February 2008 Archives

Welcome to TBI University, Where the Tuition is Free

February 29, 2008 7:21 AM | 0 Comments

Welcome to TBI University, Where the Tuition is Free - Courses By TECHtionary 

This is a professional development program for channel partners. Here's how it works: the channel partner pays half of the normal tuition upfront (i.e., $149), TBI will pay the other half, and when the channel partner closes the first qualified sale, TBI will reimburse the channel partner in full. From the basics to the most advanced, these online courses will teach the channel partner what you need to know to sell in today's telecom market.
 
To Register, please contact Scott Tossman 847.353.1388 scott@tbicom.com
 
Internet Studies 101: Communications Technology Manager. An Introduction to the Fundamentals of Digital Communications Technology
Internet Studies 201: Wireless Technology Manager. Job Training and Implementation of WiFi, WiMax, Cellular and IMS
Internet Studies 201: VBE - VoIP Business Executive. Channel Provider & Partner Business Sales & Technical Strategies for VoIP-SIP
Internet Studies 201: STE - SIP Technology Business Executive SIP Essentials. An Executive Guide to SIP-Session Initiation Protocol
Internet Studies 301: Advanced Data Networking Preparation for industry-wide Cisco, Microsoft, Avaya, Comptia and other certifications
"VoIP Business Executive course VoIP training to a new higher level. For example, there is nothing like the tutorials SIP available anywhere or from anyone. For the channel partner or customer, this course provides critical insights for successful implementation and management. The new user interface speeds learning allowing viewers to grasp complex concepts faster than ever before. With this course, VoIP providers can rapidly accelerate the learning process for their channel partners which in turn accelerate revenues. Now is the time for users and providers alike to make this course an integral part of their business operations."
Matt Jolly, Oxford Networks
 
"I am writing regarding Tom Cross and the online training and VoIP/SIP course. By far this is the best program in place, as Tom is one of the most recognized trainers in the United States for VoIP/SIP. It might be worth to add this course to your sign-up package for agents around the country not only as a profit center but something that you could co-brand and have a "leg-up" on your competition."
Bill Bowyer, CEO - VoIP in America
 
"The SIP/VoIP courses are more than a superb primer on VoIP/SIP technology; they are an indepth business plan for a VoIP/SIP implementation. In addition, the VoIP/SIP diagnostic and troubleshooting guide is the most thorough approach to VoIP QoS available. I need information that informs but does not overwhelm. Information that guides but not drives you away. The courses provide insights and actionable information that has helped me get the technology we need sooner but saved me a considerable amount in understanding what we didn't need. The SIP course especially is a valuable one which provides much needed information in a readily understandable format."
Paul Daubitz, President - ATI-TeleManagement

You Decide: Is Microsoft OCS the PBX, Hosted VoIP Killer?

February 28, 2008 8:40 AM | 0 Comments
You Decide: Is Microsoft OCS the PBX, Hosted VoIP Killer?
Tom Cross Speaker and Moderator - Session Title: Microsoft OCS — Is it Magic or Me-Too?
Come and decide for yourself at Channel Partners - March 10 - 4:30 - Las Vegas
For more go here: http://www.channelpartners.phoneplusmag.com
 
By Khali Henderson
Microsoft’s Office Communications Server and unified communications software was rolled out to significant fanfare last fall. But what does it mean for the channel?
Tom Cross, CEO for Techtionary.com, says he thinks Microsoft OCS is the PBX and hosted VoIP killer. The reason is that it's totally integrated with Microsoft Outlook. "Outlook is the cocaine of the industry. I'm on it 12 hours a day," he said, explaining that OCS's integration in the e-mail client gives it an automatic in with business customers and an advantage over other IP PBXs and even hosted VoIP. He says it's not a matter of if, but when customers will begin embracing the solution.
"The IM is cool and the telephony features are incredible. It's more than a toolbar inside Outlook. It flows. It's fluid. Communications is not dysfunctional anymore," he says, noting that other communications tools are disjointed and not integrated with each other.  As for its advantages over hosted VoIP, with OCS, there is no need to buy a desk telephone set, just a computer and a mobile phone, he notes.
Cross will be leading a session at Channel Partners Conference & Expo on the opportunity that Microsoft's entry into the IP PBX market represents for the channel. "It's going to finally force channel partners to figure out what business they are in," he said, noting that it requires voice and data networking competencies to sell and implement.
"It's the 'Channel Borg.' It brings the channels together," likening it to Star Trek's Borg where different species are assimilated into a hive-like entity with one mind. Users can have one vendor -- even the wiring is converged.
The consolidation of bandwidth required by OCS is one opportunity for agents, he adds. "Because Microsoft channel partners have not had to deal with telecom, there's an opportunity for agents to be the connectivity partners to Microsoft Gold Partners," he says. "It's also a huge opportunity for an agent looking to become a Microsoft VAR."

2008 Business Forecast - Why Are Businesses Buying VoIP/SIP in 90 Seconds

February 27, 2008 5:21 PM | 0 Comments
2008 Business Forecast - Why Are Businesses Buying VoIP/SIP in 90 Seconds
 
The animated tutorial explains some of the key reasons why businesses in 2008 (not consumers) are buying VoIP/SIP.    About "why-buy," a survey of key VoIP-SIP providers and users found:
10 - VoIP is hot and cool - "buying a business model, not phones."
9 - Softphones are really cool - "techies today, the rest will follow" increasingly softphones replace/outpace desksets.
8 - VoIP/SIP is software-based features instead of buying a PBX - "open source" hosted or better known as “web-access” or SAAS-Software As A Service like website hosting is gaining acceptance. Integrated Access “flex-T-1” dynamically provides prioritized-voice calls (up to 10 using G.711 and 40 calls with G.729 depending on the provider) when in use and increased data transmission when telephone are not in used. This is one type of SIP Trunking as there will be other service options.
7 - Self administration of system MACs-moves-adds-changes - "users change their own features, not waiting for admin."
6 - Empowers all the users - "there are advantages even for physically challenged staffers."
5 - Simplified relocation - move the phone intra-building or to any city and plug-it-in and starting making/receiving telephone calls.
4 - Simultaneous ring - rings anywhere and everywhere until you answer the phone - "find me follow me."
3 - Messaging integration with features such as click-to-dial, answering and dialing, fully integrated - "toolbar" integration inside Outlook is "priceless."         
2 - Management and user "web portal" control of features: call logs and ease-of-administration and remote web access via browser has high user acceptance.
1 - TCO -- Total Cost of Ownership - 20-30% pay less than what they now pay for voice, long distance, high-speed access, and MAC -- moves-adds-changes, however many pay more than what they were paying but the benefits are still greater. Businesses also want "one-stop" shopping - communications and computing - one provider who does both. Simply put, one size may not fit all but integrated computing-communications win. Lastly, it’s not about voice anymore, it’s about presence and context – topics for future discussion.

This tutorial is part of SIP Essentials 2.0c available in the onsite and online courses. The online version is $299 for SIP 2.0c and for $499 as part of OCS-101 Office Communications Server online version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com Discounts are also available to members of the SIP Forum. For a complete detailed course outline go to: http://www.techtionary.com/ocs/sip-essentials.htm

NEW - Multiple SIP-OCS proxies - SIP to SIP calls, TDM to TDM calls and SIP to TDM calls

February 27, 2008 1:13 PM | 0 Comments
I published a tutorial on Media Gateway's a few weeks ago.  However, there is something new so I added this new tutorial along with the rest.  The following tutorials are some examples of customer applications of MG-Media Gateways:
- Connection of IP-PBX to PSTN
- Connection of IP-PBX to PSTN & SIP trunk provider
- Survivable connection to SIP trunk provider
- Connection of PBX & IP-PBX to PSTN & SIP trunk provider
- Connection of IP-PBX to Hosted VoIP provider
- Connection of IP-PBX & PSTN to Microsoft OCS Server
NEW - Multiple SIP-OCS proxies - SIP to SIP calls, TDM to TDM calls and SIP to TDM calls
Thanks to Quintum.com.  Their new Tenor MultiPath VoIP switches now feature a new Unified Communications Proxy (UCP), for enhanced call routing and SIP to SIP switching. This means Tenor can switch SIP to SIP calls, TDM to TDM calls and SIP to TDM calls and integration into an existing voice network.   For more, go here: http://www.quintum.com/microsoft/index.html

SIP Security - IP-Sec - AH-Authentication and ESP-Encapsulating Security Visualized

February 27, 2008 8:58 AM | 0 Comments
SIP Security - IP-Sec - AH-Authentication and ESP-Encapsulating Security Visualized
 
They say a picture is worth a 1,000 words, an animation ten times that and even more as the complexity of the problem increases. I have read 30-page white-papers on IP-security and its still “techno-babble.”  Here’s the animated tutorial. If you are brave enough the text explanation is below the animation.   
 
The IP AH-Authentication Header adds another security check by adding another label or tag to the IP packet/datagram. AH supports TCP-Transmission Control Protocol and UDP-User Datagram Protocol. The IP AH-Authentication Header fits in between the original IP header and the TCP/UDP header.  Shown here is the format for IP-Security Transport Mode.  This the format for IP-Security Tunnel Mode where the original IP packet, TCP header and data are encrypted and a new IP header is used to route the packet. A Transitive Trust provides the means to transmit trust from one domain or server to another without having to authenticate the client again. This may reduce the need for Tunnel Mode within one network or between trusted networks. IP ESP-Encapsulating Security Payload like AH seeks to enhance security by encrypting data to be protected. ESP can be used to encrypt Transport Layer 4 protocols such as TCP, UDP, ICMP-Internet Control Message Protocol or the entire IP packet. The SPI-Security Payload Identifier is a 32-bit pseudo-random value identifying the security association. If no security value has been assigned, the value is 0x00000000. This is the format for ESP IP-Security Transport Mode where the original IP packet is not encrypted but the TCP header, data and ESP trailer are encrypted with an ESP authentication is added/appended. This is the format for ESP IP-Security Tunnel Mode where the original IP packet, TCP header, data, ESP trailer are encrypted and a new IP header is used to route the packet with an ESP authentication packet appended. Since we are discussing security, let's review the role of other packet schemes. GRE-Generic Routing Encapsulation packages arbitrary packets within an arbitrary Transport-Layer 4 protocol. GRE can be used with IP, using IP as the delivery or payload (data) protocol. Next you will see GRE used in PPTP. PPTP encapsulates IP packets in a tunnel across a TCP/IP network. PPTP is a special communications connection using a special TCP-Transmission Control Protocol port (special place of entry) to create a tunnel. 
 
This tutorial is part of SIP Essentials 2.0c available in the onsite and online courses. The online version is $299 for SIP 2.0c and for $499 as part of OCS-101 Office Communications Server online version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com Discounts are also available to members of the SIP Forum. For a complete detailed course outline go to: http://www.techtionary.com/ocs/sip-essentials.htm

SIP Essentials 2.0c Announced

February 27, 2008 1:19 AM | 0 Comments
SIP Essentials 2.0c Announced
More than 100 New Concepts for Comprehensive Planning for VoIP-SIP-ITP-OCS Networks
 
BOULDER – February 27 – TECHtionary.com today announced “SIP Essentials 2.0c,” a significant expansion of what’s been called the “quintessential” guide for SIP-VoIP, Office Communications Server and IPT-Internet Protocol Telephony networks. SIP Essentials 2.0c provides the means for customers who are planning, implementing and expanding their communications networks to “get SIP smart” with guidance, ideas and tools. With more than one hundred new concepts for review, SIP Essentials 2.0c is vital to anyone doing VoIP/SIP/IPT for network solutions and premise-based implementations.
 
Some of the key highlights in SIP Essentials 2.0c:
-          Top-10 reasons why customers are buying SIP-VoIP
-          New options and new roles for Media Gateways replacing PBXs
-          Expanded details on SBC-Session Border Controllers
-          50 point security checklist
-          More than 30 solutions to common problems and troubleshooting guide
-          Improved section on QoS and RTCP-XR-MRB
-          Indepth explanations of complex problems such as echo, crosstalk and asynchronous transcoding
-          “Vo-eye-P” packet test
-          Vast array of other improvements, solutions, ideas and technology.
 
SIP Essentials 2.0c continues to improve in nearly every aspect of VoIP-SIP, OCS and IPT. This course is now even more vital to every organization as VoIP/SIP is new and new approaches to planning and managing are important to understand how. Coupled with the new improved solutions-answers, security section, troubleshooting guide and QoS primer, SIP Essentials 2.0c courses are without peer from any source.” noted Paul C. Daubitz – President – ATI-TeleManagement (http://www.ati-telemgt.com a professional management consultancy).
 
SIP Essentials 2.0c takes our SIP/OCS courses to the critically important next level,” noted Tom Cross TECHtionary CEO. “SIP is a complex process as SIP is not just a single location service but one that encompasses nearly all aspects of business communications and computing,” Cross added.
 
SIP Essentials 2.0c is available in the onsite and online courses. The online version is $299 for SIP 2.0c and for $499 as part of OCS-101 Office Communications Server online version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com. Discounts are also available to members of the SIP Forum. For a complete detailed course outline go to: http://www.techtionary.com/ocs/sip-essentials.htm. Courses are also available from TelecomWebU at: http://www.telecomweb.com/registration_telecom_knowledge.html
 
-------   
Public Session of SIP Essentials 2.0c – May 12-13 – New York City
For more information, go to: http://www.bcrtraining.com/course-info/sip.php or call 1-800-227-1234 to attend the public session of this training program.
------

SIP, MGCP, H.323, H.248 MEGACO Explained

February 26, 2008 7:42 PM | 0 Comments

 

While VoIP-Voice Over Internet Protocol comes in many forms, the four major standards-based systems are: 
1) H.248 MEGACO-MEdia GAteway and COntrol,
2) H.323,
3) MGCP-Media Gateway Control Protocol and
4) SIP-Session Initiation Protocol. 
H.323 and H.248 are ITU-International Telecommunications Union (www.itu.it) standards.   IETF-Internet Engineering Task Force (www.ietf.org) originated SIP as an internet technology based on PC-Personal Computers and other intelligent devices. MGCP is a voice protocol designed to interoperate between circuit-switched and packet-switched networks. MGCP separates the signaling and call control from the media gateway. H.248 originated from the PSTN-Public Switched Telephone network using SS7-Signaling System 7 with dumb devices. 
 
1) H.248 is an ITU standard also known as MEGACO-Media Control Gateway. H.248 is a master/slave communications protocol with two basic constructs called Terminations - media connections called physical (time slots) and ephemeral (IP flow) and Contexts - associations between terminations which can be added or deleted. Shown here is the call flow for H.248.
 
H.248 uses SS7-Signaling System 7 as the primary signaling system for call routing. SS7 is a packet-switched network used to control the circuit-switched PSTN-Public Switched Telephone network. The SS7 network is tightly control with NO public access. The A-F links pass SS7-Signaling System 7 packets from SSP-Service Switching Points via STP-Signal Transfer Points to SCP-Service Control Points. SSP-Service-Signal Switching Points are the local Class 5 End Central Offices. Signal Transfer Points can contain some database functions but the SCP-Service Control Point is the primary database lookup service.
 
The SS7 network provides many unique features such as *69 automatic callback, 800 toll free service, look ahead call routing to route calls to any call center or agent in the world and emerging services such as CRBT-Color Ring Back Tones (shown here) tones, music and other information services. 
 
2) H.323 is an ITU-International Telecommunications Unions standard and the logical progression from circuit-switched to packet-switched telephone call processing including video services. H.323 networks consist of Call Processing servers, MG-Media Gateways and GateKeepers.   Call Processing servers provide routing and communications (connections) to MG and end-user devices (phones called terminals). MG or Gateways provide H.323 call termination and interface with non-H.323 networks such as PSTN-Public Switched Telephone Network (circuit-switched long distance networks). Used in larger networks, optional GK-GateKeepers or Gatekeepers provide central call administration and control, bandwidth administration and signaling. 
 
1- At bootup/login, H.323 terminals (phones) registers with GateKeeper.
2 - When Sender goes off-hook and dials number, request is sent to GateKeeper.
3 - GateKeeper (optional) authorizes call to be completed and tracks bandwidth.
4 - Sender send Q.931 call setup message to receiver.
5 - Receiver is notified of setup message by ringing.
6 - Sender initiates CODEC (media stream) compatibility exchange with receiver.
7 - Optional RSVP-Reservation request is sent.
8 - Sender/Receiver opens a RTP-Real-Time Protocol session.
9 - Upon on-hook, RTP session is terminated.
 
 
Here are some technical notes regarding protocols.
1 - When a call is initiated a TCP-Transmission Control Protocol session is created for H.225.0 Messages such as, RAS-Registration-Admission-Status, RIP-Request In Progress, Bandwidth change and other functions.
2 - A second TCP session is created for H.245 Channel Usage Messages such as Master Slave Determination messages, Terminal set capability messages, Open/Closed Logical channel signaling messages and other functions.
3 - To provide QoS-Quality of Service, an RSVP-ReSerVation Protocol packet is sent.
 
3) MGCP-Media Gateway Controller Protocol is a device control protocol developed by IETF-Internet Engineering Task Force designed to control devices such as MG-Media Gateways and IAD-Integrated Access Devices.   The difference between MGCP and other multimedia control protocol systems is that MGCP allows the endpoints in the network to control the communication session. MGCP is a protocol that operates between a MG-Media Gateway and a MGC-Media Gateway Controller known as Call Agents or Soft Switches. This process allows the Media Gateway Controller to control the Media Gateway.
 
These devices use text format (MIME means Multipurpose Internet Mail Extensions) messages to set up, manage, and terminate multimedia communication sessions (Layer 5) in a communications system. The text is formatted according to SDP-Session Description Protocol and placed in a SAP-Session Announcement Protocol packet.   That is, telephone signaling messages are sent via UDP-User Datagram Protocol packets with a SAP header and a text payload (telephone number, email, protocol, connection information, bandwidth, etc.).   Once signaling is completed, RTP-Real Time Protocol packets are sent via UDP between the callers.
 
4) SIP-Session Initiation Protocol is an IETF-Internet Engineering Task Force signaling protocol for internet conferencing, telephony, presence, events notification (emergency calling) and instant messaging.   Designed around internet applications such as HTTP-HyperText Transfer Protocol, SIP is more multi-media focused than just for voice applications. Shown here is the call flow for SIP.
 
 
This tutorial is part of SIP Essentials 2.0c available in the onsite and online courses. The online version is $299 for SIP 2.0c and for $499 as part of OCS-101 Office Communications Server online version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com Discounts are also available to members of the SIP Forum. For a complete detailed course outline go to: http://www.techtionary.com/ocs/sip-essentials.htm
 
About TECHtionary.com
TECHtionary.com creates custom media tools for onsite, online, podcast, blog, virtual installation manuals, animated online presentations, web seminar, iPod/iPhone formats for sales, technical, support and customer education.  In addition to its courses—which include Communications Technology Manager, Wireless Technology Manager, VoIP-SIP Business Executive – Channel Partner Training, SIP Essentials for Enterprise Managers, Advanced Data Networking and SIP-OCS-Microsoft Office Communications Server and others -- TECHtionary.com provides white papers, award-winning customer case studies, user and administrative animated documentation and training tutorials, marcom brochures, public relations and sales and channel consulting. 
 
TECHtionary.com has more than 3,005 free online presentations on data communications, internet, wireless, VoIP-Voice over Internet Protocol, SIP, OCS, PBX Systems, routing protocols, IT security, telephony, telecommunications, networking, routing, IPTV, WiMax, power systems, broadband, WiFi-wireless fidelity and other related technologies available at http://www.techtionary.com

SIP-VoIP SBC-Session Border Controllers – Session Controllers Explained

February 24, 2008 8:09 PM | 0 Comments
According to our research, "The primary function of the SBC is to serve, basically, as a SIP aware NATing Firewall." SC-Session Controllers or SBC-Session Border Controllers are access devices operate at Layer 5 Session Layer, where as routers operate at Layer 3 Network.   Some of the key SBC/SC functions are:
- Secure network peering - private and public to enhance performance
- Topology hiding - using various types of inter-AS-Autonomous System features as well as separating media (voice) and hide signaling (IP addresses) data streams (traffic)
- Border call routing - routing at AS level rather than with interior protocols
- Interoperability - access/restrict to reduce voice spam
- QoS & Call Admission Control - load/jitter correction
- Billing systems interoperability - reduce billing errors
- NAT-Network Address Translation - routing for maximum performance
- CALEA-Communications Assistance for Law Enforcement Act - discussed next
- Compatibility with billing - discussed next
- Dialect conversion - discussed next
- Protocol conversion - discussed next
- Codec conversion - discussed next
- Firewall restrictions - discussed next
- Wholesale and Transit peering - discussed next
Various types of stateful (interconnect different networks such as H.323, MGCP-Media Gateway Control Protocol and SIP-Session Initiation Protocol) and stateless (same networks) Session Controllers exist depending on the VoIP Network features required.
The previous tutorials explained more details on specific SBC/SC features, CALEA and SIP Wholesale and Transit Peering.
 
SC-Session Controllers or SBC-Session Border Controllers operate at Layer 5 Session Layer, where as routers operate at Layer 3 Network. Some of the key functions are:
Dialect Conversion - SIP-to-H.323 and other translation.
Protocol conversion - inband DTMF to out-of-band - dialed number translations. That is, the SC integrated proxy server forwards SIP invite to the H.323 gateway.
CODEC conversion - COmpression-DECcompression of analog voice packets to various types of ITU standard digital voice compression standards such as G.711 (64 KBPS PCM-Pulse Code Modulation), G.723 (5.3 and 6.3 KBPS), G.726 (16, 24, 32 and 40 KBPS ADPCM-ADaptive PCM), G.728 (16 KBPS CELP-Code Excited Linear Prediction), G.729/a (32 KBPS ADCPM) and others.
Firewall - upon completion of call setup signaling, two-way RTP-Real Time Protocol voice messages are sent and controlled via the SC based on administrative security policies.
The FCC requires that "all domestic communicates be transmitted through U.S. earth stations or routes through a POP-Point of Presence that includes a network switch or router that is located in the U.S. While other countries have adapted CALEA-like regulations, there are many problems to be overcome for international interception. Session Controllers can provide a CALEA interface for mediation (see E-911-CALEA for more on CALEA procedures).
 
1 - Wholesale Peering service - need a “pipe” or circuit connection
- Dedicated connections - generally one circuit or group in each direction - so we know which way to go and for load-balancing
- Reduces router hops for better performance
- Wholesale services available for carrier who wants direct connection to public peer POPs-Points Of Presence
 
2 - Transit Peering services - need a “ride” for your packets
- SPOPs - service points of presence for access to services-servers
- Provides connections to another network and beyond
- May add hops (router connections) for some connections
- For a fee - top secret deals between carriers
 
The complete details on SBC/SC can be found in the SIP Essentials and OCS-Office Communications Server classes. For more go to http://www.techtionary.com.

OCS Exposed – Practicing Safe OCS

February 21, 2008 7:50 AM | 0 Comments
Aside from all the hackers and all the bothersome constant updates to Windows, there have been surprisingly few reported attacks on Outlook. Of course, now that OCS is integrated into Outlook that will certainly be expected that to change. At the same time, Microsoft uses Kerberos and digital certificates to provide improved security for OCS. More about that in a future report. 
 
Meanwhile back at the ranch, like so many types of corporate crime that go unreported because the company doesn’t want to expose itself to perceived governance incompetence, new types of VoIP/SIP attacks are being reported at an alarming rate in the trade press. Even though none so far show up in searches in Google or Yahoo, attacks like VOMIT-Voice Over Misconfigured Internet Telephony, SPIT-SPam over Internet Telephony, vishing (the voice equivalent of phising), SPIM-SPam Over Instant Messaging and others are the VoIP/SIP equivalent of STDs. My particular concern is not just annoying problems like SPIT/SPAM, which according to some can be cured along with viruses by filters, spyware, firewalls and routers but unknown new approaches. Many others think that existing solutions is just supporting existing prevention companies, not realizing what new problems are all about. Think about it. How in the world can you stop something, if you don’t know what it is? Well, many just deal with lots of patches, fixes and service pack updates. For others, new solutions will be needed. Sounds a bit like the Clinton-Obama debate.
 
The really serious problems, in my opinion, are calljacking or call-hijacking, eavesdropping, MITM-man-in-the-middle and other types of monitoring, wire tapping and call interception attacks. There are increasing reports of rerouting SIP INVITE registration attacks where the hacker monitors, tampers, injects voice, redirects calls, terminates and other SIP method attacks.   Corporate secrets, violations of HIPAA, SOX, GLBA and other compliance requirements and even simple privacy guidelines are all at risk for these attacks. And, if the capture of voice conversations is not enough, one of my other worries is call “injection” where obscenities, threats and even other comments create a hostile work environment, litigation, discrimination and so on.
 
While some say that VDOS-Voice DOS-Denial Of Service attacks are more critical, others believe that existing firewall and IDS-Intrusion Detection Systems can be expanded to address voice DOS attacks. As you are beginning to see, the range of voice attacks is as large or larger than attacks on data. What is worse is that for one hundred years we have trusted our voice networks from intrusion, attacks and truly criminal attacks. In addition, other than government monitoring (and that is a separate discussion), reports of criminals stealing corporate or personal secrets is almost unheard of for fear of bad PR or poor compliance.   However, least we forget, toll fraud is still a multi-billion dollar industry. Console cracking and other types of toll interception is still prevalent. 
 
As one SIP expert said it, “Frankly providers of SIP network solutions and those with premise equipment such as Avaya, Cisco, Microsoft, Nortel and others have largely left SIP security planning to the customer to figure out. VoIP/SIP attacks are also increasing but product vulnerabilities are also on the rise with a report this week by Cisco that ‘Cisco Unified IP Phone models contain multiple overflow and denial of service (DoS) vulnerabilities. A SIP Security Checklist is not just a do-it-once review but a planning guide for ongoing daily security protection,” noted Matt Jolly.  What is really needed is guidance and best practices. There is one industry association devoted to that cause. The VoIPSA-Voice Over Internet Protocol Security Association (http://www.voipsa.org) is a place to “get smart” about VoIP/SIP security. VoIPSA has working for many years to help “you all” get a grip on the challenges, risks as well as providing solutions. 
 
Lastly, have a security plan before not after you implement VoIP/SIP because as Thufir Hawat in the movie Dune reminds us in preventing attacks by the nasty Harkonnen, “the first step in avoiding a trap is knowing of its existence.”
 

OCS Exposed - Three-Headed Dog Kerberos Advanced Security Protection

February 19, 2008 6:54 AM | 0 Comments
Kerberos is used to provide security in OCS and one of the types of security in a Forest.   Kerberos security protocol comes from Greek mythology of a three-headed dog. Kerberos is a three-step security process used for authorization and authentication. The three-heads of Kerberos are: 1-User, 2-KDC-Key Distribution Service (security server) and 3-Services (servers). Kerberos is a standard feature of Windows software. To create the trust on the Forest on the external side of the firewall, the administrator publishes the following ports on the internal server domain controllers: Kerberos-sec (port 88) UDP-User Datagram Protocol. Other potential ports are: Microsoft-DS (port 445), LDAP TCP (port 389) Lightweight Directory Access Protocol Transmission Control Protocol or LDAP UDP (port 389).   Kerberos-sec (security) (Port 88) UDP is an assigned/known UDP port. Ports are used to determine function such as Port 21 TCP for FTP-File Transfer Protocol or Port 80 TCP/UDP for HTTP-HyperText Transfer Protocol (web surfing).
An explanation of Kerberos.
User Clark Kent signs-on to the network via sign-in (login/logon) name and password and requests a TGT-Ticket to Get Ticket by the AS-Authentication Service portion of the KDC-Key Distribution Center. The AS-Authentication Service has access to AD-Active Directory user account database. Once authenticated, user is granted a TGT-Ticket to Get Tickets valid for the local domain with time stamp. The user presents the TGT to the TGS-Ticket Granting Service.  The TGS reads the Ticket using its own encryption key. If valid, a ST-Service Ticket is generated for both the user and the targeted server. The TGS is sent to the Server, is decrypted and authenticated. The Server uses its own encryption key from the KDC. If valid, returns a time stamped using the Ticket and establishes service. The TGT is stored in local cache memory and has a default lifetime of 10 hours which may be renewed without password re-entry. 
In the second animation, Kerberos can also be used in a multi-domain (server) computing network.
The user contacts the local domain KDC TGS-Ticket Granting Service using a TGT-Ticket to Get Ticket. KDC recognizes request is for a foreign domain server and responds with a Referral Ticket for the foreign KDC. The Foreign TGS-Ticket Granting Service decrypts Referral Ticket and issues new Ticket for foreign service. The TGS is sent to the Server, is decrypted and authenticated. The Server uses its own encryption key from the KDC. If valid, returns a time stamped using the Ticket and establishes service. Additional Referral Tickets can be used to authorization in other domains (database or proxy server). An interdomain key based on the trust password becomes available for authentication. The TGS is sent to the Server, is decrypted and authenticated. The Server uses its own encryption key from the KDC. If valid, returns a time stamped using the Ticket and establishes service.  
The complete details and recommendations for SIP Security and other types of VoIP security can be found in the SIP Essentials and OCS-Office Communications Server classes. For more go to http://www.techtionary.com.

50-Point Comprehensive SIP Security Checklist Announced

February 15, 2008 8:06 AM | 0 Comments
Security Planning Guide for VoIP-SIP-ITP Networks
 
BOULDER – February 15 – TECHtionary.com today announced “SIP Security Checklist,” an indepth security planning tool for SIP-VoIP and IPT-Internet Protocol Telephony networks. Security Checklist provides the means for customers planning, implementing and expanding to “get security smart” with guidance, ideas and tools. With fifty concepts for review, SIP Security Checklist is vital to anyone doing VoIP/SIP for network solutions and premise-based implementations.
 
SIP Security Checklist is vital to every organization as VoIP/SIP is new and new approaches to security are important to understand how and where attacks will come from. Coupled with the Troubleshooting Guide and QoS primer, the SIP/OCS courses are without peer from any source.” noted Paul C. Daubitz – President – ATI-TeleManagement (a professional management consultancy).
 
 “Frankly providers of SIP network solutions and those with premise equipment such as Avaya, Cisco, Microsoft, Nortel and others have largely left SIP security planning to the customer to figure out. VoIP/SIP attacks are also increasing but product vulnerabilities are also on the rise with a report this week by Cisco that ‘Cisco Unified IP Phone models contain multiple overflow and denial of service (DoS) vulnerabilities.’ The SIP Security Checklist is not just a do-it-once review but a planning guide for ongoing daily security protection,” noted Matt Jolly CTO.  
 
SIP Security Checklist takes our SIP/OCS courses to the critically important next level,” noted Tom Cross TECHtionary CEO. “SIP is a complex process as SIP is not just a single location service but one that encompasses nearly all aspects of business communications and computing all these elements face even great security challenges and a comprehensive approach is required,” Cross added.
 
Some of the key areas in the SIP Security Checklist include:
-          Management & Compliance
-          Network
-          Servers, Phonesets, Softphones and other Devices
-          Wireless
-          SBC-Session Border Controller and other NAT considerations
 
The SIP Security Checklist is available in the SIP-OCS-101 onsite and online courses available for $299 for SIP and $499 for the OCS-Office Communications Server version per person or less with discounts. For more information go to http://www.techtionary.com or please call Tom Cross at 303-594-1694 or cross@gocross.com

MG-Media Gateways Simplified

February 13, 2008 7:15 PM | 0 Comments
The following tutorials are some examples of customer applications of MG-Media Gateways:
-          Connection of IP-PBX to PSTN
- Connection of IP-PBX to PSTN & SIP trunk provider
- Survivable connection to SIP trunk provider
- Connection of PBX & IP-PBX to PSTN & SIP trunk provider
- Connection of IP-PBX to Hosted VoIP provider
- Connection of IP-PBX & PSTN to Microsoft OCS Server
 
Thanks to http://www.quintum.com for assistance in the preparation of this tutorial.  The complete details on Media Gateways and other applications of SIP and other types of VoIP can be found in the SIP Essentials and OCS-Office Communications Server classes. For more go to http://www.telecomweb.com/registration_telecom_knowledge.html

SIP Security Another Oxymoron

February 13, 2008 10:09 AM | 0 Comments
There's nothing that gets people "up in arms" than terrorism.  In the spirit of keeping terrorists away, here is the "Security Attack Of the Day" so you can plan to accordingly.  SIP-Specific Event Notification as described in RFC-3265 is the ability to request asynchronous notification of events. "This proves useful in many types of SIP services for which cooperation between end-nodes is required. Examples of such services include automatic callback services (based on terminal state events), buddy lists (based on user presence events), message waiting indications (based on mailbox state change events), and PINT-PSTN-Internet Internetworking (based on call state events). The general concept is that entities in the network can subscribe to resource or call state for various resources or calls in the network, and those entities (or entities acting on their behalf) can send notifications when those states change." The following is an example of a type of attack based SIP-Specific Event Notification.
A Hacker sends a "Messages-Waiting: yes" messages to all phones in a SIP-network. Phone process this NOTIFY status message and initiates icon/blinking Message Waiting display. Users initiate access to voicemail system leading to system overload.
Since no new voice messages are found users initiate support calls wasting time on unfounded problem.
The complete details and recommendations for SIP and other types of VoIP security can be found in the SIP Essentials and OCS-Office Communications Server classes. For more go to http://www.techtionary.com

TelecomWeb University - New Online Features Offer Telecom Professionals One-Stop Information Shopping

February 12, 2008 1:02 PM | 0 Comments
Parsippany, NJ, February 12, 2008 – TelecomWeb readers now can peruse the news, watch the latest industry-related videos, get a little education and look for a new job, all without leaving the TelecomWeb.com home page.
 
New this week, TelecomWeb and its industry partners Magnify, TECHtionary and JobTarget are offering
 
  • TelecomWeb TV, allowing watchers to “change the channels” by entering key industry words like “VoIP,” “Windows Mobile 6” or “broadband” while also giving them the opportunity to post their own business-related content.
 
  • TelecomWeb University, offering image-based online courses designed for enterprise executive and technical managers, marketing and training personnel, engineers, channel partners, value-added resellers, systems integrators, manufacturers, software developers, agents, consultants and others in the communications industry, and featuring Microsoft OCS training; and
 
  • TelecomWeb Job Search, where readers can take a swim in the job pool, and employers can post their latest openings.
 
“We know telecom professionals have a limited amount of time to search out the daily information they need, and TelecomWeb.com is able to offer its readers a one-stop shop,” says Mike O’Neill, vice president and publisher, The Telecom Intelligence Group. “By partnering with best-of-breed content providers, we make sure our readers can stay on top of business concerns and infotainment from their desktops or from their wireless devices, whenever and wherever they want. And they can be as interactive as they choose to be.”
 
Adds Tom Cross, CEO of TelecomWeb University partner TECHtionary, “TelecomWeb University is the first professional educational curriculum devoted to next-generation communications technology on VoIP, Session Initiation Protocol, Office Communications Server and other concepts. Our courses are critically important to enterprises bringing together data networking, telecommunications and other organizations. In addition, TelecomWeb University provides critical success capabilities for channel partners, value-added resellers and anyone in the distribution channel.”
 
 
For more information about TelecomWeb TV, TelecomWeb University, TelecomWeb Job Search and other TelecomWeb editorial services and products, contact Mike O’Neill at moneill@telecomweb.com or at 973/602-0114. 
 
About The Telecom Intelligence Group and TelecomWeb

The Telecom Intelligence Group is the parent company of TelecomWeb, which encompasses global market-intelligence InfoTrack reports; daily e-letter TelecomWeb news break; TelecomWeb wireless, TelecomWeb broadband and TelecomWeb policy content packages; tariff consultancy Tarifica; and the Web-based business-telephony-product database TelecomTactics. To learn more about TelecomWeb, please visit www.TelecomWeb.com.
 
Media Contact:
Debra Wayne, managing editor, dwayne@telecomweb.com, 301/354-1801

SIP-Session Initiation Protocol – “Sick & Tired”

February 5, 2008 5:36 PM | 1 Comment
Do you ever get “sick and tired” of explaining the same stuff over and over. I seem to be caught in a SIP “sink hole” of trying my best to explain SIP and people still don’t get it. I concede that SIP is not easy and the entire concept of signaling is, outside of technical audiences, as much magic as why planes can fly. Here I go again, trying one more time to provide a tutorial to help because while the “propeller heads” get it, many others don’t but they often control the purse strings. Here goes and always appreciate feedback if you have any ideas on how to make it better. This tutorial describes the steps in a SIP Signaling and SIP Media Session.
 
SIP Signaling
User dials number 303-594-1694. SIP-URI-Uniform Resource Identifier is retrieved from DNS-Domain Name System - sip:tom@xyz.com;Transport=UDP. The SIP INVITE along with the SDP-Session Description Protocol is formatted into an Internet Message Format and encapsulated into ethernet and sent via the LAN Switch to the router and encapsulated into IP or IP-MPLS and UDP and the SIP INVITE is sent via TCP, UDP and other protocols to the destination proxy. The caller receives a 100 (Trying) response indicates that the INVITE has been received and that the proxy is working "on behalf of" to route the INVITE to the destination. The caller receives a 180 (Ringing) and begins ear ringing using an audio ringback tone or by displaying a message on the telephone screen. When the person called picks up the handset, the SIP phone sends a 200 (OK) response to indicate that the call has been answered. The 200 (OK) message contains a SDP-Session Description Protocol media description of the type of session that the other party is willing to establish.
SIP Media Session
User begins talking. Voice is transcoded into a CODEC, e.g. G.711, G.729. Voice is packetized. RTP is added and encapsulated in Ethernet and sent via the LAN Switch to the router and encapsulated into IP or IP-MPLS and UDP. If on-net IP network, converted to an optical data stream and sent via optical fiber to an internet or internal router. If off-net, channelized using a MG-Media Gateway to a TDM-Time Division Multiplexed channel and sent via an optical data stream to a Class 5 CO-Central Office switch for connections to the PSTN-Public Switched Telephone Network.
 
« January 2008 | Main Index | Archives | March 2008 »

Recent Entries

Recent Comments

  • Anonymous: I would like to tell my AT&T/Apple iPhone story.....I had read more
  • Anonymous Coward: Typical iPhone Owner: "I love hitting myself in the head read more
  • Michael: I like my Blackberry. I do real work with my read more
  • Anonymous: You say you hate everything that iPhone is associated with.... read more
  • TR: ihate my iphone. ihate apple. ihate att. They're all .... read more
  • dejaye: I learned from past windows upgrades and new os software...wait read more
  • iphoneuser: So I don't get it. You must be the only read more
  • iphoneuser: Surely, you figured out by now it was because the read more
  • Newaz: Hi there, i have been interested in SIP and i read more
  • Rich Guard: Tom, I enjoyed your tutorial on SIP signalling. Is there read more

Subscribe to Blog

Tag Cloud

Search


About this Archive

This page is an archive of entries from February 2008 listed from newest to oldest.

January 2008 is the previous archive.

March 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Categories

Around TMCnet Blogs

  • Communications and Technology Blog - Tehrani.com:
    Will we Ever See Rentable Netbooks on Trains?
  • On Rad's Radar?:
    Open Neutral Fair
  • VoIP & Gadgets Blog:
    Nokia N900 Maemo 5 Bakes in Skype
  • Communications and Technology Blog - Tehrani.com:
    Happy Thanksgiving 2009
  • First Coffee:
    Beazer and Salesforce.com, MultiFactor, CRM Mastery, Customer Effective, ILinc
  • On Rad's Radar?:
    Mainly Cellular News Tidbits
  • The Readerboard:
    Want To Make Money? Shape Up Your Voice Self-Service
  • VoIP & Gadgets Blog:
    iLive ISP209B Portable Speaker System Review - Alarm Clock

    • Latest Whitepapers

  • Seven Fundamental Plays from the Coaching All-Star Playbook
  • Building Blocks for a Solid At-Home Agent Program
  • Cost-Cutting Insurance for Customer Service
  • SIP Trunking ? 10 Things You Should Know
  • eBook: The Definitive Guide to Windows Application and Server Backup 2.0 ? Chapters 1-3
  • SQL Server Database Backup and Restore Planning
  • Deduplication: Effectively Reducing the Cost of Backup and Storage
  • Windows Server Disaster Recovery eguide
  • Leveraging Virtualization for Application Assurance
  • 11 Myths About Microsoft Exchange Disaster Recovery

    • TMCnet Videos

  • TMC Newsroom With Kelly McGuire - 11/24/2009
  • TMC Newsroom With Kelly McGuire - 11/23/2009
  • Telematrix 2
  • Telematrix 1
  • Business Video Briefing 5
  • Business Video Briefing 5
  • Business Video Briefing 5
  • Business Video Briefing 4
  • Interview with Verizon Labs
  • Interview with Awareness