Admin (level 8/9) restrict access

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Admin (level 8/9) restrict access

Postby gequiros » Wed Feb 21, 2018 3:03 pm

Is there ANY way we can LIMIT / Restrict a level 8 or 9 agent to login from ANY IP

My idea, since i am planning to go "big" (at least for me) is to open the server and limit ADMIN users from login from ANYWHERE in the world

Either way i will block all our servers and login ONLY from certain countries ( those we will have business / agents )

I can ( per hardware firewall ) block/allow per IP/Country, but, i don't want anyone to be able to download leads or create phones and so on....

Thanks so much !!
Vicibox / ISO

1 x DataBase
1 x Archive
1 x Web
Many dialers

www.Come2VoIP.com
Skype: Come2VoIP-USA
WhatsApp: +1-305-320-1786
gequiros
 
Posts: 145
Joined: Sat Oct 22, 2016 1:22 am
Location: Miami, FL

Re: Admin (level 8/9) restrict access

Postby williamconley » Wed Feb 21, 2018 4:11 pm

You seem to be mixing your "goal" up a bit, can you clarify?

Level 8 or 9 should be "ok" to download ... but only if they are in certain countries when they do so? Is that really the goal? (To be clear: You have people who you want to download ... but only while they are in the office, but they can have access while outside the office, just not Download access ...?)

If that's true, it's not built into Vicidial, but could be added. Depending on your "and so on", which obviously won't work. A detailed list of the "and so on" would be required. Preferably as it pertains to the permission items under Modify User.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Admin (level 8/9) restrict access

Postby blackbird2306 » Wed Feb 21, 2018 4:19 pm

I think this is what you are looking for:
revision 2726 from 2017-04-10:
Added IP Lists feature, allowing creating of lists of IP Addresses that can
be used as whitelists on a User Group basis for Agent, Admin and API
web resources.

Please upgrade your system and this feature is available!
Vicibox 6.0.2 from Vicibox_v.6.0.x86_64-6.0.2.iso | Vicidial 2.12-560a build: 160617-1427 | Asterisk 1.8.32.3
blackbird2306
 
Posts: 409
Joined: Mon Jun 23, 2014 5:31 pm

Re: Admin (level 8/9) restrict access

Postby williamconley » Wed Feb 21, 2018 4:58 pm

blackbird2306 wrote:I think this is what you are looking for:
revision 2726 from 2017-04-10:
Added IP Lists feature, allowing creating of lists of IP Addresses that can
be used as whitelists on a User Group basis for Agent, Admin and API
web resources.

Please upgrade your system and this feature is available!

I don't think I remember that being a method in this feature.

Have you used this feature to verify that the IP will override the User Name when allowing access to specific modules (ie: if the same user attempts to download a list from two different IPs, it'll work from one, but not the other)?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Admin (level 8/9) restrict access

Postby gequiros » Wed Feb 21, 2018 5:28 pm

Sorry, i think i didn't explain properly...

I just want from where the ADMINs would be able to login ( just whitelist ), i remove the ability from them to do most harmful things to our system.... if an admin or higher level can do "bigger" changes and they use a WEAK password, i don't want any one doing brute force and being able to change anything harmful ( creating trunks/agents, etc )

Hope it does make sense now

Cause, i can have AGENTS from COSTA RICA, remotely from their homes, and i can be an admin and able to login, but, what happens if someone see me typing my password (that won't happen, i use a password manager) but, if they see a supervisor or manager doing something and they get home and try that user and password....

What if a "manager" upset with me goes in and start removing agents, changing things on campaign, downloading leads and sell those leads somewhere else ?

I hope you guys understand what i mean

Thanks for your help...
Vicibox / ISO

1 x DataBase
1 x Archive
1 x Web
Many dialers

www.Come2VoIP.com
Skype: Come2VoIP-USA
WhatsApp: +1-305-320-1786
gequiros
 
Posts: 145
Joined: Sat Oct 22, 2016 1:22 am
Location: Miami, FL

Re: Admin (level 8/9) restrict access

Postby mflorell » Wed Feb 21, 2018 5:43 pm

If you upgrade your system, you will have the IP Lists feature, which will let you do this.
mflorell
Site Admin
 
Posts: 18387
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Admin (level 8/9) restrict access

Postby williamconley » Wed Feb 21, 2018 5:54 pm

Also, your system should be whitelisted and disallow logins from agent's homes in the first place. We've also had a few clients who allowed login attempts from anywhere just so they could capture the IP/User/Pass and then log the attempt and report the violated user/pass/ip to the SuperUser so action could be taken to seal the breach.

Just not allowing the access often doesn't solve the problem, it merely causes the violator to become more creative ... if you fire them that tends to reduce the likelihood of temptation (especially for the one that got fired). If you are like that client, they brought along badges to the home identified by the IP. Financial services people have NO sense of humor in that regard. lol
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Admin (level 8/9) restrict access

Postby gequiros » Wed Feb 21, 2018 5:58 pm

Great, thanks so much :) really appreciated...

Yeah, didn't had time lately to check on new one version
Vicibox / ISO

1 x DataBase
1 x Archive
1 x Web
Many dialers

www.Come2VoIP.com
Skype: Come2VoIP-USA
WhatsApp: +1-305-320-1786
gequiros
 
Posts: 145
Joined: Sat Oct 22, 2016 1:22 am
Location: Miami, FL


Return to Support

Who is online

Users browsing this forum: No registered users and 94 guests