Category: SIP
-
/
Getting ready for VoIP "botnets" that attack SIP systems…
Continue Reading: Getting ready for VoIP "botnets" that attack SIP systems…Over on the Voice of VOIPSA weblog, I just posted “Ready or not… here come the IRC-controlled SIP/VoIP attack bots!” Given the sheer number of VoIP security tools out there, I think I and most others involved with VOIPSA figured it was only a matter of time before someone automated the attacks. Did I hope that the creation of “bots” could have held off for a bit longer? Definitely… but we have to play with the cards we are dealt.
I tried in the article not to hype the threat… that we are aware of, there are not massive botnets out there waiting to attack VoIP systems. But there is now a proof-of-concept “bot” out there and those of us dealing with VoIP security have to look at how that could impact us.
And it’s definitely a sign that we as an industry really have to get security locked down on SIP systems!
Technorati tags: voip, voip security, security, voipsa, botnets, SIP, bots, SIP security -
/
IETF approves RFC standard for adding dialstrings to SIP
Continue Reading: IETF approves RFC standard for adding dialstrings to SIPIn the usual (and ongoing) flurry of IETF announcements, there was one notice that caught my attention. It announces that an Internet Draft document about “dialstrings” has been approved to become a standards-track RFC. So what, you say? Well here’s a bit more info:
This document provides a way of incorporating a dial string into the SIP or SIPS URI scheme. A dial string is a cousin of a telephone number, but rather than taking the form of a fully-qualified E.164 or national-specific telephone number, it is a description of a literal set of dialed digits that would be delivered over a POTS line. As such, it may include pauses, omit prefixes like area codes, and its applicability is necessarily restricted to a particular context (an enterprise, a LATA, etc). Support for dialstrings was formerly a feature of the tel: URI scheme specification (back in RFC2806); since that functionality did not make it into the revision (RFC3966), it is provided here specifically for the SIP and SIPS case.
Think of it as extra digits you have to type when making a call… or extra keys you have to press to start a service. The challenge is that SIP proxies and…
-
/
Mitel connects directly to Microsoft Exchange Server 2007 via SIP
Continue Reading: Mitel connects directly to Microsoft Exchange Server 2007 via SIPIn my incredibly long queue of things I’ve wanted to write about for the past few weeks, one item was the Mitel news release about making a direct SIP connection to Microsoft Exchange Server 2007 Unified Messaging. The cool part is that you can just use our basic 3300 ICP communications platform (or IP-PBX, or whatever you want to call it) and connect it directly into a Microsoft Exchange Server to use the Exchange Server for a unified inbox (email, voicemail, fax, etc.). No other boxes or gateways necessary. Just a nice, standard SIP trunk. As a long-time proponent of open standards and general “standards geek”, it really can’t get much better. It’s great to see.
Technorati tags: mitel, microsoft, exchange, voip -
/
Attaining BLISS… (at least in the world of SIP)… a.k.a. why can’t we all just get along?
Continue Reading: Attaining BLISS… (at least in the world of SIP)… a.k.a. why can’t we all just get along?So you’d like your SIP phones to all work together, eh? And you’d like your SIP phone from Vendor A to work with the SIP phone of Vendor B and yet give you the business functionality that you used to have in the PBX from Vendor C?
Good luck.
Yes, they will (or should!) all work together for basic call functions, but if you want to do more than just the very basics, you rapidly wind up in the realm of incompatible SIP implementations. Different vendors support different RFCs… or interpret RFCs differently. It’s a challenge to go beyond basic functionality.
Enter “BLISS“, one of the latest working groups coming out of the IETF. It stands for “Basic Level of Interoperability for SIP Services” and, as noted in its charter, the intent is to define a basic set of functionality (“minimum interoperability requirements”) to allow SIP endpoints to interoperate on 4 specific telephony services:
- Bridged/Shared Line Appearance (BLA/SLA)
- Call Park/Pickup
- Do Not Disturb (DND)
- Call Completion to Busy Signal/Call Completion on No Reply
More details are on the charter page. These are just the initial four issues chosen to be addressed and Internet-Draft documents are already circulating on…
-
/
Tom Keating reviews "pbxnsip", an inexpensive IP-PBX based on Windows with a focus on security
Continue Reading: Tom Keating reviews "pbxnsip", an inexpensive IP-PBX based on Windows with a focus on securityNoticed today that Tom Keating has a review up on “pbxnsip“, which has the interesting twist of being a low-cost PBX solution running on Microsoft Windows. Most other inexpensive or open-source software-only PBX solutions tend to run on Linux, and indeed, pbxnsip does have Linux versions (and apparently NetBSD although they are not listed… perhaps they just run the Linux version). I first actually learned of pbxnsip some time ago at one of the various VoIP tradeshows when I was struck by the fact that they were advertising security as the main point in big letters on the background to their booth. In fact, security is #2 on their list of “reasons to buy”:
It addresses security. The pbxnsip PBX uses https, sips, SRTP and sdes to make the communication to your PBX secure. Using sdes-capable devices, your voice calls will stay as secure as your https traffic.
Well, gee, given my background, it’s not hard to imagine that any vendor that basically leads with security gets some extra points in my book. (Especially since doing so has the potential to paint a big red target on your back to all the attackers out there who like to debunk claims…
-
/
Dean Elwood: "Why SIP Doesn’t Need OpenID"
Continue Reading: Dean Elwood: "Why SIP Doesn’t Need OpenID"Dean Elwood over at VoIPuser.org has taken up the question about Open ID with his post “Why SIP Doesn’t Need OpenID“. Dean suggests that the problem really lies between servers:
The problem of identity authentication actually resides in the server to server realm in a peered environment. How does sip.fwd.com know for sure that a peered call request is really coming from sip.voipuser.org?
Good question… and one that Dean believes can be solved through the use of the already-standardized Open Settlement Protocol (OSP).
The conversation continues…
Technorati tags: identity, openid, SIP, VoIP, OSP -
/
Rich Tehrani hops on the Mitel "Presence" tour bus… at least for a day…
Continue Reading: Rich Tehrani hops on the Mitel "Presence" tour bus… at least for a day…Scanning RSS feeds early this morning, I was pleased to see that Rich Tehrani will be speaking at our “Presence 2007” event in Costa Mesa, CA, today. I’ve known the tour was going on, but wasn’t tracking who was speaking at the various stops. Glad to see Rich there… I’m sure he’ll give a great talk for whoever attends. The good news for Rich, too, is that at least he was flying out of the New York area yesterday instead of the day before when the glorious storm played havoc with air travel all over the northeast.
Technorati tags: mitel, presence, rich tehrani, sip, unified communications -
/
Techtionary.com provides animated “SIP Essentials” tutorial…
Continue Reading: Techtionary.com provides animated “SIP Essentials” tutorial…(Originally posted at http://dyork.livejournal.com/256998.html)
Tom Cross over at Techtionary.com dropped a note to let me know that his team had released a ‘fastcast’ on the topic of “SIP Essentials”. Not having a clue what a “fastcast” was, I found the answer in Tom’s news release:
Fastcasts are fast-track audio/video animated 10-60 second advertorials for web, webseminar, PC and iPod formats.
Not sure how much traction the word will really get, but there you have it. Tom’s SIP tutorial looked quite interesting in the bit that I explored, with sections on:- SIP Basics
- SIP Trunking
- SIP QoS
- SIP Firewalls and Security
- SIP Applications
- SIP TCO-Total Cost of Ownership
- Integrated/Converged Access
- Key VoIP Options – IAS, Hosted, Managed
- SIP Total Tutorial with Future Outlook
Tom’s making it available at no cost right now so I’d recommend people check it out.
Just one note of caution… once…
