configure Portal Security

Navigate to Extensions > Select extension > Security.

Set Access Controls

Save

Click Save to apply settings.

Enable Recording

Navigate to Extensions > Select extension > Features > Call Recording and select Always Record.

Configure Options

• User Cannot Disable: Remove user control
• Announce Recording: Play notification
• Secure Storage: Encrypt recordings
• Access Control: Restrict who can listen

Save

Click Save to enforce recording.

Enable Monitoring

Navigate to Extensions > Select extension > Features > Call Monitor and enable Allow Monitoring.

Configure Permissions

Who Can Monitor:

• Specific users (select supervisors)
• Extension group (e.g., "Managers")
• All administrators

Monitor Modes:

• Listen: Silent monitoring only
• Whisper: Speak to agent without customer hearing
• Barge: Join call as 3-way conference

Save

Click Save to grant permissions.

Configure Visibility

Navigate to Extensions > Select extension > Privacy and enable Hide from Directory.

Select Visibility Level

Visibility Options:

• Hidden: Not in directory at all
• Number Only: Number visible, name hidden
• Name Only: Name visible, number hidden
• Full: Name and number visible (default)

Create Profile

Navigate to Security > Extension Security Profiles and click Create Profile.

Configure Settings

Name profile (e.g., "High Security - Executives") and configure all security settings:

• SIP transport (TLS)
• Media encryption (SRTP mandatory)
• IP restrictions
• Call restrictions
• Recording requirements
• Monitor permissions
• Password policies

Save

Click Save to create profile.

Run Audit

Navigate to Extensions > Select extension > Security Audit.

Review Checklist

System evaluates:

Address Issues

View audit score (0-100%) and address flagged issues.

Basic Extension Security

Extensions > Select extension > Security → Authentication: Auto-generate strong password → Transport: Enable TLS → Media: Require SRTP → Save

Call Restrictions

Extensions > Select extension > Permissions → Select allowed outbound routes → Call Restrictions tab → Add denied patterns → Save

IP Restrictions

Extensions > Select extension > Advanced > IP Restrictions tab → Enable restriction → Add allowed IPs → Save

Apply Security Profile

Extensions > Select extensions → Bulk Actions > Apply Security Profile → Select profile → Apply