We have been looking at sip providers who will meet our needs of being able to handle a fairly large call volume (up to 30k minutes per month) at a decent price. 10 unlimited trunks would be the way to go and the one company that would be ideal would be sip.us. They are recommended by nerdvittles too, so we would like to start with them.
However, there is one fatal flaw that is a deal breaker for us:
Their online user Control Panel, where you can administer your sip settings, account and payment information, etc.
In my mind there are severe security implications with the level of control you have over your credit card auto replenish settings, international call restrictions and call forwarding options.
Now, don't get me wrong, I appreciate that I can set all of this myself, but so would a hacker getting access to a customer's control panel.
Once in, all that hacker would need to do, is turn auto replenish on, turn international calling on and put his international toll fraud number into the PSTN forward field. Then all of my incoming calls would go to that toll fraud destination and come next morning, my company will have their credit card charged with a few thousand dollars for calls to the middle east.
Sip.us does blacklist calls to certain toll fraud risky destinations, but that is not enough IMO.
Now think of how much we worry about PBX security, firewalls, fail2ban, secure sip credentials, etc. With a SIP account like this, you are just one cracked password away from the $100000 bill!
Is that a reason for concern and sleepless nights? Well, for me it would be. Why? Cause the web portal login on former sip provider of ours got once hacked with someone trying to forward calls to a destination in Israel. Luckily we had international calling turned off at the provider end! So this a realistic threat.
So, what sip.us needs to do is, keep things the way they are, but allow the customer to request, that sip.us locks down certain settings, regardless of what one may do on the Control Panel. These locked settings can only be changed if customer requests they be unlocked again.
E.g. I would request, that my international call settings be locked down, i.e. be turned off, as well as auto replenish denied, and PSTN forward only allowed to destinations in the US48 region if possible.
That would take care of my concerns.
Guys, please join the discussion, I want to hear what you have to say.
I also really want to sign up with sip.us, but they need to fix this issue first. Other providers allow for this kind of customization.
However, there is one fatal flaw that is a deal breaker for us:
Their online user Control Panel, where you can administer your sip settings, account and payment information, etc.
In my mind there are severe security implications with the level of control you have over your credit card auto replenish settings, international call restrictions and call forwarding options.
Now, don't get me wrong, I appreciate that I can set all of this myself, but so would a hacker getting access to a customer's control panel.
Once in, all that hacker would need to do, is turn auto replenish on, turn international calling on and put his international toll fraud number into the PSTN forward field. Then all of my incoming calls would go to that toll fraud destination and come next morning, my company will have their credit card charged with a few thousand dollars for calls to the middle east.
Sip.us does blacklist calls to certain toll fraud risky destinations, but that is not enough IMO.
Now think of how much we worry about PBX security, firewalls, fail2ban, secure sip credentials, etc. With a SIP account like this, you are just one cracked password away from the $100000 bill!
Is that a reason for concern and sleepless nights? Well, for me it would be. Why? Cause the web portal login on former sip provider of ours got once hacked with someone trying to forward calls to a destination in Israel. Luckily we had international calling turned off at the provider end! So this a realistic threat.
So, what sip.us needs to do is, keep things the way they are, but allow the customer to request, that sip.us locks down certain settings, regardless of what one may do on the Control Panel. These locked settings can only be changed if customer requests they be unlocked again.
E.g. I would request, that my international call settings be locked down, i.e. be turned off, as well as auto replenish denied, and PSTN forward only allowed to destinations in the US48 region if possible.
That would take care of my concerns.
Guys, please join the discussion, I want to hear what you have to say.
I also really want to sign up with sip.us, but they need to fix this issue first. Other providers allow for this kind of customization.