1/48. The OpenSource PBX. by Dreamlab Technologies AG

(1)

1/48

(2)

INTRODUCTION 2/48

(3)

Speaker

 André Roth [email protected]

 Solution Architect

(4)

Dreamlab Technologies Ltd

 IT & Security Standards Competence Center founded 1998 in Berne  Key Competences

–Information Security –Information Management

–IT Infrastructures based on open standards

 Areas of work

–Industry & Businesses

–Government Agencies & Military –Schools & Universities

(5)

Dreamlab Partner Network

 Institute for Security and Open Methodologies (ISECOM), Barcelona

http://www.isecom.org

 Hochschule für Technik und Informatik, Berner Fachhochschule (HTI / BFH)

IT Security Education Cooperation

http://www.hti.bfh.ch

 Institut de Recherche en Intelligence Informationelle (IR2I), Montpellier

http://www.ir2i.com

 Prelude Hybrid IDS

Leading Open Source Intrusion Detection System (IDS) Solution

http://www.prelude-ids.org

 Netfilter

Leading Open Source Firewall Solution

http://www.netfilter.org

 UGO / DENG

Emerging Open Standard W3C XML Technologies

http://sourceforge.net/projects/ugo http://sourceforge.net/projects/dengmx

(6)

Dreamlab Products

 OSSTMM Corporate Infrastructure (OSCI)

Technology, knowhow and process toolkits enabling operational security

 OSCI automated testing infrastructure

Infrastructure for automatic OSSTMM assessments for large scale networks

 distributed and hybrid IDS / IDP / Honeynet's / multi level firewalls

(7)

Dreamlab Services

 Consulting

Strategic & Operational Consulting, Project Management, integration of industry standards

 Security and Operational Audits

OSSTMM Audits, Compliance Audits, Vulnerability Research and Verification, Code auditing and information warfare

 Security training and recruitement

accredited ISECOM training, academic education, individual in-house trainings and knowhow transfers

 Security task forces

Incident handling, forensics, containment measures, disaster recovery missions

 Security Solutions

(8)

Overview

 Introduction  Telephony  Voice over IP  Asterisk  Devices  Asterisk Frontends  Questions and Answers

(9)

TELEPHONY 9/48

Telephony

History:

1854 Antonio Meucci

1876 Graham Bell, Elisha Gray

1878 First switchboard for 21 customers

1891 Almon Strowger invents automatic switching

1919 Telco's start using automatic switching

1960ies Telco's start using digitized lines internally

1984 ISDN

Operators switching calls, Madrid Telecommunications Museum, Spain.

(10)

TELEPHONY 10/48

Signalling and Media

Signalling is used for controlling Communications:

 Call setup  Knocking  Hold

 Call Transfer  ...

Media refers to the actual Payload:

 Voice  Video  Data

(11)

TELEPHONY 11/48

Analog

+ technically simple

– complicated installation

– no properly separated signalling – poor features

– poor voice quality

Signalling:

 one channel (600Ω)  Pulse, DTMF, Hook flash  signalling and media mixed

(12)

TELEPHONY 12/48

ISDN

+ bus architecture + precise signalling + feature rich

+ good voice quality (MOS 4.5) – special ISDN network

– limited bus system

Basic Rate Interface (BRI):

 Signalling on 1 D-Channel

 Media on 2 B-Channels (+DTMF)  Signalling: ITU (Q.931)

Primary Rate Interface (PRI):

 2 MB Link: E1/T1/J1

 30 B-Channels, 1 D-Channel, 1 Sync  Signalling: CRC4 (QSIG)

Codecs:

(13)

TELEPHONY 13/48

VoIP

+ one network

+ new features

+ standard hardware

+ Next Generation Network (NGN)

– Voice Quality (QOS)

– Bandwidth

– Security

– many different protocols Signalling:  H323 (H.225, H.245, H.450)  SIP  MGCP  IAX2 Voice Codecs:  G.711, G.729, G.723  GSM  ...

(14)

VOICE OVER IP 14/48

Voice over IP

 Introduction  Telephony  Voice over IP  Asterisk  Devices  Asterisk Frontends  Questions and Answers

(15)

Protocol History

1996 Realtime Transport Protocol (RTP)

H323

1999 Session Initiation Protocol (SIP)

Media Gateway Protocol (MGCP)

2000 Inter Asterisk eXchange (IAX)

(16)

Protocols

SIP – Session Initiation Protocol:

 Port: 5060/udp

 Uses Realtime Transmission Protocol (RTP)  Common RTP Ports: 16384-32767

IAX2 – Inter Asterisk eXchange:

 Port: 4569/udp

 Same Port for Channels, Signalling and Media  NAT friendly

(17)

Codecs

VoIP Codecs:

Codec Bandwith [Kbps] Remarks

ITU G.711 64 sample based, aLaw / μLaw

ITU G.722 48 / 56 / 64 ITU G.726 16 / 24 / 32 / 40

ITU G.728 16

iLBC 15 / 13.3 20ms / 30ms frame size

GIPS 13.3

GSM 13.2 full rate, 20ms frame size

ITU G.729 8 10ms frame size, ! license !

ITU G.723.1 5.3 / 6.3 30ms frame size DoD CELP 4.8 LPC10 2.5 Speex 2.15 to 44.2

(18)

Bandwidth

 Required Bandwidth depends on codec and the protocol used  Low latency implies lot of small packages

Example:

 GSM Codec is 13.2 kbps

 for 20ms latency we send 50 packages per second  13.2 kbps / 50 = 33 bytes per package

Real bandwidth:  IAX2: 26 kbps  SIP/RTP: 29.2 kbps Trunking:  IAX2, GSM, 120 Channels: 1920 kbps  SIP/RTP, GSM, 120 Channels: 3600 kbps

(19)

Voice Quality

The Voice Quality depends on the following factors:

 Latency

 Sampling Rate  Compression  Jitters

 Echo

The voice quality is measured in MOS:

 ISDN is MOS 4.5

Network Requirements:

 Bandwidth

 Quality of Service (QOS)  Security

(20)

The VoIP Challenge

A telco service provider has to fulfill several requirements depending on the law of each country. Requirements:  Lawful interception  Emergency Numbers  ... Security Risks:  Fraud

 Client-side Denial of Service (DoS)  Provider-side Denial of Service (DoS)  Wiretapping

(21)

Security

Security Risks:

 lot of possible attacks (MAC-, ARP-, IP-Spoofing, Hijacking, ...)  Voice over Misconfigured Internet Telephones (VoMIT)

Security Measures:

 Transport Layer Security (TLS)  SRTP instead of RTP

 IpSec  S/MIME

 Key Management

 Specialized Firewalls

 Spezialized IDS / IPS-Modules  Boarder Gateways

 Real-time Network Visualization  Improved authentication

 Encryption

(22)

ENUM

Problems:

 Multiple communication paths: Telephone, VoIP, Email, ...  Availability

Solution:

 Store Communication paths in Domain Name Servers  E.164 Format

 Priority

Phone Number 031 398 43 21

DNS Request 1.2.3.4.8.9.3.1.3.1.4.e164.arpa

$ dig 1.2.3.4.8.9.3.1.3.1.4.e164.arpa NAPTR | grep NAPTR ; <<>> DiG 9.2.4 <<>> 1.2.3.4.8.9.3.1.3.1.4.e164.arpa NAPTR ;1.2.3.4.8.9.3.1.3.1.4.e164.arpa. IN NAPTR

1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 3 100 "u" "E2U+tel" "!^.*$!tel:+41313984321!" . 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 4 100 "u" "E2U+http" "!^.*$!http://enumtest.com!" . 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 1 100 "u" "E2U+sip" "!^.*$!sip:[email protected]!" . 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 2 100 "u" "E2U+mailto" "!^.*$mailto:[email protected]!" .

(23)

VoIP Projects

Some important VoIP projects:

 Asterisk PBX http://www.asterisk.org

 Zaptel http://www.zapatatelephony.com

 SIP Express Router http://www.iptel.org/ser

 bristuff http://www.junghanns.net

 OpenPBX http://www.voicetronix.com.au/open-source.htm#openpbx

 VoIP Wiki http://www.voip-info.org

(24)

ASTERISK 24/48

Asterisk

 Introduction  Telephony  Voice over IP  Asterisk  Devices  Asterisk Frontends  Questions and Answers

(25)

ASTERISK 25/48

Open Source

 Expensive Hardware Solutions with DSP  Cards cost up to $10'000

 Jim Dixon founds http://www.zapatatelephony.org

General Emiliano Zapata

Tormenta 2: T1/E1 Card, $275.00

 BSD Driver

(26)

ASTERISK 26/48

Linux Driver

 Jim Dixon announces Linux Driver  48h later Mark Spencer adopts it

 First Linux Driver: December 12, 2000

 Mark Spencer has the perfect thing for the Project: Asterisk  Mark Spencer founds http://www.digium.org

 Digium produces and sells zapatatelephony cards

Full Story:

(27)

ASTERISK 27/48

The Asterisk Project

 Modular and scriptable Public Branch Exchange (PBX)  Project started in 2000

 Author: Mark Spencer

 Scales from answering machine to Carrier Network

Supported Operating Systems:

 Linux  OpenBSD  FreeBSD  Mac OS X  Sun Solaris  Microsoft Windows

(28)

ASTERISK 28/48

Features

Today asterisk provides a powerful PBX with many features:

 Computer Telephony Integration (CTI)  Automated Attendant

 Call Parking  Call Recording

 Conference Bridging  ENUM

 Fax Transmit and Receive

 Interactive Voice Response (IVR)  Least Cost Routing (LCR)

 Music On Hold (MoH)  Route by Caller ID

 Text-to-Speech (via Festival)  Transcoding

 Trunking  Voicemail

For the full list of features see: http://asterisk.org/features

(29)

ASTERISK 29/48

Architecture

(30)

ASTERISK 30/48

Channels

VoIP Channels:  IAX2  SIP  H323  CISCO Skinny Zapata:  E1 / T1  S0  FXO / FXS Misc Channels:

 Analog Modem (Voice)  I4L

 mISDN

(31)

ASTERISK 31/48

Context and Extensions

(32)

ASTERISK 32/48

Applications

 Voicemail

 Meetme Conference  Call Data Records (CDR)  Enum Lookup  Festival  Call Recording  Call Parking  Music On Hold  MP3 Player  Blacklists  Authentication

 System Command Execution  Asterisk Gateway Interface (AGI)

(33)

ASTERISK 33/48

Prompts

 Prompts are voice samples used for Integrated Voice Response (IRV) and other applications.  Asterisk provides English prompts for IVR, Voicemail, ...

Free translations are available:

 Deutsch http://www.stadt-pforzheim.de/asterisk

(34)

ASTERISK 34/48

Performance Benchmarks

 Home

Pentium I 166 MHz 32 MB Ram

=> 4 SIP calls with codec g711

 Business

Pentium II 233 MHz 64 MB Ram

=> 2 x BRI (4 ISDN channels) plus a lot of SIP devices

 Carrier

Pentium 4 3 GHz HT 1 GB Ram

=> Digium quad-PRI, a TDM40B, a TDM22B and a Sirrix quad-BRI => 120 active calls over 4 PRI spans.

=> MusicOnHold into 60 channels

=> playing GSM prompts into the other 60 channels => 5000 SIP peers and 5000 IAX2 peers

(35)

DEVICES 35/48

Devices

 Introduction  Telephony  Voice over IP  Asterisk  Devices  Asterisk Frontends  Questions and Answers

(36)

DEVICES 36/48

Softphones

There are a lot of softphone clients:

Client Operating Systems Protocol URL

iaxcomm Linux, MacOS,

Windows IAX2 http://iaxclient.sf.net

GnomeMeeting Linux H323 http://www.gnomemeeting.org

Linphone Linux SIP http://www.linphone.org

PhoneGaim Linux SIP http://www.phonegaim.com

kphone Linux SIP http://www.wirlab.net/kphone

kiax Linux IAX2 http://kiax.sf.net

Diax Windows IAX2 http://www.laser.com/dante/diax/diax.html

X-Lite Linux, MacOS,

Windows SIP http://www.xten.net

For a more complete list consider:

(37)

DEVICES 37/48

Hardphones

Manufacturers:  Snom  sipmax  CISCO  ... Features:

 Two Ethernet Ports  Multiline Display  Firmware

(38)

DEVICES 38/48

Snom Phones

URL: http://www.snom.com Snom 320

Snom 190

Supported Protocols: Snom 360

 SIP Audio Codecs:  G.711  G.729A  G.726  G.723.1  GSM 6.10

(39)

DEVICES 39/48

Sipmax

 URL: http://www.sipmax.de AT 320-PD Supported Protocols:  SIP  H.323  MGCP  IAX2 Audio Codecs:  G.711A/U  G.723  G.729

(40)

DEVICES 40/48

CISCO

 Wireless IP Phone  URL: http://www.cisco.com Supported Protocols:  SIP Audio Codecs:  G.711a  G.711µ  G.729a

(41)

DEVICES 41/48

Digium Hardware

URL: http://www.digium.com

 Iaxy Iaxy

Analog Phone to IAX2 Quad E1/T1/J1 Cards:

 Wildcard TE411P TE411P

 Wildcard TE410P

Quad Analog Cards:

(42)

DEVICES 42/48

Junghanns Hardware

URL: http://www.junghanns.net Products: ● quadBRI ● octoBRI ● singleE1 ● doubleE1 quadBRI doubleE1

(43)

ASTERISK FRONTENDS 43/48

Asterisk Frontends

 Introduction  Telephony  Voice over IP  Asterisk  Devices  Asterisk Frontends  Questions and Answers

(44)

Destar

 URL: http://www.holgerschurig.de/destarscreenshots.html  simple configuration tool

(45)

Asterisk Management Portal - AMP

 URL: http://coalescentsystems.ca

(46)

asterisk-stat

 URL: http://areski.net/asterisk-stat-v2/about.php  feature rich CDR Monitor

(47)

Flash Operator Panel

 URL: http://asternic.org  realtime PBX monitor

(48)

QUESTIONS AND ANSWERS 48/48