Skip to content

Extension Security Overview

Extensions are a common target for toll fraud and unauthorized SIP registration. SIP (Session Initiation Protocol) is the signaling standard that phones use to register with the PBX and set up calls, so a stolen or weakly protected extension can be used to place expensive calls at your expense. Cloud Voice groups its protections into four areas: how devices are allowed to register, what outbound calls an extension can place, which outbound routes it can reach, and how user accounts sign in. Use this page as a map to the individual settings, then follow the linked topics to configure each one.

Out of the box, any device with valid credentials can register an extension. The following options let you narrow that down so only trusted endpoints connect.

User agent matching

Every registering phone includes a user agent string in its SIP packets. You can require that string to begin with a value you specify; registrations whose user agent prefix doesn’t match are rejected. See Restrict Extension Registration Based on User Agent.

IP address restriction

By default there is no limit on where registrations may originate. You can instead permit only a single IP address or an IP range to register a given extension. See Restrict Extension Registration Based on IP Address.

These controls reduce the damage a compromised or misused extension can do by curbing the calls it is allowed to place.

Disable outbound calls

Blocks the extension from placing outbound calls entirely. See Restrict Outbound Calls for an Extension.

Disable outbound calls outside business hours

Prevents outbound calls during off-hours and holidays, so an extension can only dial out during your defined working times. See Block Outbound Calls Outside Business Hours.

Disallow international calls

Stops the extension from dialing international destinations.

Outbound call frequency restriction

Caps how many outbound calls an extension may place within a defined window. Once the count is exceeded, the system blocks further outbound calls from that extension. See Limit Outbound Call Frequency of an Extension.

Maximum outbound call duration

Sets a ceiling, in seconds, on how long an outbound call can run. When a call reaches the limit, the system disconnects it. See Limit Call Duration of an Outbound Call.

You can also choose exactly which outbound routes an extension is permitted to use.

The following options protect the credentials extension users sign in with.

Two-factor authentication (2FA)

Cloud Voice supports 2FA, which asks users for an additional verification code at login on top of their password.

Periodic password changes

As an administrator, you can require extension users to reset their passwords on a recurring schedule, which prevents long-lived credentials from becoming a liability. See Set up Periodic Password Changes for an Extension.