Tag Archives: VoIP

Telecoms Buyers Dial Up VoIP Services

Leave a reply

Forecasts from the global analyst firm Ovum reveal that OTT VoIP will cost the global telecoms industry $479bn in lost cumulative revenues by 2020, which represents 6.9% of cumulative total voice revenues.

However, new research Future of Voice provides some reassurance to operators that are fearful of the demise of traditional telephony. It suggests that although revenues continue to fall, voice traffic is simply shifting rather than collapsing. Carefully targeted price increases are expected to be commonplace as operators try to maintain their revenues.

Yet, Ovum believes that a focus on creating cloud-oriented telephony apps, and efforts to maintain the relevance of telephone numbers will ensure that operators have a place in the future communications landscape.

“Where operators have seen voice telephony as a service without a future, they have chosen to compete on price in an effort to eke out any remaining revenues from the market,” said Jeremy Green, principal telecoms strategy analyst at Ovum.

“However, taking such a pessimistic view obscures some important commercial realities and opportunities in the voice telephony market.”

Taking these factors into consideration the complete collapse of telephony revenues is not likely, according to Ovum, but the long-term trend is towards a richer and more complex communications environment in which voice serves a different function and telephony plays a smaller role. Ovum’s research shows that users have been heavily influenced by their experiences with OTT players’ services, and now expect traditional operators to provide content, relationships, and history within a service, irrespective of device or access method.

Source

SIP – The Linchpin Of Next-Gen Communications

1 Reply

Building an effective communication strategy through the use of appropriate technology is a key to any successful enterprise, especially in today’s times. Communication technology has undergone a sea-change from just voice-based communication through telephone to the use of collaborative tools in communication, such as email, voicemail, instant messaging, video conferencing, smartphones and the like.

In the past four to five years, Unified Communication (UC) has become the next-gen communication methodology of choice for effective corporate communication. Put it simply, UC is the integration of real time communication services such as instant messaging, presence, telephony (through VoIP), multi-media conferencing, directory services along with other services such as voicemail, email and SMS. UC has become a key factor in enabling real-time connectivity thereby enhancing employee productivity, increasing collaboration and reducing IT operational costs.

Although, with UC the organisation can leverage its extensive communications capacities, the use of simple, reliable, interoperable and flexible underlying communication protocol remains the key challenge in its effective implementation. UC deployments are complex, often involving multiple networks, each containing multiple types of devices (for data, voice and video). These multiple types of devices often have different capabilities. I think, then, using a protocol which can connect such devices seamlessly at real time and can efficiently execute enterprise session management is a linchpin in Next-generation UC technology.

Session Initiation Protocol (SIP), a signaling protocol used for controlling communication sessions such as voice and video calls over Internet Protocol (IP), has become a central part of an effective UC strategy today due to a large gamut of features that it provides. SIP, which is shaping the IP telephony and UC industries, has become a protocol of choice for the technological giants. SIP provides flexibility, choice and true interoperability in any enterprise’s UC deployment which eventually enables every IP-based device and application to communicate seamlessly with one another.

The protocol can be used for creating, modifying and terminating two-party (unicast) as well as multiparty (multicast) sessions. As SIP binds multiple media types together it allows for the seamless integration of voice, video and IM. Simplicity in design is a critical feature of SIP which allows unlimited scalability and performance in different architectures and environments. SIP is an open protocol which makes it a lot easier for vendors to ensure the interoperability amongst the different communication devices be it an online whiteboard, VoIP phone, or presence capability.

SIP also makes it possible for users to initiate and receive communications and services from any location, and for networks to identify the users wherever they are. One of the most important features of SIP is that it lets each user take advantage of whatever features and functions are available on his particular device and network at any given time. In simple words, by using SIP, telephony has become another web application which can integrate easily with other Internet services.

There are various functions that SIP performs which makes it apt for next-gen UC architectures. The first of these functions is the user location function. For managing UC deployments which often involve multiple networks containing multiple devices, SIP locates end users geographically and knows what end systems will be used by the session. Another function is user availability. With SIP, end users can provide presence information which essentially means that they can tell the system whether they are available to talk or whether they are busy.

One more important function that SIP performs is that of user capabilities function. As different devices have different capabilities, SIP needs to make a determination of the media being used (text, voice or video) by that device and of the parameters that are associated with that media type. Session management is perhaps the most important function being performed by SIP. This is the function that allows users to end or transfer a call, or make modifications to the session parameters.

Today, SIP is the de facto standard for unified communications and IP telephony systems globally. Over the last few years, the VoIP community has established SIP as its primary choice for signaling. Many enterprises are adopting SIP as it has enabled a more collaborative communication environment through the use of UC based applications like IM, Online Whiteboard, Web conferencing and the like thereby allowing streamlining of communications processes.

I strongly think that the key value proposition of SIP based solution is the ability to unify multi-vendor networks to improve inter- and intra-enterprise communications. SIP based communication solution significantly improves reliability, business continuity, and disaster recovery through improved connectivity and routing. This is especially of value to mission critical services.

The increasing availability of essential SIP trunking services from telecom companies is making the SIP based solution highly cost effective. One of the most significant advantages of SIP trunking is its ability to combine data, voice and video in a single line, eliminating the need for separate physical media for each mode. The result is reduced overall cost and enhanced reliability for multimedia services.

Use of SIP trunking services significantly improves bandwidth utilisation as the telephony and internet lines are converged. It also delivers real-time communication applications like IM or video conferencing in a reliable and cost effective way which can improve collaboration and productivity of the enterprise workforce. As business grows the communication grows much faster and SIP trunking service supports such a growth without having to make any additional investments in the purchase of hardware.

One of the findings shows that enterprises that have a robust IP network can save 50-60% with SIP trunking while those enterprises that do not have a robust IP network can save 20-30%, with the difference going to upgrading the WAN. Even though, SIP based solutions were initially positioned almost exclusively for large enterprises, the increasing use of SIP trunking services is helping to broaden its reach to small and medium enterprises that can implement a SIP based solution.

Like many internet protocols, the key designing feature of SIP is simplicity and not security. Given the high availability associated with the public switched telephone network, companies moving to VoIP using SIP are more sensitive to security breach threats. Exploitation of vulnerabilities in the protocol may result in denial-of-service, service interruptions, and unauthorised access to the affected device in certain cases. Needless to say, security is one aspect which needs proper attention in SIP based solutions. While SIP can empower any enterprise to leverage its extensive communication capacities, its implementation remains a key challenge. It means that an enterprise must set realistic expectations, clear objectives, and proper roadmap for the implementation of SIP before taking a final decision to make a transition.

Even after factoring the security and implementation challenge, I am sure that in the next couple of years SIP based solution will act as the backbone for most VoIP and UC platforms. Neglecting to include SIP could lead to a rigid UC strategy with a single vendor solution. As a recent Frost & Sullivan research indicates, in the UC space the future enterprise purchase decisions will increasingly call for tighter integration of multi-vendor and single-source solutions. SIP based solution with its inherent flexibility and interoperability makes a strong business case in such scenario.

Author: Subir Bhatnagar
Source

Securing VoIP Enterprise Networks

Leave a reply

VoIP-over-VPN technology protects the privacy of corporate voice communications in industrial networks, while delivering the cost-saving and technology benefits of Voice-over-IP.

By reducing or eliminating phone charges, consolidating infrastructure, and streamlining network operations and maintenance, Voice over Internet Protocol (VoIP) offers tremendous cost-savings for oil and gas companies and other industrial sectors. As with any new technology, however, there can be a down-side.

Most VoIP gateways compromise communication security by transporting VoIP and data traffic without encryption, making the information susceptible to interception by snoopers, hackers, and so forth. Because of such security concerns, many enterprises that handle highly-sensitive information have been reluctant to cash in on the benefits of deploying VoIP technology in their networks.

Standards for voice encryption, such as SRTP and SIP TLS, are emerging. These techniques encrypt the voice as the analog signal is converted to digital form in the coder-decoder (CODEC). But the standards are still under development and are not yet ready for the commercial market. VoIP-over-VPN, in contrast, offers a secure solution for converged digital voice and data communications today.

VoIP gateways with VoIP-over-VPN offer companies that handle sensitive information a way to move forward and implement secure, converged VoIP and Data networks.

VoIP-over-VPN Technology for Secure Encrypted Voice

A VoIP VPN combines Voice-over-IP and Virtual-Private-Network technologies to offer a method for delivering secure voice. Because VoIP transmits digitized voice as a stream of data packets, the VoIP VPN solution accomplishes voice encryption simply and elegantly. The technique applies existing standard data-encryption mechanisms inherently available in the collection of protocols used to implement a VPN.

The VoIP gateway-router first converts the analog voice signal to digital form, encapsulates the digitized voice within IP packets, then encrypts the digitized voice using IPSec, and finally routes the encrypted voice packets securely through a VPN tunnel. At the remote site, another VoIP router decodes the voice and converts the digital voice to an analog signal for delivery to the phone.

Other advantages

Security is not the only reason to pass Voice-over- IP through a Virtual Private Network, however. Session Initiation Protocol, the preferred VoIP protocol is notoriously difficult to pass through a firewall because it uses random port numbers to establish connections. A VPN solution avoids this firewall issue when configuring remote VoIP clients. The VPN virtually moves users inside the same local network as the VoIP server.

Author: Antoine Abi Antoun
Source

Remove Vulnerability From VoIP Networks

2 Replies

Using the OSI network layer model as a basis, here’s how to derive a simplified three-layer model for SIP-based VoIP and corresponding threats and defenses. The resurgence of interest in VoIP to provide telephone services worldwide is often credited to the use of session initiation protocol (SIP) for signaling. Both residential and enterprise VoIP services are widely deployed. IP telephony may be used either to replace the primary telephone service or to provide additional telephone lines.

IP telephony offers some dramatic benefits over traditional or plain old telephone systems (POTS), such as reduced operating costs, portability and accessibility. IP telephony has its share of problems. To date, most of the focus has been on such challenges as voice quality, latency and interoperability. Security of the VoIP network is only now being recognized as an important issue to be addressed.

Multiple security threat models exist in current implementations of SIP-based VoIP networks. These threats are further aggravated because in order to allow similar access as the public switched telephone network (PSTN), VoIP networks are often implemented over the public Internet, which is a potentially hostile environment.

The very same reasons that make SIP so popular, e.g., its similarity to hypertext transport protocol (HTTP), are also the reasons for its vulnerability. This can lead to similar problems such as identity theft, impersonation, denial of service (DOS), hijacking and theft of services, and violation of privacy and confidentiality. The good news is that many of the security mechanisms for SIP-based VoIP can be the same as those used for HTTP. The challenge is simply to make these mechanisms SIP- and VoIP-friendly. In addition, SIP and its extensions provide for a number of intrinsic security features that can be used to harden implementations.

VoIP Overview

In addition to transmitting voice, a basic telephone system transmits many signals such as off-hook, on-hook and dual tone multi-frequency (DTMF) tones for dialed digits, etc. It also needs to maintain the state of the call, and generate a dial tone, ring-back and other tones. It can be said that there are two distinct streams of information on the wire: the signaling and the voice.

In PSTNs, some of the signaling travels in-band along with the voice up to the central office where it is sent over the Signaling System 7 (SS7) network. The SS7 network is not accessible to the public. Therefore, the PSTN is relatively secure. In VoIP telephony, voice is carried by real-time protocol (RTP) and the signaling by one of the many signaling protocols such as H.323, MGCP or SIP. Both of these transport streams are sent over the public Internet or on networks connected to the public Internet. This leaves the VoIP telephone network vulnerable.

Due to the nature of the IP network, in order to use it for telephony, additional requirements must be met by a VoIP device such as:

  • User authentication: The phone is no longer physically connected to the PSTN and needs to be authenticated
  • Address translation: Translating phone numbers into IP addresses and vice-versa
  • Routing: Locating and routing to the correct service gateway for the destination phone
  • Feature translation: Transparently translating advanced phone features such as call waiting, call hold, call forwarding, etc.
  • Caller ID: Generation of and decoding and transmission of caller ID over IP
  • Call detail records: Generation and transmission of billing information for PSTN and VoIP services
  • Legal: Access to emergency services and provision for intercept by law-enforcement agencies

In addition to just providing a transparent translation of telephone services, any VoIP device (since it is connected to the Internet) should provide for mechanisms to protect from toll fraud, eavesdropping and call hijacking among other things, and maintain message integrity. This is in addition to standard network security to protect against DoS and DDoS attacks.

 

 
Figure 1. How SIP fits into the VoIP Protocol soup

SIP was not designed to provide for all of these requirements, and it is not the only protocol that the communicating devices will need. The purpose of SIP is just to make communication possible. The communication itself must be achieved by another means (and possibly another protocol). Since SIP is an IETF specification, it is designed to use other existing IETF protocols to fill in the gaps.

VoIP threat assessment model

Starting from the basic OSI Reference Model and the Department of Defense (DoD) or TCP/IP reference model, the SIP-based VoIP network can be analyzed by a layered approach. Threats and therefore countermeasures can also be mapped to the layers of the network reference models. With this layered analysis strategy, it becomes immediately apparent that each layer has different security threats.

 

 
Figure 2. The layered approach to threat assessment.

A defense strategy can also follow this layered approach. This eases deployment and leads to the three-layer security model as follows:

  • Infrastructure security layer: Protect and secure the network infrastructure
  • Network services security layer: Protect and secure end-users, access and service enablers
  • Application security layer: Protect and secure SIP-based VoIP and other network applications

Based on general network security precepts, each security layer then needs to be evaluated on the basis of the following parameters:

  • Authentication: Confirm the identity of communicating entities, whether individuals, devices, services or applications. Authentication guards against impersonation or replay of previous communications.
  • Authorization: Cross-checks identity for role and access. This prevents unauthorized access to services, access to stored information, toll fraud, etc.
  • Accountability/Audit: Keeps track of usage and security services. This helps in early detection and recovery from threats and attacks.
  • Availability/Reliability: Redundancy, perimeter protection and hardening ensure that authorized users continue to have access to network devices, services and stored information despite an ongoing attack such as a DoS attack.
  • Confidentiality: Encryption of communication streams prevents unauthorized intercepts and eavesdropping. In addition, encryption can be coupled with access control to protect stored information.
  • Integrity: Prevents unauthorized modifications, deletion, creation or replication of data. Typical mechanisms are based on hashing algorithms such as HMAC, MD-5 and SHA-1. This also helps in early detection of unauthorized activity.
  • Non-repudiation: Proof that communications actually happened. Required for forensic evidence purposes.
  • Privacy/Anonymity: Privacy tackles issues like phone number harvesting, call pattern tracking, etc. that violates the privacy of the user. Anonymity, on the other hand, allows a user to communicate without revealing their identity and is usually contrary to most security policies.

Security mechanisms at the infrastructure layer are normally provided by the broadband access provider. For example, cable networks may authenticate subscribers by MAC address, or DSL networks may use PPPoE, which incorporates a password mechanism for authentication.

At the network services layer, the access and service enablers are typically protected by the broadband service providers and by the backbone network providers. End-users however, are typically not protected and left to their own devices. Most industry security schemes consider end-points as un-trusted.

Broadband access routers are increasingly prevalent at the customer premises end. These routers incorporate network address translators (NATs) that, besides helping to conserve IP address space, are sometimes used along with packet filtering to provide basic firewall functionality. The security provided entirely depends on the correct configuration of these devices. Service providers that provide CPE equipment that is customized and locked to their networks address this issue to some extent, as they can manage the customer equipment and impose some modicum of security. This trend is seen in a large percentage of broadband access networks.

The CPE for the SIP-based VoIP service is usually a terminal adapter (TA) that connects downstream from the broadband access modem or router and provides an analog phone interface to a regular phone instrument. This VoIP device, in most cases, is not a part of the managed broadband access network. In the case of VoIP, there are two distinct transport streams that need to traverse the firewall and NAT, namely the core signaling transport and the media transport paths. Simple firewalls will not let VoIP traffic through, since they do not know which ports to open for the voice traffic and at what time. In the interest of security, it is not practical to always leave open a large range of ports.

At the application layer, the threat and countermeasures become quite complex. This layer is the most vulnerable layer and different types of threats are becoming increasingly common. There is still a lot of work to be done before standard interoperable mechanisms are put in place to harden an application such as SIP-based VoIP. A collaborative, industry-wide effort is required.

The first step in that direction was taken in October 2005. The Voice over IP Security Alliance (VOIPSA), an industry consortium of VoIP and information security vendors, providers and thought leaders, released the first draft of their VoIP Security Threat Taxonomy, which attempts to identify and qualify the various threats in preparation for standardizing the mechanisms used as countermeasures.

Hardening the VoIP network

A VoIP network relies on the basic IP infrastructure for multiple services such as domain name service (DNS), trivial file transfer protocol (TFTP), file transfer protocol (FTP), etc. SIP-based VoIP networks rely on the DNS mechanism for many types of services related to telephony such as electronic numbering (ENUM). In addition, the use of the service record (DNS SRV) in the DNS server to identify SIP services enables server load balancing and redundancy. This achieves better network reliability during peak traffic and also provides resilience against DOS attacks.

However, DNS has itself been identified as one of the vulnerable systems in the TCP/IP infrastructure. It is vulnerable to many types of transaction attacks including cache poisoning, domain hijacking and man-in-the-middle redirection. Open recursive DNS servers are actively being used as DDoS reflectors, providing a huge amplification factor for such attacks. DNS security extensions (DNSSECs), designed to alleviate some of these shortcomings, are still not widely deployed.

Hence, many SIP-based VoIP implementations are designed to use private DNS. Private DNS breaks the hierarchical tree structure of the DNS and does not allow recursive queries. Instead, private DNS uses a standalone server or servers to provide exclusively VoIP-related DNS services for SIP clients within the managed network. All other DNS requests continue to be serviced by the standard DNS network of servers.

VoIP telephones could be mis-configured by the end-user, either while attempting firmware updates or when adjusting parameters of operation, leading to vulnerabilities or loss of service. Early SIP-based VoIP devices commonly used TFTP to update firmware or configuration files. TFTP is not a very sophisticated or secure mechanism for file transfer, and using it for updating critical files could lead to compromising either the fundamental operating firmware or the configuration of the SIP device.

Modern SIP-based VoIP devices use the more secure FTP or secure HTTP (HTTPS) for firmware updates, and XML over HTTPS for remote configuration by the service provider. In addition, the ability to modify firmware or SIP parameters is usually blocked by the service provider, thus leading to greater reliability of the firmware updates and SIP configurations.

Such a mechanism for configuration and updating also provides service providers with the ability to provision devices based on rate structures such as local or long-distance plans, etc. In addition, it also allows the service provider to hide SIP configuration and dial plans, information that could potentially be used by hackers to steal services.

Author: Vinay R. Rao
Source

Hiding Steganographic Messages In VoIP

Leave a reply

Researchers have devised a new scheme for hiding secret data within VoIP packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside.

Called transcoding steganography or TranSteg, the method calls for setting a larger-than-necessary payload space in VoIP packets and using the extra room to carry covert messages. In their experiment the researchers could send 2.2MB of covert data in each direction during an average seven-minute phone call.

As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists.

Researchers at the Warsaw Institute of Technology ‘s Institute of Telecommunications say that depending on how TranSteg is set up, detection can be impossible. But other scenarios make it possible to detect given the right type of monitoring.

One big hurdle to the practical use of TranSteg is that it requires modifying the machines that send and receive the steganographic messages, say the researchers led by Wojciech Mazurczy, who has developed other VoIP steganography techniques.

That’s because the machines receiving the secret messages must be configured to know that packets marked as carrying one type of payload are actually carrying another type. In their proof-of-concept demonstration, the researchers marked real-time transport protocol (RTP) packets as carrying voice that was encoded using a G.711 codec. Actually they carried G.726-encoded voice, which takes up less space per packet. The difference in packet payload between what was advertised in the payload-type field and what the packets actually contained is the space available for the steganographic message.

The receiving machines must be configured to know to decode using one codec despite the fact that packets are marked to indicate they were generated with a different codec. The receiving machines must not only transcode the voice traffic, but also extract and reassemble the covert message. So access to machines is necessary ahead of time in order for TranSteg to work.

TranSteg can be set up using either end devices such as VoIP phones or intermediary network devices as the steganography-sending and -receiving nodes. So the possibilities are two VoIP phones could be involved; two intermediary devices could be involved; the sending phone and an intermediary device could be involved; or an intermediary device and the receiving phone could be involved.

If two VoIP phones are the sending and receiving nodes and they use secure RTP (SRTP), it is impossible for network monitoring to detect TranSteg, the researchers say. But if any of the other scenarios is used, monitoring at more than one place along the connection could detect TranSteg, they say.

In the test setup, TranSteg introduces .4ms of delay on average using the worst-case configuration, the researchers say. Mean opinion score (MOS) for voice quality drops from 4.46 to an average of 3.834 — still acceptable. Using the testbed codecs, the researchers were able to send 2.2MB of covert message in both directions during a nine-minute call.

Author: Tim Greene
Source

Making The Call On Enterprise VoIP

Leave a reply

IP telephony encompasses a set of technologies enabling voice, data and video over existing IP-based LANS, WANs and the internet. Using voice over IP (VoIP) as the enabling technology to transport phone calls allows firms to eliminate legacy circuit-switched (TDM) systems and lower equipment costs by converging applications onto a single infrastructure, while browser-based interfaces can simplify system management. Software upgrades are also much easier to implement, as are adds, moves and changes (AMCs).

At the same time, convergence allows the introduction of a wide-range of value-added applications via unified communications (UC). As such, many IP telephony and VoIP projects now form part of broader UC strategies, which might encompass any combination of instant messaging, presence, conferencing (Web, audio, video), unified messaging, social networking and other applications. Although the UC market remains nascent, the technology promises to increase productivity and teamwork, as well as customer responsiveness by integrating IP telephony with instant messaging and presence, or by extending call history and directories to mobile devices, for example.

Despite these benefits, independent research firm Nemartes found that in 2010, only 17% of companies had fully deployed VoIP technology. The bulk of those were small and mid-sized businesses as larger firms continue to scrutinize the business case and deploy the technology in a tactical manner – e.g. to replace TDM systems that have reached end-of-life, equip new ‘greenfield’ locations, or to meet the needs of specific job functions or applications. It also found that many firms fail to budget for voice quality management and monitoring tools, and often have to spend more on the LAN upgrade than they originally budgeted for. This is either because they didn’t evaluate the LAN at all or because they didn’t run the appropriate baseline network assessments to determine the actual upgrades required.

Preparing for VoIP

Making the transition from traditional voice communications equipment, or POTS (plain old telephony service), to a converged infrastructure supporting IP telephony is a complex task. Legacy communications infrastructure is focused on transporting data from one point to another successfully and, to a certain degree, in light of response times – i.e. how quickly the user receives the information they need. With IP telephony however, the question is whether the network is capable of handling VoIP traffic and delivering the quality of experience the end user demands.

It is therefore common practice to rollout VoIP to a small subset of the organization first in order to understand whether the required call quality can be delivered. To provide a numerical indication of the perceived quality of the media (e.g. voice or video) during live testing, IT operations teams use Mean Opinion Score (MOS) and R-value score calculations. Historically, both have been quite subjective as they are based on the quality as perceived by the end user. As such, IP SLA and Proxy Ping are two logical tests that are used to measure response time from an end user perspective. As the MOS ratings for codecs and other transmission impairments are now more well known, estimated MOS values can be computed and displayed based on measured impairments (delay and packet loss).

The estimated MOS value is designated as ‘MOS-CQE’ (Mean Opinion Score; Conversational Quality, Estimated) by the ITU. IP SLA tests use this computation to provide MOS and R-Value metrics. In addition to call quality metrics, response time tests help show the readiness of the network to support an application with little tolerance for latency and jitter, while 90th and 95th percentile reports can also be run to ensure that a VoIP rollout goes smoothly.

It is also important to assess whether the network is sized properly in respect of accommodating rising volumes of voice traffic and how it might impact traffic relating to other business applications. This is achieved either by adding more IP phones or employing call generators (aka ‘probes’) to increase call loads and then monitoring the network for changes in performance. It is likely that quality of service (QoS) parameters will need to be adjusted – e.g. by increasing QoS queues – to ensure that all the different types of applications running over the network have the appropriate amounts of bandwidth associated with them, while more bandwidth may be required for specific sections of the network.

Establishing baselines

Reporting and having the visibility to test, monitor and validate current infrastructure performance as VoIP is rolled out is essential to long-term success. Reporting on performance, utilization and capacity enables IT operations teams to baseline their current network performance with IPSLA testing employed to assess the impact of VoIP. Having established a baseline of ‘normal’ performance levels, it is then possible to dynamically set accurate thresholds and implement alerts that are issued the moment (or even before) performance degrades or deviates from normal.

Scheduled and on-demand reporting delivers the key performance indicators (KPIs) that, when combined with call quality metrics, provide visibility of the impact of VoIP on both business-application and network performance. For IP telephony, the critical measurements relating to network performance are:

· Packet loss – the discarding of data packets in a network when a device is overloaded and cannot accept any incoming data at a given moment

· Latency – a measure of time delay experienced in a system

· Jitter –a measure of the variability over time of the packet latency

Any increase in latency, jitter, or packet loss will be noticed almost immediately by the caller in the form of static, echo or intermittent sound. In the worst case, the call will drop out altogether. In addition, CDR (call data record) and RTCP (Real-time Transport Control Protocol) based reports can deliver rich statistics for each completed call leg, again enabling call quality measurements to be compared against baselines, and threshold-based alerts issued accordingly.

Maintaining full visibility

Once a full-scale VoIP rollout is live, IT operations teams will continue to need full visibility into both the performance of the IP telephony infrastructure, and that of the network and the other business applications being supported. This means collecting data including network KPIs such as QoS queue utilization, key statistics for the call manager server, implementing IP SLA tests to measure end to end latency, and gather call data via RTCP to understand actual call MOS, Jitter and latency.

Having the ability to link and graph IP telephony call quality metrics with key network performance indicators and then reporting on key call manager statistics for example, means it is possible to see CPU performance, memory usage, interface performance, call per second, number of registered phones, call manager heart beat, as well as the current call for today with MOS scoring, jitter and latency.

With all of this data in one place, normalized and consistent, IT operations teams can easily recognize when call manager performance suffers and assess the impact on call quality and success. When a sudden spike in data traffic impacts on call quality, full visibility ensures that the IT operations team is able to instantly identify the application consuming bandwidth and resolve the issue accordingly. For example, by determining that a user is streaming a non-business related video and hogging bandwidth, the IT manager can quickly contact the user and ask them to discontinue or block access.

Why an appliance makes sense

In a converged network environment supporting IP telephony and UC applications, IT operations teams must collate an ever-increasing volume of performance data – such as server metrics, application flows, network metrics and voice and video quality metrics – from a burgeoning number of network elements if they are to gain an understanding of how key services are performing.

Given the limited scalability of legacy performance management tools, an appliance-based solution is recommended because it eliminates the need for additional software, hardware, or external databases, and can be used in standalone or peered configurations in order to quickly provide reports on any indicator, device, or application to be monitored. Furthermore, the proprietary or technology-specific performance management tools available today are unable to deliver the required level of visibility because data must be acquired manually and cannot be overlaid to gain a single view.

The ability to analyze both network and VoIP performance from one system enables faster troubleshooting and problem resolution, and better coordination between network operations teams and telephony teams. Crucially, the ability to troubleshoot issues effectively before they impact on service or network performance means quality of experience and network availability can be assured for all services.

Author: Peter Cruz
Source

Are You Hiding from Emergency Responders?

Leave a reply

If your organization doesn’t actively manage E911 location information you are increasing the odds that an emergency responder may not be able to find a 911 caller in need quickly enough to help.

It’s that simple.

What should be a no-brainer component of an enterprise workplace safety plan is too often overlooked or, worse, consciously passed over. This isn’t a technology problem; a wide range of hardware, software and cloud-based E911 solutions exist to address the issue. More often than not, it’s a business decision.

We often speak in terms of risk management when talking with organizations about improving their E911 protection. And, there are compelling facts that support this discussion, such as that failure to provide E911 protection to employees could result in regulatory fines.

The Occupational Safety and Health Administration, for example, could penalize an employer for failing to implement E911 under Section 5(a)(1) of the Occupational Safety and Health Act. Also known as the General Duty Clause, it requires employers to furnish a workplace that is free from recognized hazards which may cause or are likely to cause death or serious physical harm. OSHA may also reject an employer’s emergency action plan if E911 is not included. Penalties for violating OSHA can run from $7,000 to $70,000 per day per employee.

It is a common occurrence in large enterprises for emergency responders to arrive in the lobby of a building in response to a 911 call. Many times the security or lobby staff is unaware that a 911 call was made and therefore unable to provide the location of the caller. These occurrences are well known by the telecommunications and security staff, and the corporation’s conscious choice not to fix a potentially harmful situation exposes it to legal action outside of workers compensation that could result in a multi-million dollar damage verdict.

All that aside, isn’t providing a safe workplace the right thing to do? At the risk of being repetitive, it’s that simple.

Author: Nick Maier
Source

Cloud VoIP Services

2 Replies

Historically, business telecommunications has been a highly exclusive club of well-financed service providers who have been highly dependent upon business models that are pegged to over-subscription, product bundling and oligopolistic market control.

Telecommunications infrastructure has been a world of very expensive, highly proprietary equipment and telecom applications such as voicemail, conferencing, three-way calling and caller ID have been developed exclusively within the doors of the large service providers who intended to put them in the market.

The nearly simultaneous advent of open telecommunications software platforms (and their expansive feature-sets), server virtualisation, ubiquitous and affordable high speed Internet access and cloud network architectures has created a unique moment in time for the telecommunications industry and one could argue that this business will never be the same.

A scant five years ago, a business shopping for telecommunications products or services would have only a handful of options. Analog lines or a PRI connected to a proprietary PBX and either a best efforts Internet connection such as DSL or one or more T1s of Internet access.

Today, a business with an Internet connection of acceptable speed and quality can select from a wide array of cloud-based telecommunications services sized exactly to their needs. These services bring new capabilities at an affordable price and are powered in no small part by open source technologies deployed in the cloud by an army of upstart service providers exploiting these new technological opportunities.

The result: an “unbundling” of telecommunications services that provides the consumer choice, flexibility and functionality not available from the conventional telecommunications companies. Today, the availability of new infrastructure designs has accelerated the deployment of scalable open source communications frameworks. Increasingly, these tools are being utilised inside of large carrier and enterprise communications network for their cost-efficiency, scalability and flexibility.

The combination of the cloud and open source communications platforms has also birthed an exciting new application marketplace where creative new business models are being developed on a near daily basis. Companies that enable the underlying service of these applications (think ifbyphone, Twilio or Tropo) are acting as cloud “facilitators” for a new generation of applications being developed by both new business models and existing businesses that are developing their own telephony applications.

Many of these “telephony API suppliers” are powered under the hood by the same open source communications frameworks that are seeing increased adoption in recent years. None of these things were attainable by the average business five years ago and we have open telecom frameworks in the cloud to thank.

So what does all of this mean? Aside from the obvious benefits of choice, features and price reduction these technological advances place greater control in the hands of the consumer. A great example of this shift in control is the freedom made possible through Google’s free voice service.

By using Google Voice, you can separate your phone number from your provider’s control and arbitrarily move from one mobile or land line service provider to another without the need to port out or port in a phone number.

Additionally, the Google Voice service includes a bunch of free functionality such as voicemail transcription, dynamic call routing, in-call transfers, custom greetings, call blocking and web access to all of the above. Clearly, services like Google Voice are focused on empowering the user, not locking them into single provider and/or owning them.

Where consumers used to be lured to telecom companies by bundled product offerings and the promise of “savings” for buying everything in one place, the cloud now allows them the ability to save substantial amounts of money each month by purchasing their services over the Internet on an ad-hoc basis.

Toll-based products such as long distance and international calling have been disrupted by cloud services like Skype and Google Voice. As this market transformation has only just begun and the ways in which it will impact conventional telecommunications are not completely clear, it is safe to assume that cloud services will gain market share from the incumbents as the result of their capability, flexibility and affordability. The only uncertainty is how and when the conventional telecoms will respond.

Author: Bryan Johns
Source

Voice Networks Make Botnet Control Easy

Leave a reply

Botnets and their masters can communicate with each other by calling into the same VoIP conference call and swapping data using touch tones, researchers demonstrated at Defcon.

This gives the botmasters, whose top goals include remaining anonymous, the ability to issue orders from random payphones and disposable wireless handsets, said researchers Itzik Kotler and Iftach Ian Amit of security and risk assessment firm Security Art.

Using phones and the public phone networks eliminates one of the prime tools bot fighters have: taking down the domains of botnets’ command and control servers, the researchers say. If the botmaster isn’t using a command and control server, it can’t be taken down.

In fact, the botmaster can communicate with the zombie machines that make up the botnet without using the Internet at all if the zombies are within a corporate network. So even if a victim company’s VoIP network is segregated from the data network, there is still a connection to the outside world.

In addition to its stealth, the VoIP tactic employs technology that readily pierces corporate firewalls and uses only traffic that is difficult for data loss prevention software to peer into. The traffic is streamed audio, so data loss prevention scanners can’t recognise patterns of data they are supposed to filter, the researchers say.

The downsides of VoIP as a command channel are that it severely limits the number of zombie machines that can be contacted at once, and the rate at which stolen data can be sent out of a corporate network is limited by the phone system. But Kotler and Amit say the connections are plenty big to send commands in.

During their demo at the conference, the pair had an Asterisk open source IP PBX stand in as the corporate PBX. A virtual machine representing a zombie computer on a corporate network called via TCP/IP through the PBX and into a corporate conference call. A BlackBerry representing the botmaster dialled in over the public phone network to the same conference call.

The researchers then used Moshi Moshi open source software to communicate between the botmaster phone and the zombie machine. Moshi Moshi includes a translator that converts commands into DTMF touch tones as input, and converts stolen data from text to speech for output. The resulting voice traffic is phoned into a voice mailbox that the botmaster can pick up whenever it’s convenient.

One tricky part is configuring the PBX to allow DTMF tones to pass through into the conference. Another is that the botmaster has to create a DTMF-based language that the bots are programmed to understand.

The researchers say their demonstration was merely a proof of concept, and that it could work much better with refinements. For instance, incorporating modem technology into the scheme could result in faster exfiltration rates than sending speech generation voicemails.

To defend against this type of VoIP abuse, Kotler and Amit recommend separating VoIP from the corporate network altogether in order to prevent compromised computers from tapping into conference calls. They recommend monitoring VoIP activity to discover unauthorised use of conference calls, say after business hours. And they say conference calls should be whitelisted, allowing access only from authorised IP addresses and phone numbers.

Source