Category

Articles

Quorum and Gerrymandering : Thoughts on managing failover in a distributed HA system

By | High Availability Distributed Services | No Comments

Defining Quorum

Quorum is defined as the number of voters necessary to carry an election or vote.  We would like to ensure that all services carry on functioning  under various failure mechanisms. We need to ensure that our high availability computer systems have access to valid authoritative data at all times.

The Problem

We have found some failure cases where everything still works, except the Raft based HA services.  The reason is that there are not enough members of the electorate available to form a consensus. Read More

Diagnosing SIP issues: one way audio, gaps in sound, registration errors, SIP ALG

By | SIP Diagnostics and Quality of Service | No Comments

Session Initiation Protocol (SIP) can get quite complicated, especially when products from different suppliers are mixed.  SIP issues are difficult to diagnose!

A SIP call relies on DNS, NTP, routers, switches, SIP proxies, media proxies and end devices.  Each component must work as expected… There are a lot of ways that this can break!

The usual suspects for the weird failure of call setup:

  1. Network MTU and SIP UDP
  2. Router: SIP ALG
  3. DNS failure
  4. NAT / Port Forwarding

The usual suspects for call quality issues:

  1. Network dropping packets
  2. Router load
  3. Prioritising Traffic /QOS

There are a few tools which are very useful in figuring out why a call or message did not flow as expected:

  1. SIP dialogs and transactions
  2. Call flow visualization
    1. homer
  3. Commandline tools
    1. ngrep
    2. sngrep
    3. tcpdump
  4. Network issues
    1. NAT
    2. Packet loss / jitter / latency
    3. wireshark

Automated test environment: SIPP, SIP Treadmill …

Introduction to VoIP Security. Managing Risk of Telecom Fraud, Brute Force Attacks and Call Interception

By | SIP and Asterisk Security: Combating fraud, Artificially Inflated Traffic, Brute Force Attacks ... | No Comments

There are many aspects to phone system security which apply to both traditional and internet based telephony. Voice over IP (VoIP) systems bring additional threats, but offer some mitigations.In this article we look at VoIP Security in particular exploring some of the threats and how they can be managed. We will review some known exploits and offering some advice to mitigate and manage the risks.

As a business owner or decision maker it makes sense to concentrate on adding value to your business. There is a strong case for using a hosted managed phone service to mitigate your legitimate security concerns.

[[voxbit.net/orders|Look at Voxbit products]]

Comparing threats: On Premise  v. VoIP Security

Fraudulent calls

Fraudulent calls / Artificially Inflated Traffic (AIT)
Toll fraud, AIT, etc

Securing Devices

dictionary attacks , brute force attacks, Intrusion Detection
Management GUI security
LAN access to devices… remote dialling
Securing devices (phones and phone system security)
fail2ban speed

Securing Dialplan

Call transfer is a threat vector especially on voicemail and forwarded calls …
Securing Dialplan (voicemail and transfer features as threat)

Profiling, Monitoring and Response

Profiling, Monitoring and Automated Response

Privacy and Call Interception

Privacy / Snooping / Call Interception
Tampering / redirection / man in the middle / replay
Presence / State

Privacy and Recorded Media

Authorised Users,
Privacy of recorded media eg Call Recordings and VoiceMail
Privacy of usage data : Call Data Records (CDR’s), user details etc

Data Protection

ISO 27001

 

Conclusion and Recommendation

Managing a phone system is difficult. In particular keeping up with the changing threat environment and risk exposure is technically challenging, time consuming and potentially very expensive. Voxbit Ltd have committed a lot of time and effort to implementing and improving best practice. We have developed a secure robust managed service, allowing our customers to spend their time running their business. We look after their phones.

As a business owner or decision maker it makes sense to concentrate on adding value to your business. There is a strong case for using a hosted managed phone service to mitigate your legitimate security concerns.

[[voxbit.net/orders|Look at Voxbit products]]