What would be the best practice to allow only a whitelisted list of numbers to access a DISA system in asterisk?
I have a public number that lot of people use but if a certain number calls, it allow to access DISA and have internal dial.
I was thinking on using specific inbound routes for every number, but its difficult to maintain and having >30 inbound routes doesn't seem very nice.
Thanks!
The way I do this is to use the built-in Asterisk Database functions. Each incoming CID has a PIN that they have to enter.
When a call to the DISA trunk comes in, I check for a known CID. If not, I route the call to the IVR. If the CID is known, I then answer the call and request the PIN code. 3 strikes, and the call is sent to the operator. If the PIN is good, I give DISA access.
When a given person is no longer allowed DISA access, remove the DB entry for their CID.
A simple Ruby CGI / AMI lets me maintain the list of valid DISA CID/PIN combinations via a web browser.
If you want to be very secure, write a script that every 90 days changes all CID-chained PIN codes, and emails the users their new code. It's not very hard to do, and makes for a relatively bullet-proof system.
