MeetMe Conferencing Security Settings?

[dan231]

I recently discovered that a conference call access code is (by default??) setup active for any extension.  SO my security questions are:

• Can this be disabled so a passcode must be created by a user?
• Can codes be set to auto expire so they don;t linger active forever?

[acejavelin]

I recently discovered that a conference call access code is (by default??) setup active for any extension.  SO my security questions are:

• Can this be disabled so a passcode must be created by a user?
• Can codes be set to auto expire so they don;t linger active forever?

No and no... Any USER will have a conference bridge, not any extension. Unfortunately, that is just the way it is.

[dan231]

Are there security concerns to this at all?

Example:  voicemail with no pin, backdoor into system to make long distance calls, etc

[acejavelin]

Are there security concerns to this at all?

Example:  voicemail with no pin, backdoor into system to make long distance calls, etc

Voicemails can be set with no PIN at the users option and cannot be disabled (they always have an option of no passcode)... This is a privacy concern, but not really a security concern as unlike most voicemail systems you cannot set a user attendant as an external number.

To my knowledge there is no way way to "hack" the system to make LD calls remotely without access to the programming tool and administrator access.

[dan231]

thank you for this information

[acejavelin]

Personally, I feel the conference bridge is a potential issue... Not security, but privacy (anyone knowing the code listen in at any time), but also conferences do not require an internal party, so there is a potential of fraudulent or criminal activity occurring on your conference bridge. I have setup a LOT of these and I have never had any issues arise, but it is something that sticks in the back of my mind as a very "odd" way for Mitel to set this up.