Various methods are employed by IP Telephony administrators to deal with new users. The trick generally is to automate as much as possible in order to minimize administrative chores. However, this can easily go too far, in which case, anyone can stick the IP Phone they bought from Wal-Mart or Ebay into an Ethernet jack and get dial tone. Obviously, this is a security issue if they are automatically granted the rights to make long distance phone calls or worse.
A fantastic solution to this problem is outlined in the book
Requires Free Membership to View
Cisco IP Telephony by David Lovell. Around page 70, he describes a way to "auto-register" new phones that appear on the network. But rather than putting them in the group with your known users, they are isolated. He suggests using Call Manager's "partition" and "CSS" features to make all auto-registered phones Private Line Automatic Ring-down (PLAR).
Thus, when someone, friend or foe, plugs an unknown IP telephone into your network, they will automatically register with Call Manager, but as soon as they lift the handset, the phone will automatically dial an administrator. The administrator is then able to query the user and either instruct them on the proper process for Moves, Adds and Changes, or call security.
This suggestion is also particularly useful if your IT organization internally charges back divisions of your company for services.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in July 2003