Note: Computer Weekly has a great Monday morning article about VoiP security and how a PBX can affect it.
Voice over IP (VoIP) security is a challenge for IT staff because IP telephony (IPT) brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them.
How to think about VoIP securitySecurity requires constant vigilance. Security is all about the protection of resources -- data, devices, networks, applications and people. While access to these resources is the goal of the user, securing access to these resources means the administrator of the resources wants to limit, even prevent, that access. Enterprises already have many security problems with their data network infrastructure, servers, desktops and software. Adding VoIP and IPT to the mix only compounds the security problems.
There are several security issues with VoIP networks:
VoIP security vs. voice quality
It may not be apparent, but security tools and solutions will conflict with voice quality. The more barriers there are in the network and endpoints for security purposes, the more interference there will be with voice quality.
One of the first issues is the firewall. The firewall can block calls because it cannot process the signaling or dynamically allocate the UDP ports for the calls to pass through it. Firewalls may not read the QoS markers in the voice packet, thereby degrading the packet delivery service. Other issues include:
The security vs. voice quality conflict will be hard to resolve. The voice manager, obviously, does not want poor-quality calls. If the calls are poor, then why have calls travel over the data network in the first place? The security manager does not want to open the network and endpoints to security exposures that will not only compromise the voice services but weaken the data functions as well. This will require a great deal of negotiation and compromise. Security is important, but not at the cost of an unacceptable voice service.
There are two sites that demonstrate the software security threats to the data functions. These lists now include VoIP/IPT vulnerabilities. Both lists are funded by the federal Homeland Security Administration. The first is hosted at Mitre. This site has a dictionary of standardized names and descriptions for Common Vulnerabilities and Exposures (CVE). The second site hosts the National Vulnerability Database at the federal National Institute of Standards and Technology (NIST).
The voice staff has not encountered many security problems with traditional TDM PBXs, but voice staff may not be prepared for the new range of security issues that will become evident as the enterprise migrates to IPT or VoIP. The VoIP personnel will either have to take on their own security responsibilities or use the existing security personnel. In either case, the new responsibilities for VoIP security will require education, possibly some organizational adjustment, and expanded job descriptions.
Keep in mind that the date for moving the 1.2 release series to security fix maintenance only will be coming within the next couple of months. We strongly encourage everyone to migrate to Asterisk 1.4. Don't forget to read the UPGRADE.txt file in 1.4 for important information regarding upgrading from 1.2.
These releases are available for download from ftp.digium.com. They are distributed as both tarballs and patch sets against the previous releases. All release files have been signed with GPG keys from members of the Digium software development team to ensure authenticity. As always, thank you very much for your support!
Note: Now this is what I call disruptive. Love it. Good read with some nice links to more information.
Today I called Alec Saunders via Skype. Not terribly unusual, really... except that I initiated the Skype call from my Blackberry! Back on Monday, Jim Courtney over at Skype Journal had posted a teaser about an application for the Blackberry that allowed you to use Skype IM. Today my curiosity got the better of me and I had to IM Jim to get the info. I downloaded the app and promptly had to try it out... I guess by virtue of Alec being at the top of my contact list, he was my victim (I also know from past experience that he's open to this kind of thing).
For an incoming or outgoing call, this module provides a quick notepad and a detailed view of your sugarCRM contact. This module makes the accessibility to your CRM easier and optimizes your resources and time while using your CRM.
Detailed presentation : http://www.modulis-voip.com/en/sugar-notein/presentation/
Screenshots here :
Download : http://www.modulis-voip.com/en/sugar-notein/download/
Installation how to : http://www.modulis-voip.com/en/sugar-notein/server-installation/
Also registered in SugarForge.
Note: I have been thinking the same thing about how open the iPhone will be. To truly be adopted into enterprises they will need to have the phone open enough to get some integration in enterprise applications.
No doubt the Apple iPhone will create a stir regarding the kind of services and applications dual-mode devices can deliver. But the success of dual-mode -- cellular plus Wi-Fi -- in the enterprise may depend on the willingness of cellular carriers to share their networks with Wi-Fi providers. One source tells me that both T-Mobile and Cingular, now AT&T, will drop any VoIP phone call originating from a handset if Skype is the service provider.
This kind of anticompetitive behavior won't last long, but at the moment, if true, it is worth considering, especially as carriers themselves begin dabbling in VoIP. T-Mobile, for one, is currently test-marketing its own VoIP service in Seattle.
If blocking VoIP calls sounds far-fetched, consider that Frank Hanzlik, managing director of the Wi-Fi Alliance, told me other carriers have VoIP capability but don’t want that fact known. He refused to mention which carriers.
Before standardizing on a dual-mode phone, enterprises should also consider the true ubiquity of the network. Uptime in airports and coffee shops is not the same as door-to-door coverage and would preclude using any serious business application on a dual-mode phone.
I spoke with Mohan Natarajan, vice president of engineering at Firetide, about this concern.
Firetide, and other mesh-networking companies, can greatly extend your Wi-Fi capabilities by deploying mesh nodes throughout a city. At present, Firetide has 3,000 nodes in a 50-square-mile section of Singapore, giving users 70Mbps access. Here in the States, however, mesh hasn't caught on, except in the public-safety sector, for which Firetide has deployed mesh networks in Dallas and Phoenix.
Note: The good people at Profoss emailed in about there event and made an offer to give AVN blog readers an additional discount at registration. It is limited to 100 so do sign-up soon to get the good deal.
A Profoss event is organised the 9 and 10 october in Brussels, with the subject "Asterisk and voice over IP". This event will feature Kevin Flemming, co-maintainer of Asterisk, and several companies developing around Asterisk.
Note: I hope they do, it would be great to have a real wireless internet service that had some serious range.
The FCC is currently preparing the rules for the upcoming 700MHz spectrum auction, but a coalition of nonprofit group and techies argues that simply selling the spectrum to the highest bidder could be a disaster for the US. Instead, the group wants this prime spectrum made available under special rules that could lead to a "third broadband pipe" that uses wireless technology.
With the 2009 transition to digital TV coming ever closer, the FCC needs to decide what to do with bits of the spectrum vacated by broadcasters after the changeover. 60MHz of prime spectrum in the 700MHz range will be made available in some form of auction to take place at the end of this year, but that auction could proceed in many different ways. The established players would love to see the spectrum auctioned off to the highest bidder (the usual process) as the incumbents would likely end up with it. Because spectrum in that frequency range travels so far and easily penetrates walls, it's incredibly valuable to communications companies. But even if the incumbents have no plans to use the spectrum, snapping it up could make good business sense because it would keep competition from developing.
That new competition is exactly what Lawrence Lessig, Cory Doctorow, Craig Newmark, and plenty of others want to see. An ad-hoc coalition of interest groups submitted a letter to the FCC yesterday—the last allowable day for comments on the auction—calling on the agency to "ensure that a significant portion of the newly available airwaves go to new market competitors." The dream here is that wireless broadband will provide viable competition to cable and DSL. The nightmare is that incumbents get hold of the spectrum and squat on it.
The letter puts it this way: "If the FCC simply gives the highest bidder exclusive rights over the new airwaves, phone and cable companies could become permanent gatekeepers of the airwaves—continuing their record of keeping new competition and innovation out of the marketplace."