innovaphone Forum

You are here

Help with Search (new window)
Picture of Uwe 2460
Registered 9 years 57 days
+8 −0 Open for Voting
Uwe 2460 Monday, 30 November 2020, 10:13 AM
8 of 8 users support this suggestion
AppPlatform: stronger protection of APP platform / AP manager web login (e.g. two-factor authentication)

The web interface to AP manager needs to be fully accessible from internet, as soon as clients need access from internet side. This applies definitely for hosted PBX scenarios. The AP Manager “just” asks for a password. This login is protected against brute force attacks, because timeout for next login is always doubled on failed attempt (Ok).

Access to PBX or the admin PBX in hosted PBX can be protected with two-factor authentication. So even if a password gets leaked, there is no access to admin PBX (Ok). However, a leaked AP manager password could be used, to login to AP Manager. In a hosted PBX scenario, this would mean, that all devices of all customers could be accessed (risky)!

Some measures should be taken, to have an optionally better protection for direct access to AP manager. This could be for instance:

  • two-factor authentication for direct login to AP manager
  • or only defined source IP addresses/networks allowed for direct login to AP Manager

For emergency purposes (e.g. SMTP fails-> no login via two-factor) it should be possible to disable this optional protection via SSH console login.

← You can define your color theme preference here