PSTN gateways and toll fraud
If your environment includes a PSTN gateway or uses an ITSP (Internet telephony service provider), consider the potential for toll fraud if you have Call Routing Rules that can route calls to the PSTN gateway or ITSP, or if you allow conference participants to dial out to other participants via the PSTN gateway or ITSP.
As you might intentionally want to allow users to route calls via the PSTN gateway or ITSP (and thus incur toll charges), we recommend that you use a suitable call control solution such as a Cisco VCS to configure an appropriate dial plan and authentication mechanism for your network.
The ways in which Pexip Infinity calls may be routed via a PSTN gateway or ITSP are described below.
Pexip Distributed Gateway calls
If your dial plan allows Pexip Distributed Gateway calls and has a Call Routing Rule which, for example, matched 9.* and routed the call via the PSTN gateway or ITSP, this would allow anyone who could route a call to the Pexip Infinity platform to then send a call via the PSTN gateway or ITSP.
If you have configured Virtual Receptions and also have Call Routing Rules that match numeric aliases (such as 9.*), then anyone that can reach the Virtual Reception could match the Call Routing Rule and potentially route their call via the PSTN gateway or ITSP.
Thus, if any call control rules are in place to restrict who may dial numbers which correspond with numeric Call Routing Rules, then the same restrictions should also be placed on who may call any Virtual Receptions.
Manually dialing out to a participant from a conference
Pexip Infinity allows you to manually dial out to participants from a conference, on an ad-hoc basis.
This means that conference participants using Infinity Connect clients could place outbound calls via the PSTN gateway or ITSP. Note that these types of calls may dial out directly to the destination alias or they may use Call Routing Rules.
In these circumstances, to reduce (but not eliminate) the risk of toll fraud, we recommend that you use:
- PIN-protected conferences
- an appropriately configured reverse proxy that only allows authenticated connections from Infinity Connect clients.