Remote Agents via HTTPS

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Remote Agents via HTTPS

Postby duncanb » Tue Mar 19, 2019 5:39 am

Hi All,

A client of ours wants to have agents connecting remotely to the "normal" agent page, and they have requested that it go over HTTPS so it is secure. However we have a number of concerns and were hoping to get feedback from both developers and the community as to whether this is a good idea. The client considers VPN too difficult to manage.

Firstly while HTTPS encrypts the traffic, the agent interface will obviously be exposed to the internet. Can the interface itself be considered secure? I've worked quite a bit in the code behind the agent page and would be very concerned to face it to the internet myself. Obviously all passwords would have to be secure too which might be problematic for agents.

There is also all the JavaScript in the agent page that calls vdc_db_query.php over HTTP and that would send information (including agent passwords) over the internet in cleartext. Has anybody has success in changing this to HTTPS? Is there a performance concern?

There are 6 active web servers in this Vicidial cluster and we are currently using balance to do load balancing between them. Has anybody had any success using balance with both HTTP *and* HTTPS? Or should we then look at something more like nginx?

Most importantly: is this a good idea?

Regards,
Duncan
duncanb
 
Posts: 19
Joined: Wed Jun 06, 2012 6:56 am

Re: Remote Agents via HTTPS

Postby mflorell » Tue Mar 19, 2019 7:32 am

Yes, everything in VICIdial can work with HTTPS, and since it is a requirement for using WebRTC phones, we have quite a lot of VICIdial clusters(hundreds) that operate that way. The AJAX side of things follows what the main page you are on uses, so that's not an issue, and performance is not an issue.

As for secure passwords, you can enable password encryption within VICIdial if you want, but we currently have no feature that will enforce selection of secure passwords by users within the system, only guidelines.
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Remote Agents via HTTPS

Postby duncanb » Tue Mar 19, 2019 7:47 am

Hi Matt,

Thanks for the feedback. We'll give it a shot then. :)

Regards,
Duncan
duncanb
 
Posts: 19
Joined: Wed Jun 06, 2012 6:56 am

Re: Remote Agents via HTTPS

Postby duncanb » Tue Mar 19, 2019 7:59 am

Ummm... actually... just one more thing...

Would you consider it secure to expose the Vicidial agent interface the the internet? Even with HTTPS?
duncanb
 
Posts: 19
Joined: Wed Jun 06, 2012 6:56 am

Re: Remote Agents via HTTPS

Postby williamconley » Tue Mar 19, 2019 11:23 am

duncanb wrote:Ummm... actually... just one more thing...

Would you consider it secure to expose the Vicidial agent interface the the internet? Even with HTTPS?

NO

http://viciwiki.com/index.php/DGG

Creates a special link to allow self-authorization through the firewall. Without the link, all anyone will get is a 404 not found if on the special port and NOTHING if not on the special port.

You can create a link for each remote/portable user or share one link among many.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Remote Agents via HTTPS

Postby mflorell » Tue Mar 19, 2019 6:28 pm

There is a feature built into VICIdial called "IP Lists" that allows you to use IP Address whitelists for all web screens on a per-User Group basis.
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Remote Agents via HTTPS

Postby duncanb » Wed Mar 20, 2019 2:40 am

Thanks for the feedback Matt and William. Definitely useful stuff.

Have an excellent day!
duncanb
 
Posts: 19
Joined: Wed Jun 06, 2012 6:56 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 49 guests