We are using Sipstation for texting. A few users access the UCP for texting from their mobile phone.
I need to open a port for them to access the UCP. However, I feel uncomfortable about that. I believe that this is the same access for the admin interface, but I do not want to make this open!
Using VPN from their mobile phone is not an option.
If you have followme or CFWD, place calls through your system, and you’ll only be altered once you receive your phone bill.
If you have call recording, they can listen/download to sensitive parts of call information.
Gather some other information from UCP.
However, Sangoma is fully working to secure FreePBX and it’s not really a “hackable thing”
I would worry about UCP being public and someone finding out a UCP password, rather than a flow in the code.
I believe that intrusion prevention will also block failed UCP logins after the amount of bas attempts configured.
With that being said I would love to see 2FA for UCP.
So if I would need to open UCP, I would allow access from (a) specific countries(ry) only, and I would be careful which user permission each account has, and obviously would require password changes every here and there. Lastly, make sure that fail2ban is properly configured.