1/48. The OpenSource PBX. by Dreamlab Technologies AG

1/48 The OpenSource PBX

INTRODUCTION 2/48 Introduction

INTRODUCTION 3/48 Speaker André Roth Solution Architect Dreamlab Technologies AG andre.roth@dreamlab.net http://www.dreamlab.net

INTRODUCTION 4/48 Dreamlab Technologies Ltd IT & Security Standards Competence Center founded 1998 in Berne Key Competences Information Security Information Management IT Infrastructures based on open standards Areas of work Industry & Businesses Government Agencies & Military Schools & Universities

INTRODUCTION 5/48 Dreamlab Partner Network Institute for Security and Open Methodologies (ISECOM), Barcelona http://www.isecom.org Hochschule für Technik und Informatik, Berner Fachhochschule (HTI / BFH) IT Security Education Cooperation http://www.hti.bfh.ch Institut de Recherche en Intelligence Informationelle (IR2I), Montpellier http://www.ir2i.com Prelude Hybrid IDS Leading Open Source Intrusion Detection System (IDS) Solution http://www.prelude-ids.org Netfilter Leading Open Source Firewall Solution http://www.netfilter.org UGO / DENG Emerging Open Standard W3C XML Technologies http://sourceforge.net/projects/ugo http://sourceforge.net/projects/dengmx

INTRODUCTION 6/48 Dreamlab Products OSSTMM Corporate Infrastructure (OSCI) Technology, knowhow and process toolkits enabling operational security OSCI automated testing infrastructure Infrastructure for automatic OSSTMM assessments for large scale networks distributed and hybrid IDS / IDP / Honeynet's / multi level firewalls Detection, security and countermeasure solutions for enterprises

INTRODUCTION 7/48 Dreamlab Services Consulting Strategic & Operational Consulting, Project Management, integration of industry standards Security and Operational Audits OSSTMM Audits, Compliance Audits, Vulnerability Research and Verification, Code auditing and information warfare Security training and recruitement accredited ISECOM training, academic education, individual in-house trainings and knowhow transfers Security task forces Incident handling, forensics, containment measures, disaster recovery missions Security Solutions Solution conception and evaluation, project assistance

INTRODUCTION 8/48 Overview Introduction Telephony Voice over IP Asterisk Devices Asterisk Frontends Questions and Answers

TELEPHONY 9/48 Telephony History: 1854 Antonio Meucci 1876 Graham Bell, Elisha Gray 1878 First switchboard for 21 customers 1891 Almon Strowger invents automatic switching 1919 Telco's start using automatic switching 1960ies Telco's start using digitized lines internally 1984 ISDN Operators switching calls, Madrid Telecommunications Museum, Spain.

TELEPHONY 10/48 Signalling and Media Signalling is used for controlling Communications: Call setup Knocking Hold Call Transfer... Media refers to the actual Payload: Voice Video Data Signalling can be in-band or out-band.

TELEPHONY 11/48 Analog + technically simple complicated installation no properly separated signalling poor features poor voice quality Signalling: one channel (600Ω) Pulse, DTMF, Hook flash signalling and media mixed

TELEPHONY 12/48 ISDN + bus architecture + precise signalling + feature rich + good voice quality (MOS 4.5) special ISDN network limited bus system Basic Rate Interface (BRI): Signalling on 1 D-Channel Media on 2 B-Channels (+DTMF) Signalling: ITU (Q.931) Primary Rate Interface (PRI): 2 MB Link: E1/T1/J1 30 B-Channels, 1 D-Channel, 1 Sync Signalling: CRC4 (QSIG) Codecs: G.711 (alaw, μlaw)

TELEPHONY 13/48 VoIP + one network + new features + standard hardware + Next Generation Network (NGN) Voice Quality (QOS) Bandwidth Security many different protocols Signalling: H323 (H.225, H.245, H.450) SIP MGCP IAX2 Voice Codecs: G.711, G.729, G.723 GSM...

VOICE OVER IP 14/48 Voice over IP Introduction Telephony Voice over IP Asterisk Devices Asterisk Frontends Questions and Answers

VOICE OVER IP 15/48 Protocol History 1996 Realtime Transport Protocol (RTP) H323 1999 Session Initiation Protocol (SIP) Media Gateway Protocol (MGCP) 2000 Inter Asterisk exchange (IAX) 2002 Security features for SIP, SRTP

VOICE OVER IP 16/48 Protocols SIP Session Initiation Protocol: Port: 5060/udp Uses Realtime Transmission Protocol (RTP) Common RTP Ports: 16384-32767 IAX2 Inter Asterisk exchange: Port: 4569/udp Same Port for Channels, Signalling and Media NAT friendly

VOICE OVER IP 17/48 Codecs VoIP Codecs: Codec Bandwith [Kbps] Remarks ITU G.711 64 sample based, alaw / μlaw ITU G.722 48 / 56 / 64 ITU G.726 16 / 24 / 32 / 40 ITU G.728 16 ilbc 15 / 13.3 GIPS 13.3 GSM 13.2 full rate, 20ms frame size ITU G.729 8 10ms frame size,! license! ITU G.723.1 5.3 / 6.3 30ms frame size DoD CELP 4.8 LPC10 2.5 Speex 2.15 to 44.2 20ms / 30ms frame size

VOICE OVER IP 18/48 Bandwidth Required Bandwidth depends on codec and the protocol used Low latency implies lot of small packages Example: GSM Codec is 13.2 kbps for 20ms latency we send 50 packages per second 13.2 kbps / 50 = 33 bytes per package Real bandwidth: Trunking: IAX2: 26 kbps IAX2, GSM, 120 Channels: 1920 kbps SIP/RTP: 29.2 kbps SIP/RTP, GSM, 120 Channels: 3600 kbps

VOICE OVER IP 19/48 Voice Quality The Voice Quality depends on the following factors: Latency Sampling Rate Compression Jitters Echo The voice quality is measured in MOS: ISDN is MOS 4.5 Network Requirements: Bandwidth Quality of Service (QOS) Security

VOICE OVER IP 20/48 The VoIP Challenge A telco service provider has to fulfill several requirements depending on the law of each country. Requirements: Lawful interception Emergency Numbers... Security Risks: Fraud Client-side Denial of Service (DoS) Provider-side Denial of Service (DoS) Wiretapping The network world is different from the circuit world

VOICE OVER IP 21/48 Security Security Risks: lot of possible attacks (MAC-, ARP-, IP-Spoofing, Hijacking,...) Voice over Misconfigured Internet Telephones (VoMIT) Security Measures: Transport Layer Security (TLS) SRTP instead of RTP IpSec S/MIME Key Management Specialized Firewalls Spezialized IDS / IPS-Modules Boarder Gateways Real-time Network Visualization Improved authentication Encryption Same security measures as in IP world!

VOICE OVER IP 22/48 ENUM Problems: Multiple communication paths: Telephone, VoIP, Email,... Availability Solution: Store Communication paths in Domain Name Servers E.164 Format Priority Phone Number 031 398 43 21 DNS Request 1.2.3.4.8.9.3.1.3.1.4.e164.arpa $ dig 1.2.3.4.8.9.3.1.3.1.4.e164.arpa NAPTR grep NAPTR ; <<>> DiG 9.2.4 <<>> 1.2.3.4.8.9.3.1.3.1.4.e164.arpa NAPTR ;1.2.3.4.8.9.3.1.3.1.4.e164.arpa. IN NAPTR 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 3 100 "u" "E2U+tel" "!^.*$!tel:+41313984321!". 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 4 100 "u" "E2U+http" "!^.*$!http://enumtest.com!". 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 1 100 "u" "E2U+sip" "!^.*$!sip:e@mail.com!". 1.2.3.4.8.9.3.1.3.1.4.e164.arpa. 1780 IN NAPTR 2 100 "u" "E2U+mailto" "!^.*$mailto:e@mail.com!".

VOICE OVER IP 23/48 VoIP Projects Some important VoIP projects: Asterisk PBX http://www.asterisk.org Zaptel http://www.zapatatelephony.com SIP Express Router http://www.iptel.org/ser bristuff http://www.junghanns.net OpenPBX http://www.voicetronix.com.au/open-source.htm#openpbx VoIP Wiki http://www.voip-info.org...

ASTERISK 24/48 Asterisk Introduction Telephony Voice over IP Asterisk Devices Asterisk Frontends Questions and Answers

ASTERISK 25/48 Open Source Expensive Hardware Solutions with DSP Cards cost up to $10'000 Jim Dixon founds http://www.zapatatelephony.org General Emiliano Zapata Tormenta 2: T1/E1 Card, $275.00 BSD Driver First pre-release: October 23, 2000

ASTERISK 26/48 Linux Driver Jim Dixon announces Linux Driver 48h later Mark Spencer adopts it First Linux Driver: December 12, 2000 Mark Spencer has the perfect thing for the Project: Asterisk Mark Spencer founds http://www.digium.org Digium produces and sells zapatatelephony cards Full Story: http://www.asteriskdocs.org/modules/tinycontent/index.php?id=10

ASTERISK 27/48 The Asterisk Project Modular and scriptable Public Branch Exchange (PBX) Project started in 2000 Author: Mark Spencer Scales from answering machine to Carrier Network Supported Operating Systems: Linux OpenBSD FreeBSD Mac OS X Sun Solaris Microsoft Windows

ASTERISK 28/48 Features Today asterisk provides a powerful PBX with many features: Computer Telephony Integration (CTI) Automated Attendant Call Parking Call Recording Conference Bridging ENUM Fax Transmit and Receive Interactive Voice Response (IVR) Least Cost Routing (LCR) Music On Hold (MoH) Route by Caller ID Text-to-Speech (via Festival) Transcoding Trunking Voicemail For the full list of features see: http://asterisk.org/features

ASTERISK 29/48 Architecture Asterisk PBX Architecture:

ASTERISK 30/48 Channels VoIP Channels: IAX2 SIP H323 CISCO Skinny Zapata: E1 / T1 S0 FXO / FXS Misc Channels: Analog Modem (Voice) I4L misdn Alsa / OSS

ASTERISK 31/48 Context and Extensions

ASTERISK 32/48 Applications Voicemail Meetme Conference Call Data Records (CDR) Enum Lookup Festival Call Recording Call Parking Music On Hold MP3 Player Blacklists Authentication System Command Execution Asterisk Gateway Interface (AGI)

ASTERISK 33/48 Prompts Prompts are voice samples used for Integrated Voice Response (IRV) and other applications. Asterisk provides English prompts for IVR, Voicemail,... Free translations are available: Deutsch http://www.stadt-pforzheim.de/asterisk Français http://www.sineapps.com/downloads.php

ASTERISK 34/48 Performance Benchmarks Home Pentium I 166 MHz 32 MB Ram => 4 SIP calls with codec g711 Business Pentium II 233 MHz 64 MB Ram => 2 x BRI (4 ISDN channels) plus a lot of SIP devices Carrier Pentium 4 3 GHz HT 1 GB Ram => Digium quad-pri, a TDM40B, a TDM22B and a Sirrix quad-bri => 120 active calls over 4 PRI spans. => MusicOnHold into 60 channels => playing GSM prompts into the other 60 channels => 5000 SIP peers and 5000 IAX2 peers => CPU usage about 55%

DEVICES 35/48 Devices Introduction Telephony Voice over IP Asterisk Devices Asterisk Frontends Questions and Answers

DEVICES 36/48 Softphones There are a lot of softphone clients: Client Operating Systems Protocol Linux, MacOS, Windows IAX2 http://iaxclient.sf.net GnomeMeeting Linux H323 http://www.gnomemeeting.org Linphone Linux SIP http://www.linphone.org PhoneGaim Linux SIP http://www.phonegaim.com kphone Linux SIP http://www.wirlab.net/kphone kiax Linux IAX2 http://kiax.sf.net Diax Windows IAX2 http://www.laser.com/dante/diax/diax.html Linux, MacOS, Windows SIP iaxcomm X-Lite URL http://www.xten.net For a more complete list consider: http://www.voip-info.org/wiki-voip+phones

DEVICES 37/48 Hardphones Manufacturers: Snom sipmax CISCO... Features: Two Ethernet Ports Multiline Display Firmware

DEVICES 38/48 Snom Phones URL: http://www.snom.com Snom 320 Snom 190 Supported Protocols: Snom 360 SIP Audio Codecs: G.711 G.729A G.726 G.723.1 GSM 6.10

DEVICES 39/48 Sipmax URL: http://www.sipmax.de AT 320-PD Supported Protocols: SIP H.323 MGCP IAX2 Audio Codecs: G.711A/U G.723 G.729

DEVICES 40/48 CISCO Wireless IP Phone URL: http://www.cisco.com Supported Protocols: SIP Audio Codecs: G.711a G.711µ G.729a

DEVICES 41/48 Digium Hardware URL: http://www.digium.com Iaxy Iaxy Analog Phone to IAX2 Quad E1/T1/J1 Cards: Wildcard TE411P Wildcard TE410P TE411P Quad Analog Cards: Wildcard TDM400P TDM400P

DEVICES 42/48 Junghanns Hardware URL: http://www.junghanns.net Products: quadbri octobri singlee1 doublee1 quadbri doublee1

ASTERISK FRONTENDS 43/48 Asterisk Frontends Introduction Telephony Voice over IP Asterisk Devices Asterisk Frontends Questions and Answers

ASTERISK FRONTENDS 44/48 Destar URL: http://www.holgerschurig.de/destarscreenshots.html simple configuration tool

ASTERISK FRONTENDS 45/48 Asterisk Management Portal - AMP URL: http://coalescentsystems.ca complex management

ASTERISK FRONTENDS 46/48 asterisk-stat URL: http://areski.net/asterisk-stat-v2/about.php feature rich CDR Monitor

ASTERISK FRONTENDS 47/48 Flash Operator Panel URL: http://asternic.org realtime PBX monitor

QUESTIONS AND ANSWERS 48/48 Questions and Answers Thank you for your attention.