On Thu, 02 Jun 2016, Carlos Alvarez wrote: > We have a customer who has been nagging us to remove the PIN from their > conference lines. They are getting more insistent. We've said no, for the > obvious security reasons, and explained them all clearly. On top of it, > this is a medical-related company having sensitive conversations on > conferences. They keep pushing us. What would you do? On the one hand I > think we have no liability in the matter, but on the other, we're more of a > consulting ITSP than just a generic service provider. We specialize in > helping people not do stupid things with their phone system. There's also > the matter of just eating up a bunch of channels by people using it as > their own conference.
THe honest answer would be for you to look over your terms of services agreement. What was it you told them that your organization would be responsible for. Now to the technical slash security answer: Who manages/maintains the network? This is important for various reasons. If the network is segregated (voice and data), it makes things easier to deal with from the technical perspective. You could implement an ACL that states something to the tune of: "This IP (conf phone) should ONLY talk to the registrar, and no one else" but this would remove any HTTP like functionality. When you say: "Medical related company" it means little without context. E.g.: "A company that delivers uniforms" has less to worry about than a "A company that delivers EMR data on their conferences." You are just an ITSP, not a standards organization. The ultimate reality is, while you are an ITSP, they paid for whatever it is they are paying for. This is where you need to bring senior management into the discussion to discuss AUP, TOS and other annoying acronyms that we (technie folks) love to hate. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463 https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463 _______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops