nurango - ContactCenterWorld.com Blog
There are many Benefits to implementing SIP Trunking. Are you taking advantage yet?
Before discussing the benefits of SIP trunking, you should first know what SIP trunk is. A SIP trunk is a logical connection that uses SIP or (Session Initiation Protocol) to set up communication over the internet between a customer location and an internet telephony service provider (ITSP) which transfers the SIP calls to a PSTN (Public Switched Telephone Network). This sort of telephony connection is a boon for various businesses, especially small scale organizations that need to make regular local, STD as well as international calls and have to take a dedicated line from a telephone provider. To define it in short, 'SIP is the real-time communication procedure for VoIP phone system'.
Communication, that too effective and uninterrupted communication is one of the most essential requirements of any business today. If organizations are unable to interact and keep in constant touch with their clients, then they are going to lose out both on existing as well as prospective clients. With the latest SIP technology communication will not only be fast and efficient but also very cheap. Companies that have numerous branches scattered all over the world can also benefit immensely from this telephony system. Even if they make international calls, it would cost them the same as a local call.
With the advent of VoIP (Voice over Internet Protocol) technology, businesses can make calls over a broadband connection that allows them to make cheap or free calls, calls to various places even when they are not in their centralized location; employees can get connected from home or nay other remote area and host of other such benefits. The hosted VoIP phone system also offers tailor made and customized packages to suit every business needs. But even if the benefits are immense, many organizations deter from removing their traditional PBX systems completely, with the fear of losing control over their personal PBX system. This where the usage of SIP trunking comes in, which allows companies to preserve their traditional PBX system whilst running hosted VoIP functionality simultaneously.
What else does SIP Trunking have to offer?
As mentioned earlier, it reduces calling cost to a great extent and you can turn all calls to local calls. Since calls travel over the internet, or through the VoIP phone system to a termination point, the charges on long distance calls are reduced.
SIP trunking also reduces the costs on separate voice and data connections and increases the benefits for communication systems using both voice and data together.
The capacity of this sort of phone system is huge with the potential to serve an entire organization, irrespective of its size. Big MNC's or multi-size organizations can use a single SIP trunking account rather than multiple PRI connections.
As business grows, the communication can grow easily without having to make gateway or card investments.
There is no more the need to use wires in bundles; communication can be transferred digitally with the help of this technology.
This is one of the smartest decisions any business organization can take. They can save money on all their communications and invest it in other areas and increase productivity. Moreover this is one of the best ways to keep in constant touch with partners, clients, employees at various locations, customers, vendors etc. What's more, this method can be used for three way calling, conferencing, traditional voice calls, instant messaging, application sharing and any other facility that a business requires to prosper.
Publish Date: March 15, 2016 5:00 AM
Free Phone Service? Hmm, what's really in it for you?
There are plenty of free based calling solutions these days, you may have tried a few yourself. I’m talking of course about applications such as Google Hangouts and Facebook Messenger, and a plethora of other applications available in your local app store. We’ll be looking at the practicality of these services in a business environment. The down sides on a corporate level should be fairly obvious when stacking up more advanced features, so today I will be focusing on Startups and entrepreneurs.
We can categorize the differences into 3 parts. Features, Reliability and Scalability.
Free services mostly allow you to make outbound calls. Some only allow you to call users on the same application, while others have Unlimited Canada and U.S. Calling. This can be useful if you are just getting started and need to make a quick long distance call to a potential customer or suppliers but what about when you need to leave a callback number? This is the first issue that may arise. There are ways to obtain a VoIP based phone number such as Freephoneline and enum. Google Hangouts and Skype also have purchasable Virtual Phone Numbers. However, if you have ever received a call from a random long distance number and been asked to call back on a completely different number, you’ll know the general “vibe” it gives out. In fact, a quick Google search by a savvy user will often bring up results indicating it could be a Free based calling service, followed by several angry complaints as the Caller-Id’s are often linked to mis-use. In this case, I really do blame the internet..
Moving along, let’s look at some other considerations and limitations to free based calling services.
So what about features you say?
Wanted! Call Quality
You’ve heard the old saying ,“You get what you pay for”, well here it is again. You should expect to receive better and more reliable call quality from a service you pay for, bottom line. How can they afford these free calls anyway!?
A Professional Caller-ID
You can set your Caller ID so that Customers can see your Business phone number show up when you call them. Showing that your local or a familiar face can often get you farther than a stranger. They can also call you back from the display in their call log should they desire.
More Call Handling Options
Premium solutions will offer additional call routing methods such as where to send calls when you’re not available. Voicemail, another phone number perhaps. Even voicemail to email and Music on Hold are pretty standard features to take advantage of these days.
Sure people will have your Business number, but isn’t that better than giving out your personal cell phone?!
What about Reliability?
What happens if you have a technical problem? Well there generally aren’t any uptime guarantees and the absence of any “Service Level Agreement” means you’re really on your own at that point. Without proper support or a go to knowledgebase to find help, you’ll soon be in the business of being your very own VoIP support company, woohoo! So, if one day you find out that your phone number is not working or the free based service is going under, you’ll lose all of your hard work of making people aware of your shiny new number.
Ok, and lastly, what about Scalability?
I most commonly see startups begin by obtaining a phone number and forwarding it to their mobile phone. When they begin to expand you now have the ability to provide your colleagues with their own personal phone numbers. This certainly works in some environments. The more common solution is to obtain an Auto Attendant or “IVR” (Interactive Voice Response” Menu. This allows you to create a personalized greeting for your callers and have routable extensions such as; “For sales press 1” or “If you know the extension you’d like to reach...”. This is a great first step in unifying your team while making a smaller organization seemingly both larger and more professional. Moreover, that original phone number has grown up in the company with you.
I hope I was able to settle some of the debate on what type of VoIP or Phone service you should consider during your Startup and I wish you all the best success in your business venture!
Publish Date: December 8, 2015 5:00 AM
So you're starting a business and need Phone Service, what now?
When starting a business, a phone line is probably one of the first things that comes to mind. Some might call their local phone company right away, while other savvy entrepreneurs may shop around for virtual or VoIP phone service options only to discover there is a whole other world out there. So what should you do and what do you need to ensure a minimal start-up cost for what you need while allowing for expansion in the future?
Ask yourself, what are your telephone needs?
Will you be working from home mostly, or from the road? Is it a mixture of both?
Will you have more than one person that needs phone communications in the business?
Do you plan on getting office space down the road and will you hire more employees? If you have done a business plan these answers may be on hand and have possible timelines attached to them.
Finding the right company...
Do they offer services that best fit your business model right now?
In most all cases I would avoid the local telco. The may offer some type of Virtual or VoIP services but usually are attached to a regular phone line, include no extras and have costly forwarding minutes. I do however recommend a Single Number Forwarding type service where you pick up a local phone number that you can forward to your mobile, attach to a VoIP softphone, or even a mobile device softphone for VoIP.
Do they allow for future growth with other services?
When you bring on other people in the business or want to give your company that fortune 500 feel you may look at an Auto Attendant service (press 1 for sales, press 2 for billing, etc). If expanding beyond your domestic market you might want a Toll Free number at some point also. Make sure you know the cost of additional lines as well as the features they come with. Be aware of any introductory offers that may tip the scales when adding these additional lines or features. At some point when you grow you will look at a more robust IP-PBX Phone System with additional capabilities. Find out if the VoIP company offers this type of service and if you can easily transition your services and virtual phone number over when the time comes.
Do they have support on your schedule?
This of course ranges on a per company basis and you may have specific needs. Daytime, night time, do they respond within 2 hours or 2 days?
Will the company make recommendations and help you decide what packages and features are best suited for you at the time or are you left with figuring out the setup and options on your own?
I hope this article provides some valuable insight into one of the most important business tools any company, large or small will need.
Thanks for reading and good luck!
Publish Date: April 20, 2015 5:00 AM
The following implementation of IPtables and Fail2Ban will HELP protect your asterisk box from malicious and Brute Force attacks. This solution is NOT and should NOT be your own line of defense in PBX security, but it is without question an essential.
SECURITY NOTE: fail2ban is rather limited in its ability to detect attacks against asterisk.
More info http://forums.asterisk.org/viewtopic.php?p=159984
Lets Get Started:
Install rpmforge or optionally fetch the fail2ban rpm directly from rpmforge.
Install fail2ban using yum:
yum install fail2ban
apt-get install fail2ban
Change directories to /usr/src:
Download and extract Fail2Ban (check for newer releases):
tar jxf fail2ban-0.8.11.tar.gz --(using yum? "yum install fail2ban")
Enter the Fail2Ban directory you just extracted:
Make sure python and iptables are installed:
yum install python iptables
apt-get install python iptables
python setup.py install
Install the Fail2Ban init script (for source installations):
Centos/Red Hat (if you installed via yum/rpm, the init script has already been installed):
cp /usr/src/fail2ban-0.8.11/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
For other distributions' init scripts, please refer to documentation specific to them.
We need to create a configuration for Fail2Ban so that it can understand attacks against Asterisk.
Create a new filter configuration for Asterisk:
The contents of /etc/fail2ban/filter.d/asterisk.conf should be the following:
# Fail2Ban configuration file
# $Revision: 250 $
# Read common prefixes. If any customizations available -- read them from
#before = common.conf
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# Values: TEXT
# Asterisk 1.4 use the following failregex
failregex = NOTICE.* .*: Registration from '.*' failed for '' - Wrong password
NOTICE.* .*: Registration from '.*' failed for ':.*' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register
NOTICE.* .*: Registration from '.*' failed for '' - ACL error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
NOTICE.* failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from \)
NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@;.*
NOTICE.* .*: Sending fake auth rejection for device .*\<sip:.*\@\>;tag=.*
# In Asterisk 1.8 use the same as above, but after add :.* before the single quote. This is because in Asterisk 1.8, the log file includes a port number which 1.4 did not.
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
If you're having issues with your system not banning properly when the "Registration from" section in your log file contains a quotation mark (") as in this example:
Add the following line, with the others above, in asterisk.conf:
NOTICE.* .*: Registration from '\".*\".*' failed for '' - No matching peer found
Recently noticed attacks:
Adding the following line will block these attempts:
NOTICE.* .*: Registration from '\".*\".*' failed for '' - Wrong password
Next edit /etc/fail2ban/jail.conf to include the following section so that it uses the new filter. This does a 3-day ban on the IP that performed the attack. It is recommend to set the bantime in the [DEFAULT] section so if affects all attacks. It is also recommend to turn on an iptables ban for ssh, httpd/apache, and ftp if they are running on the system. Be sure to edit the sendmail-whois action to send notifications to an appropriate address:
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
logpath = /var/log/asterisk/messages
maxretry = 5
bantime = 259200
note: logpath = /var/log/asterisk/messages is for vanilla asterisk, use logpath = /var/log/asterisk/full for freepbx. You can check the name of the log file in logger.conf.
note: if fail2ban still failed to identify login attempts, try the syslog logging way.
Don't Ban Yourself
We don't want to ban ourselves by accident. Edit /etc/fail2ban/jail.conf and edit the ignoreip option under the [DEFAULT] section to include your IP addresses or network, as well as any other hosts or networks you do not wish to ban. Note that the addresses must be separated by a SPACE character!
We must change how Asterisk does its time stamp for logging. The default format does not work with Fail2Ban because the pattern Fail2Ban uses that would match this format has a beginning of line character (^), and Asterisk puts its date/time inside of . The other formats that Fail2Ban supports, however, do not have this character and can be used with Asterisk.
To change this format, open /etc/asterisk/logger.conf and add the following line under [general] section (You may have to create this before the [logfiles] section). This causes the date and time to be formatted as Year-Month-Day Hour:Minute:Second, [2008-10-01 13:40:04] is an example.
Then reload the logger module for Asterisk. At the command line, run the following command:
asterisk -rx "logger reload"
If for some reason you do not want to change the date/time format for your normal asterisk logs (maybe you already have scripts that use it or something and do not want to edit them), you can do the following instead:
In /etc/asterisk/logger.conf, add the following line under the [logfiles] section for Asterisk to log NOTICE level events to the syslog (/var/log/messages) as well as its normal log file. These entries in syslog will have a Date/Time stamp that is usable by Fail2Ban.
syslog.local0 => notice
Be sure to reload the logger module for Asterisk — check above for the command to do so. If you chose this option, you will also have to change the /etc/fail2ban/jail.conf setting under the [asterisk-iptables] section for the logpath option to the following:
logpath = /var/log/messages
Turning it On
Now it is time to put fail2ban to work. There are a couple steps we need to do first.
Turn IPTABLES on
By default, iptables allows all traffic. So if we turn it on, it will not block any traffic until Fail2Ban creates deny rules for attackers. You should create your own firewall rules and setup for iptables, but that is beyond the scope of this guide. Just know that Fail2Ban, by default, inserts rules at the top of the chain, so they will override any rules you have configured in iptables. This is good because you may allow all sip traffic in and then the Fail2Ban will block individual hosts, after they have done an attack, before they are allowed by this rule again.
To start iptables, run the following as root:
Depending on your install, you may or may not have the iptables init script installed. Please refer to an iptables install/setup guide for your distribution for more information.
Turn on Fail2Ban
To start Fail2Ban, run the following as root:
If both started properly, issue the following command to view your iptables rules:
iptables -L -v
You should see something like the following for the INPUT chain (you will see more if you have other Fail2Ban filters enabled):
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2104K 414M fail2ban-ASTERISK all — any any anywhere anywhere
If you do not see something similar to that, then you have some troubleshooting to do; check out /var/log/fail2ban.log.
If you do not see all your rules, or if you see a different subset of rules after stopping and restarting fail2ban, you may be experiencing the issue described on this page on the Fail2ban talk:Community Portal and may wish to use the suggested fix:
You can also test the filter regex expressions using:
$fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf
$fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf
NOTE: The above rules test Asterisk and SSH rules against your log history.
A large portion of information was taken from bulak and dominic16y from voip-info:
For information on creating IPtable rules:
For checking ban list and removing IPs etc check out this tutorial: http://www.cyberciti.biz/faq/linux-howto-check-ip-blocked-against-iptables/
Testing info provided from:
Update for 2015:
As of the latest Fail2ban install via rpm (yum install fail2ban), asterisk and FreeSWITCH rules are included by default. Simply open /etc/fail2ban/jail.conf (CentOS) and enable the appropriate filters.
Publish Date: April 20, 2015 5:00 AM
An IP-PBX is the new generation of SME phone system which can leverage Voice over IP technology and Unified Communications. Its flexibility allows any type of business model to have a custom tailored solution based on the individual needs, unlike legacy systems that often require you to adapt to them.
While some companies prefer an on-site system, a hosted PBX will provide you with the same features but with a lower start up and TCO. Here are 5 reasons why you want to switch to an IP-PBX phone system.
1) SIP Trunking
This technology is the most common transport method for IP Communications or, Voice over IP. SIP trunking allows not only voice but also data across the network such as video and SMS enabling video calls, conference calls and data lookup for Caller ID and CRM purposes. Another major benefit of VoIP is the ability to connect calls long distances across the internet while passing off calls to the PSTN network only when reaching the calls last internet hop. This in turn is one of the main reasons that VoIP can significantly reduce costs in your local and long distance phone bill and even connect calls for free between branch offices and remote workers. IP communication also trades up an expensive PRI for a full or fractional T1 or an existing high speed internet connection.
2) Virtual Numbers
Using VoIP and Direct Inward Dialling (DIDs) you’re able to obtain Virtual phone numbers to connect to your phone system at a very reasonable cost. This means that multiple site locations can have many different phone numbers routed over the internet to even a single phone system without the need to have equipment in that particular city or country. This is very useful for routing calls to different departments such as customer service, technical support groups and call queues. This functionality has many valuable applications. I once worked with a call center that put ads in various locations for job applicants in order to determine the best city for its new location. They were able to see where the most interest was coming from based on the local DID that was called most often.
3) Remote Workers
The need for Remote Workers comes in many different forms. Mobility is often critical for on the road sales reps, technicians, executive trips, and in various types of on the road positions. Perhaps an employee is out sick for the day and you can’t afford to have other employees affected, or maybe their child is sick at home and they are forced to take the day off. Whatever the case, IP Telephony allows you to easily forward calls from an extension to an employee’s cellular phone, remote Softphone, or IP telephone. Employees also have the ability to retrieve voicemail, receive faxes by email and make outbound calls. When connected remotely to the phone system using VoIP technology, features such as forward, barge and application integration can remain seamless.
Cut over time is a common issue when moving locations as is changing and moving employee extensions and lines. Down time and installation can often be a headache when you have an employee move locations or leave or join the company. Phone provisioning is usually needed as well as calling in a technician to add or move equipment and lines around. With IP telephony you have the ability to move your equipment without such issues, whether it be the complete infrastructure to a new, or the existing office location. On the phone system side this can be as simple as plugging in your system to the Ethernet cable and be back online, or moving an IP phone to another location and simply re-connecting the Ethernet cable. No analog re-wiring is necessary and if you use Virtual phone numbers (DIDs) your calls will continue to route to your new location.
In the case of a disaster, a hosted PBX or VoIP provider would be crucial to ensure down time is minimized and recovery time is maximized.
Either you’re paying way too much to conference, or you haven’t bothered because of the cost and complex nature. Many IP-PBX phone systems come out of the box with conferencing ready to go. You can support hundreds of users in a single conference with no shortage of features. Attendees can join either from an outside line or over the internet via IP phone to eliminate tying up your DID capacity. Self managing your conferences is an easy task and can save you thousands of dollars within a short period of time.
First written on Thursday, 22 July 2010 04:06
Publish Date: December 16, 2014 5:00 AM
Many people are new to VoIP technology and wonder what type of savings and setup is involved. Below is a brief comparison that I hope may be of some help.
There are some immediate cost saving advantages with more long term benefits that follow with Total Cost of Ownership. The key areas to focus on would be; equipment, talk time, and features.
With traditional phone systems it's pretty straight forward. A PBX, some phones, and dozens of wires plugged into a patch panel. VoIP introduces a bit more flexibility into the fold by offering smaller and mid-sized solutions.
IP phones: Stand alone VoIP phones that plug directly into an internet cable for single use.
Softphones: Computer based software when configured will make and receive calls from your computer.
IP-PBX: This is the equivalent of a traditional PBX phone system that instead, uses a network cable to send and receive calls over the internet without the use of POTS (Plain Old Telephone System).
Pricing can vary based on the company or type of IP-PBX you purchase. This ranges from licensing per seat to Open Source technologies without licensing models. VoIP uses an internet connection rather than pulling in a separate line for your analog phone service. If you’re interested in bandwidth per call information you can check out a bandwidth calculator here. Analog phone cards are quite expensive in comparison to a full VoIP solution but an IP-PBX has the flexibility of combining both technologies on the same system.
Legacy: With your traditional phone service provider you would typically pay per fixed line which includes local calling. Long distance is charged separately at high rates. Examples of this are .10 for Canada and .15 to the USA. International destinations would vary depending on your provider.
VoIP: The VoIP market being much more competitive allows providers to partner with various carriers to complete their VoIP to PSTN network. This creates a larger market and in turn creates a demand for higher quality and lower cost routes. The equipment needed is reduced as the voice traffic is travelling across relatively inexpensive internet connections, which in turn lowers calling costs. North American calling can be accomplished for as little as .01 and International calling at a fraction of your traditional phone service rates. Lines can be obtained on a per trunk basis or per minute billing.
Many of our phone features that we have come to rely on such as voicemail, caller ID, 3 way calling and faxing have been bundled as packages and charged for additional fees. VoIP systems include many features considered to be standard without hidden costs and over charges. This is due to the flexibility of having many features built into the phone system out of the box.
VoIP providers have broken out of the box to provide feature rich and flexible calling solutions for small, mid and larger based businesses. Traditional phone companies have long relied on their reputation and domination of the communications industry and will have to adopt the 2.0 mentality that is rapidly evolving.
Our First ever blog post orginally written Monday, 21 December 2009 13:44
Publish Date: December 16, 2014 5:00 AM
Linux and SIP hack attempts are all too common. There are dozens of stories out there including a client of mine that incurred $18,000 in losses. Here are a few tips on securing your IP-PBX Phone System.
1) Make sure all passwords are changed from the defaults immediately.
mysql asterisk --execute="UPDATE mysql.user SET Password=PASSWORD('XXXX') WHERE User='root';"
mysql asterisk --execute="FLUSH PRIVILEGES;"
- Don’t forget the Admin passwords if any through the Admin GUI.
- Only login with a standard user account and use “sudo” when needed.
- Consider changing the SSH port to something other than 21
- Use Complex SIP Passwords for Extensions and Trunks!
2) If using VoIP -
- Use IP AUTHENTICATION with your SIP Provider!! Avoid registrations with passwords at ALL costs if you can!
- Instead of using a registration string use “Qualify=yes”.
3) Things to notice in your CLI: "Pinball activity”.
Multiple Messages such as "wrong password for ext xx" or "attempting to register but host is not dynamic" etc. Basically random messages with IP’s that you do not recognize. Don’t confuse them with your remote agents though! Use IPtables to block malicious IPs.
iptables -A INPUT -s x.x.x.x -j DROP (add blocked IP)
> /etc/init.d/iptables save (save settings)
To allow ONLY specific IPs
iptables -A INPUT -s “friendlyip.1” -j ACCEPT
iptables -A INPUT -s “friendly.ip.2” -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT # yes, accept connections from localhost.
iptables -A INPUT -s 0/0 -j DROP
- Don’t Ban yourself! Add your remote IP if needed and your ISP/Router/Gateway.
4) There are more root password hack attempts than SIP registration hacks due to linux hack attempts versus targeted SIP hack attempts. Lock down remote SSH wrong password attempts.
1. Open /etc/pam.d/sshd in a text editor.
2. Right before @include common-auth, add the following on its own line:
auth required pam_tally.so deny=3 unlock_time=120
3. Right before @include common-account, add the following on its own line:
account required pam_tally.so reset
- See also: /var/log/auth.log and /var/mail/root for unauthorized access and attempts.
5) Disable un-needed services such as FTP, TFTP, and any other remote access services not needed.
6) Install Fail2Ban - Scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IPs that make too many password failures. It also updates firewall rules to reject the IP addresses.
7) Restrict Default Access -
1) Bind your mysql server to localhost. To do this you need to edit /etc/my.cnf and set "bind_address=127.0.0.1"
2) Enable host based access on your httpd.conf. If you are using the apache server on your local network only, it would be wise to do a bind address to the local network interface
8) Asterisk Based -
1) Edit /etc/asterisk/manager.conf and change 0.0.0.0 to 127.0.0.1
2) Ensure "allowtransfer=no" in /etc/asterisk/sip.conf
Good luck and safe calling!
Download pdf version
Publish Date: December 16, 2014 5:00 AM