Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How to avoid SMS abuse by guest users

This thread has been viewed 0 times

  • 1.  How to avoid SMS abuse by guest users

    Posted Mar 28, 2017 04:56 AM

    Hi 

     

    Good day 

     

    We are having clearpass guest service in our campus with 1000 sms per month as an SMS qouta from the provider . 

     

    I would like to stop the misuse of the SMS by restricting one phone number with one device ( lets say mac address ) only . 

     

    Like for example 

    Guest can type any random number or change the last digit to submit the form.

    we are already having a pattern for a phone number allowed .

    In this case an sms is utilized and a guest user can submit multiple forms with fake phone numbers . 

     

     



  • 2.  RE: How to avoid SMS abuse by guest users

    Posted Mar 29, 2017 01:33 AM

    Any one please ? 



  • 3.  RE: How to avoid SMS abuse by guest users

    Posted Mar 29, 2017 01:20 PM

    Instead of Auto Submit, you could hide the guest reciept and redirect to the login page. Then require the user to type in the credientials from the sms message.



  • 4.  RE: How to avoid SMS abuse by guest users

    Posted Mar 30, 2017 02:17 AM

    Hi 

     

    We are not displaying the guest reciept . The only option is to get the username and password is by SMS. 

     

    Here the guest user can abuse the SMS service ,might change the last digit of the phone number multiple times  and re submit the form  . 

     

    I talked with the support. As per discussion summary there is no way we can stop this . Suggesion to disable auto_update_account .As it will avoid to re register by same username ..