Securing SIP Trunks

SIP Trunks are a simple, cost-effective way for enterprises to adopt VoIP. They are also a stepping stone to eventual adoption ofUnified Communications. After all, once the network is set up to use SIP-based VoIP via a SIP trunk, the infrastructure is already in place to start using IM, real-time video and the wide array of SIP-based applications available now and in the future.

So what’s stopping many enterprises from embracing SIP trunks? By far, what we hear from customers as the top concern is interoperability — how can I be sure that myPBX will interact properly with the SIP trunking service provider? This is followed closely by security — how can communications routed over the public Internet or a managed connection really be secure?

The fact is, with the right measures in place and with the proper planning, SIP trunk deployments can work flawlessly and be more secure than the PSTN. Here’s how:

Address interoperability at the start — Making sure the IP-PBX and ITSP are interoperable will not only smooth the way for an easy deployment, but also solve many security headaches. Opportunities for hackers, spoofers, etc. are easy to come by when there are inconsistencies between these two key components. Leading IP-PBXs and ITSPs are aggressively conducting interoperability testing; make sure your choice of equipment and service providers have demonstrated successful interoperability with one another.

Several leading PBX vendors recommend that a SIP-based edge device be installed for multiple reasons, one of which is to smooth out interoperability issues. The edge device can perform “normalization” functions both for your current environment as well as any future changes you may make, essentially future-proofing your SIP trunk deployments to ensure interoperability down the road.

Further simplifying vendor interoperability, the SIP Forum has developed the SIPconnect Technical Recommendation, a standards-based guideline for SIP trunking between IP PBXs and VoIP service provider networks. As more service providers, PBX vendors and edge device manufacturers adopt this standard, issues with SIP Trunk implementations will be significantly reduced.

Employ security measures — Like any other server in the enterprise network, the IP-PBX should be protected from unauthorized access. Many firewalls today do not adequately protect against attacks on SIP infrastructure so the edge device chosen should enforce rules and policies designed to protect this vital asset. For further protection, SIP based communications can be encrypted to keep the sessions private with no chance of eavesdropping.

Authentication with the service provider — Some IP-PBX equipment can support this natively, while others cannot. A full SIP proxy firewall or other edge device may offer this capability as well, allowing enterprises with non-authenticating IP-PBXs to leverage the benefits of SIP trunking securely.

VoIP Solution for Free VoIP Calls

Human beings have devised many activities which have been focussed on the basic purpose of getting the items that they need. Hence the barter system saw the light of a bright sunny day with the businesses now being the major as well as the latest form of the activities that human beings have undertaken for the purpose of earning money as it is the exchange item for the items that human beings who are operating these businesses. VoIP is becoming the latest form of technologies which are being used in providing services in the new form of carrying out businesses with the medium of internet.

A business VoIP solution is therefore, now being provided as an offer into most of the VoIP service provider websites. These offers are mainly focussed on the whole communication needs of the organisation with features being offered to serve the various needs of a business regarding communication that are likely to arise. Hence the offers that are being offered by the various VoIP solution providers have features which are concentrated on handling the system of communication on a large scale and that too at the same time.

The global scenario has seen a major shift in the processes that are being the primary part of business and communication has therefore assumed quite an important role for the working of businesses. VoIP business solution has hence, assumed one of the major features in most of the prevalent forms of business with some of them reaping in record number of profits and also many new innovative tools for businesses. One of them is a VoIP PBX System which enables the offices and branches residing in all the major corners of the world to have a common communication medium in the form of a sort of a 'global intranet'.

Almost every organisation and individual can enhance its business sales or image by using these business solutions. VoIP has been the major technology behind these business solutions and has been quite successful in improving the performance of the businesses that are harvesting the features of this fantastic technology. The world is therefore now a frequent visitor to the field of excellence of businesses the money has started to flow in amounts which are larger than they have ever been as a result of the inclusion of this majestic technology.

There have been many features that have led to the success of VoIP solutions for business to become a success. The organisations which have been using this feature are able to boast of the satisfied feedbacks of the customers about the advanced level of the quality of calls that are being frequently made. Hence, the elements like poor sound quality and irritating echoes are no longer a part of any call made to a distant location where a business deal has to be finalised and hence, the employee is quite busy negotiating with the client and can take the feature of unnecessary hassles described above.

Therefore, the VoIP solution provider who is in the process of giving the magnificent services of VoIP to business organisations is liable to have a successful business of its own and with the performance being a habitual feature in most of the offers, large number of business establishments are harping the advantages in an effort to stay one step ahead of their rivals. A VoIP business solution is therefore, being used by almost all those businesses who have a dynamic character and are therefore, always involved in the process of either inventing or discovering new technologies and then using them to accomplish their needs regarding communication in a manner which is always viable to be better than others.

Hermon Labs TI Introduces IP VoIP Test Equipment

Hermon Laboratories (www.hermonlabs.com), a world-leading expert in compliance testing in telecom, today announces its new test equipment TCA 4100 low cost PC Based solutions is initially offering for VoIP and SIP (H.323). Both solutions are available as optional add-ons plus VQT (PESQ), and acoustic testing with HATS. SIP solution is also available as a standalone software application.

The VOIP add-on solution complies with the TIA/EIA-810A/B and TIA/EIA 920 standards. The unique equipment offers R&D, production groups a low cost solution to reduce time to develop and faster testing for production lines. The new SIP add-on and standalone solution supports ETSI TS 102.027.

“With the addition of the new TCA 4100 test equipment, it makes it easier and faster than ever before to develop and test new VoIP products for international compliance at a lower price point than ever before,” said Alex Usoskin, CEO of Hermon Labs. “For our worldwide customer base, this means they can get to market faster – produce products that are better suited for the world market with better performance and reliability and quality.”

Key features and capabilities include:
· Compliance testing VOIP and SIP (H.323) – Relieves staff from having to learn two different instrument and two different software packages.
· Fully automated testing – Built-in test suites for supported standards and automated implementation of user-defined test parameters; manual operation for development and debugging testing is also available.
· Extensive, automated reporting – Detailed reports are automatically generated in MS Word format.
· Powerful display and analysis – The on-screen display provides test results in graph and table formats, along with test status and much more.

VoIP - Asterisk Channel Evolution

Starting from meager beginnings over three decade’s ago, VoIP is a technology that is reshaping the telephony industry. A number of factors have provided resistance to the evolution of VoIP and others that have enabled VoIP to flourish.

One of the major limiting factors is the actual media that carries the signal. When voice was first carried over the Internet, the technology of the day was based on 4800 and 9600BPS modems. Based on today’s standards and the demand for QoS, it is understandable why VoIP took so long to evolve.

Large telephony manufacturers also provided significant resistance to VoIP’s evolution. The large manufacturers already controlled the market. Their current equipment based on TDM provided large margins and was very profitable. Moving to VoIP meant changing the infrastructure and that would change the profitability of the telephony manufacturer .

The channel itself also provided significant resistance to VoIP. The telephony manufacturers, resellers or “interconnects” had complete product lines and were making good margins with their sales. There was no need to move to VoIP. The word on the street was that VoIP did not deliver a quality solution.

The manufacturers also protected the margins of the resellers making the resellers loyal to their existing suppliers and resistant to new VoIP suppliers that do not understand channels.

As the interconnects know, they are the sales force for the telephone companies and manufacturers. They are the feet on the street. They are the direct link to the consumer of the telephony services and equipment. Their margins need to be protected through channel controls.

Most VoIP manufacturers do not know the meaning of channels or they are trying to redefine the channel. Unfortunately for them, the VoIP companies that succeed will be the ones that develop a strong channel strategy. Selling to everyone that calls a manufacturer to order is not a channel strategy.

VoIP Enabling Factors

SIP and RTP both have had a major impact on the evolution of VoIP.

During the 1990s, user demand for high speed connections for use with the Internet increased tremendously. This also gave momentum to VoIP. Now users were able to use DSL and cable for the Internet as well as VoIP. More businesses were signing up for affordable T1s providing them the bandwidth necessary to use VoIP. Everything was starting to come together.

Asterisk was a major factor in changing the perception of VoIP. It was also a way to tie the TDM and VoIP worlds together. At first in 2001 and 2002, Asterisk was shown at Open Source shows to Linux and FreeBSD groups. Then it was presented at Internet shows such as TMC’s ITEXPO. As the firstDigium distributor, my company, Cylogistics, has been able to watch Asterisk growth very closely. During the last half of 2004, Asterisk started to take off.

With the dot-com bust, Linux networking resellers were looking for the next gold mine. They soon came to realize that they had found it in telephony and VoIP. Asterisk enabled them to inexpensively deliver telephony to their existing networking customers as well as expand their customer base. Thus, the Linux networking reseller and Asterisk combined to put pressure on the major telephony providers to start moving to VoIP. By the end of 2005, the major telcos committed to moving to VoIP.

The Linux networking channel and Asterisk have had a profound impact on the telephony industry. Linux resellers have been on the VoIP bandwagon from the beginning. As indicated in the chart accompanying this column, the Linux resellers were early adopters. They really had no competition from the traditional telephony reseller until just recently. Even now, the interconnects are using VoIP solutions offered by the major telco providers.

This trend has been easy to monitor. The major manufacturers of traditional telephony equipment sell their products through national distributors. The new VoIP products do not meet the national distributor requirements and the manufacturers have had to find smaller regional distributors or VoIP specialty distributors like Cylogistics. Now that the interconnects are interested in Asterisk and VoIP, they must find suppliers of the emerging VoIP technology. Cylogistics, being one of those suppliers, is now getting a number of calls from the interconnect market segment and is seeing a significant increase in interconnect inquiries.

VoIP is now in full swing. The bandwidth is there. The infrastructure is there. Moreover, the channel is there for those that choose to use it.

VoIP vulnerabilities in Microsoft Communicator

esearchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools.

The flaws, rated “high severity,” could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger.

The skinny:

• Microsoft Communicator Emoticon: By issuing instant messages to a client which contain a very large number of emoticons it is possible to cause the Microsoft Communicator to become nonresponsive for a certain period of time. During this period of time the phone does not respond to incoming invite messages and can even be forced to go into an offline state, eventually requiring the phone to reregister.
• Microsoft Communicator INVITE Flood: Due to the manner in which sessions and authentication are managed it is possible to cause Microsoft Communicator to open a very large number of sessions resulting in the consumption of huge amounts of memory, potentially resulting in a Denial of Service.
• Microsoft Communicator Real-time Transport Control Protocol Report Block: Using a specially crafted RTCP receiver report packet it is possible cause a Denial of Service (DoS) against Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger.

The company said Microsoft has acknowledged the issues.