Recently in SIP Category
The SIP Forum lists the following SIPconnect features and benefits:
- A Ubiquitous Approach. SIPconnect provides a common method for IP peering between SIP-enabled IP PBXs and VoIP service providers
- Standards Based. SIPconnect leverages existing SIP and related VoIP standards published by the Internet Engineering Task Force (IETF)
- Customer Cost Savings. Peering lowers service provider infrastructure cost and reduce the need for customer premises gateways
- Speed to Deployment. A commonly accepted, standards-based approach reduces the time and effort needed to integrate new products into a service provider network.
- Richer Feature Support. SIPconnect helps service providers deliver enhanced, personalized services to IP-PBXs and extends rich-media services enabled by IP-PBXs across service provider networks
- Quality of Service. Methods for handling QoS configuration, echo cancellation, DTMF relay, packetization rates, codec support and fax and data traffic are defined
- For end users in the small business or large enterprise, SIPconnect eliminates, or greatly reduces, the need for a costly gateway at the end user's site. In addition, new features from the service provider or the IP PBX vendor will be delivered more quickly.
- For VARs and Interconnects, the SIPconnect compliant service provider will handle the complexity associated with connecting the SIP Trunk to the legacy TDM world. This eliminates the need for a lot of integration and troubleshooting work and allows the partners to focus on other, revenue generating activities.
- For Equipment and Software Vendors (Application Servers, IP PBX Vendors, SIP Proxies), SIPconnect greatly reduces the time and resources required to verify interoperability in the network. This single item, interoperability, currently drains many man hours from the services and equipment providers that could be better used creating new and more exciting features. This in turns reduces the amount of revenue that could be realized from those new features.
- The SIP Trunking Service Provider that uses SIPconnect SIP trunks realizes higher revenue streams much more quickly. Network services are rolled out more rapidly, greatly reducing the time to revenue for new services and features. In addition, the service provider can greatly reduce the time and staff required to complete interoperability testing.
|
PRI |
IP Trunks |
|
Physical connections: Each circuit requires physical connection and costly termination hardware. |
Connections are virtual: Number of available trunks is a function of available bandwidth,
not physical termination hardware or circuits. |
|
Scaling up requires the installation of new circuits and additional termination hardware. |
Scales up or down easily and quickly (a software configuration change) and can offer automatic and on-demand burst capabilities |
|
Providing sufficient backup circuits to remote sites in an IPT-distributed architecture can negatively impact the ROI. |
Automatic IP re-routing capabilities allow practical geographic distribution of PSTN connectivity to sites with limited or no network redundancy |
|
Cost is usually per circuit per month |
A variety of pricing models (i.e. usage based) are likely to emerge, including on-demand capacity. Relative to PRI circuits and the associated supporting hardware, IP Trunking costs are likely to be significantly lower. |
|
Capacity planning & engineering is critical: Additional capacity must be planned well in advance since considerable lead time may be required for the ordering and installation of new circuits and termination hardware |
While capacity planning is still important, adding additional capacity can be as simple as a software change. Additionally, providers are likely to offer burst capabilities. |
|
Only way to accommodate loss of hardware or facility where PRI’s terminate is to build-in excess capacity with associated cost impact. |
Can be designed to retain PSTN reachability and capacity in the event of the loss of terminating hardware (or even an entire office location) without the need to build in excess capacity |
|
Including dispersed locations in most current IP Telephony deployments requires the addition of network redundancy or significant local PSTN connectivity (analogue or ISDN trunks) to ensure that individual locations can function autonomously in the event of a failure. These factors can add substantial Opex and Capex. |
Dispersed locations can be connected to the PSTN via an IP connection. Should a network failure occur incoming calls can be automatically rerouted to the isolated location. |
|
Diversity across service providers is usually cost prohibitive. |
Can accommodate diversity across service providers much like is done today with Internet access via BGP. |
Stumble It!
Yesterday, Toshiba announced that it has added SIP Trunking capabilities to its Strata(R) CIX(TM) family of IP business communication systems.
Toshiba begins its nationwide rollout of SIP Trunking capabilities with SIP carriers Cbeyond of Atlanta, Ga., and American Broadband Services (ABS) of Fresno, Calif., and will expand to additional carriers during 2008.
Coupling the product's IP Trunking capabilities with the two carriers is a smart move by Toshiba since potential customers will know that they can deploy a SIP Trunking-based solution nationally. In addition, it removes any concerns around interoperability and related support issues.
Key product features and benefits include:
- Offers ISDN-like features over a data connection
- Eliminates the need to buy separate circuit cards for voice
- and data
- Potentially eliminates the need and cost of a separate service
- Eliminates "wasted bandwidth" of unused PRI channels
- Allows bandwidth to be used for data when no calls are active
- Offers ability to host other services in addition to SIP Trunking, including IP Stations, SIP Stations, Toshiba's Strata Net IP, Voice Mail and ACD resources
- In addition to SIP Trunks, Toshiba's MIPU cards also support IP stations, SIP stations, Strata Net channels, and applications.
Other benefits related to SIP Trunking, and not mentioned in the press release, is that IP Telephony solutions can be deployed with enhanced redundancy and are much easier to scale. For a list of SIP Trunking benefits please see my previous article on the subject SIP Trunking Will Displace PRI..
Rick McCharles
Unified Communications Consultant, Toronto, Ontario, Canada
Stumble It!
Sensational title isn't it?
Pardon the sarcasm, but once again we are being bombarded with sensationalist blog and news headlines about the vulnerability of VoIP. The headlines would have you believe that recording any VoIP call is as simple as installing a utility on your PC. Sorry but, in a secure environment that's just nonsense.
I deem the stories to be counter productive and I question the motives. It's great to raise security awareness, but how about some perspective and some helpful advice? What I don't see in these blog posts and news articles, is any description of the environment or circumstance under which these attacks are possible. Nor do I see any advice on whether protection mechanisms are available.
Several months ago, I bought and read the book Hacking Exposed VoIP since so many security presentations and articles used this book as a reference. It was interesting, and I would recommend it for those who would like to understand VoIP and SIP vulnerabilities. However, what I discovered was that nearly all of the hacks / vulnerabilities described in the book were dependent on the fact that common security best practices had not been implemented or had been compromised.
The latest flurry is related to a monitoring utility named SipTap by Peter Cox at VoIPCode.org.
While it's true that VoIP is vulnerable to a wide variety of attacks, it is also true that nearly all (including this latest one) can be mitigated by sound security practices.
I won't go into a detailed tutorial but I will provide a quick list and some references for you to pursue:
- Secure the IP Phones preventing users from viewing or changing configuration parameters
- Encryption: Signaling, Audio Path and Administrative
- Use Certificates to authenticate humans and components that use the system
- Disable root access for telephony administrators
- Deploy AAA systems and procedures (Authentication, Authorization and Accounting)
- Carefully choose who is allowed to transfer calls to an external destination
- Deploy and maintain virus protection
- Disable all unnecessary services on phones and related systems
- Expire passwords
- Disable passwords following a number of failed attempts
- Impose content and length restrictions to passwords
- Impose rate-limiting mechanisms to thwart DoS attackes
- Deploy security monitoring and alarming systems
- Phones and devices should reject unsigned or tampered firmware
- Reject 802.1q traffic destined to, or from the PC switch port of the phone
- Segment voice and data traffic on separate VLANs (PC phones violate this best practice)
- Install properly configured firewalls (duh!)
- Secure all network devices (physically and logically)
- Phones should ignore gratuitous ARPs
- Perform DHCP inspection
- Implement VPNs for remote access
Enhanced Security for Unified Communications (Cisco)
Enterprise VoIP Security Best Practices (Juniper)
VoIP Security for Dummies (Avaya)
I don't deny for a second that SIP and VoIP have vulnerabilities and that they must be addressed. But, there's no going back to TDM. IP communications is here to stay and the vast majority of risks can be adequately mitigated. Many of the security precautions should already be in place if your network and IT environment is secure.
Rick McCharles
VoIP / IP Telephony Consultant, Toronto
RIC Services
Stumble It!
Long Distance, Audio Conferencing and Hosted IP Telephony
service providers have been taking advantage of the lower cost and scalability
of IP Trunking for years. Many of the current IP Trunking circuits are based on
the H.323 protocol. Nearly all new deployments however, employ SIP as the signalling
protocol.
While not yet widely adopted, IP Trunking for enterprise PSTN
connectivity offers significant advantages to enterprise relative to the common
PRI model. I am convinced, that there will be very few, if any, new PRI circuit
deployments in Canadian urban locations, within five years.
If you are about to migrate to IP Telephony you should
seriously consider, replacing your PRI and in some cases BRI or analogue trunks
with IP Trunks.
The
following table contrasts PRI vs. IP Trunks and highlights just some of the
compelling advantages enabled by IP Trunking.
|
PRI |
IP Trunks |
|
Physical connections: Each circuit requires physical connection and costly termination hardware. |
Connections are virtual: Number of available trunks is a function of available bandwidth,
not physical termination hardware or circuits. |
|
Scaling up requires the installation of new circuits and additional termination hardware. |
Scales up or down easily and quickly (a software configuration change) and can offer automatic and on-demand burst capabilities |
|
Providing sufficient backup circuits to remote sites in an IPT-distributed architecture can negatively impact the ROI. |
Automatic IP re-routing capabilities allow practical geographic distribution of PSTN connectivity to sites with limited or no network redundancy |
|
Cost is usually per circuit per month |
A variety of pricing models (i.e. usage based) are likely to emerge, including on-demand capacity. Relative to PRI circuits and the associated supporting hardware, IP Trunking costs are likely to be significantly lower. |
|
Capacity planning & engineering is critical: Additional capacity must be planned well in advance since considerable lead time may be required for the ordering and installation of new circuits and termination hardware |
While capacity planning is still important, adding additional capacity can be as simple as a software change. Additionally, providers are likely to offer burst capabilities. |
|
Only way to accommodate loss of hardware or facility where PRI’s terminate is to build-in excess capacity with associated cost impact. |
Can be designed to retain PSTN reachability and capacity in the event of the loss of terminating hardware (or even an entire office location) without the need to build in excess capacity |
|
Including dispersed locations in most current IP Telephony deployments requires the addition of network redundancy or significant local PSTN connectivity (analogue or ISDN trunks) to ensure that individual locations can function autonomously in the event of a failure. These factors can add substantial Opex and Capex. |
Dispersed locations can be connected to the PSTN via an IP connection. Should a network failure occur incoming calls can be automatically rerouted to the isolated location. |
|
Diversity across service providers is usually cost prohibitive. |
Can accommodate diversity across service providers much like is done today with Internet access via BGP. |
Telecom Consultant, Toronto
RIC Services
Stumble It!
