Cd you please help me in this regards:
I want to configure SpanDSP configuration & should allow all calls to be placed via T38, on Asterisk 1.8.
Thanks in advance.

Thanks & Regards
Anil Mistery

Microsoft Office Communications Server: Hackers love attacking Microsoft, and Microsoft loves being unprepared. VIPER Lab predicts that hackers will find vulnerabilities in Microsoft Office Communications Server’s VoIP client and use it to access networks that had previously been secure, and the organization is not alone in reaching this conclusion. Network World blogger Mitchell Ashley suggests that Microsoft could learn from Vonage’s vulnerability to spoofing attacks.

I guess those of us who are using Windows are out of luck in this point. Then again, this is why business are leaning towards alternatives.

Vishing by VoIP: The FBI has been aware of vishing for nearly a year now, and the IC3 (Internet Crime Complain Center) recently released a report stating that vishing attacks are on the rise. With caller ID spoofing, the criminals can be very difficult to track, “due to rapidly evolving criminal methodologies,” according to the IC3.

Yup, first it was phishing, now it’s vishing.

VoIP Attacks Against Service Providers: These sorts of attacks will escalate, VIPER Lab predicts, because of readily available, anonymous $20 SIM cards. As UMA (Unlicensed Mobile Access) technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, VIPER Labs warns that “service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.” Such attacks include scripting “various flood, fuzzing and spoofing attacks,” according to VoIP blogger Rich Tehrani. “The hacker could set up multiple IPSec tunnels to various PDGs in the network or across multiple GPRS sessions [generating] up to 10,000 messages per second … equal [to] the traffic of 10 million users,”

Knowledge is power. I hope that exposing these threats will help you make your VOIP system more secure.

“There’s no such thing as a bulletproof VoIP system, but there are things you can do to make your setup more secure”

At its heart, a VoIP system is a data network. This means VoIP deployments are vulnerable to the same internal and external threats that plague any enterprise data local area network (LAN) or wide area network (WAN).

Enterprises pondering voice over Internet protocol (VoIP) primarily focus on the technology’s cost benefits. Yet, in their zeal to converge voice and data networks and shave telephony costs, many organizations are failing to adequately consider VoIP’s single drawback: security.

Like Seinfeld’s George Costanza and the cashmere sweater with the little red dot, most VoIP supporters would prefer to ignore the ugly defect that mars their otherwise stainless technology. Unfortunately, VoIP’s little red dot has the potential to cripple enterprise VoIP systems. Worse yet, VoIP’s security gaps threaten to wreck havoc in several different, often insidious ways.

In-Stat, a US technology research firm, predicts that the number of business IP phones sold will grow from 9.9 million in 2006 to 45.8 million in 2010. Yet, the company ominously notes that over 40 percent of the enterprises it surveyed don’t have any specific plans for securing their VoIP deployments. Additionally, when asked to rate their VoIP security knowledge, most enterprise managers In-Stat contacted characterized themselves as being “somewhat knowledgeable,” the lowest rating the survey offered.

Locking Down Your System

There’s no such thing as a bulletproof VoIP implementation, but there are a handful of fundamental steps you can take today to ensure that your system, or the systems that you’re planning, will be highly secure.

According to network vendor Cisco, preventing unauthorized access to the network is a smart first step in a voice security program. For an additional layer of protection, in case somebody does gain unauthorized access, organizations can also encrypt voice traffic. Voice and video-enabled VPN (V3PN) technology, available in many routers and security appliances, encrypts voice as well as data traffic using IP Security (IPsec) or Advanced Encryption Standard (AES). Encryption is performed in hardware so that firewall performance is not affected.

Many security experts also recommend limiting VoIP data to a single virtual local area network (VLAN). A VLAN will keep voice network traffic hidden from data network users, providing an additional layer of security. The technique can also limit the scope of damage to the VLAN in the event of an attack. An additional side benefit is that a VLAN help prioritize VoIP data over other types of network traffic.

When creating the VLAN, be sure to place its equipment behind separate firewalls. This practice will restrict traffic crossing VLAN boundaries to applicable protocols and prevent viruses and other kinds of malware from spreading from clients to servers. When looking for firewall technology, be sure to examine products that support both leading standards: Session Initiation Protocol (SIP) and the International Telecommunication Union’s H.323 protocol.

Data and Physical Security

By now, just about everybody is aware of the need for packet data encryption to safeguard VoIP transmissions. Yet call signaling encryption is important as well to prevent hackers from misdirecting or otherwise interfering with call traffic.

To install multiple encryption layers, turn to Transport Level Security (TLS), which encrypts the entire call process. The Secure Real Time Protocol (SRTP) is useful as well for encrypting communication between endpoints.

A secure gateway, properly configured, is a VoIP system’s cornerstone. The gateway will limit system access to authenticated and approved users while keeping hackers safely on the outside. Gateways themselves, as well as the networks that lie behind them, can be protected through the use of a stateful package inspection (SPI) firewall and network address translation (NAT) tools.

Eternal Vigilence

VoIP security requires constant vigilance. This means monitoring the network for suspicious activities, as well as maintaining the operating system and VoIP applications. Be sure to install updates, particularly security patches, as soon as they become available. Consider using an operating system that has been “hardened” to deflect hacker attacks. It’s also important to disable non-essential operating and application services, since hacker can exploit these pathways to enter your system.

Ethernet ports are also prime hacker entry points. You can help keep the bad guys out of your network by using management tools that limit access to authenticated and pre-approved users and devices. You may also want to bar softphones from your system, since these products are vulnerable to malware and can also be imitate IP and MAC addresses when linked into the network via an RJ44 port.

Building redundancy into a VoIP system can help it better withstand hacker attacks as well as equipment failure. Multiple gateways, nodes, routers, servers and power supplies make a system more resilient and reliable.

Final Point

The good news is that VoIP threats are still a largely theoretical issue. So far, few enterprise VoIP networks have experienced anything close to a serious hacker attack. But complacency shouldn’t lull enterprise VoIP adopters into a false sense of security. Enterprises should strive to follow security best practices and demand that VoIP technology vendors build adequate safeguards into their products. Doing anything less is to court disaster.

Let’s look at the positive side first. What are the benefits that VOIP offers? Of course, the benefits vary depending on the specific VOIP service provider. More so, these will depend on the specific features of the VOIP provider.

Unlimited calls for a very low price.
This benefit is actually quite dependent on the plan that you take on. For certain plans, VOIP users can make unlimited phone calls for a very low fee. This could mean that a flat fee is charged for a certain period of time, with no limits as to how many calls can be made. For other plans, it could be that the charges are made per call – for a very low fee still. In any case, the bottom line is that more calls can be made – long distance especially – for much cheaper.

Charging is done per second.
Again, this depends on the VOIP provider and the specific plan. For some VOIP plans that charge per call, however, the calls are charged per second and not by the minute. This makes for a lot of savings as you only really pay what you use.

Mobility and flexibility.
There are many VOIP platforms today which can be used anywhere in the world – as long as the user has a computer and a fast Internet connection. This makes for a lot of convenience as we all know that almost anywhere you go, you can connect to the Internet. This is particulary efficient and cost effective for business people who travel all the time.

Now how about the downside? VOIP surely has some disadvantages as well.

Security.
Like it or not, there are some security threats to VOIP. Generally, though, service providers are handling these issues the best way they can. This is not to say that security threats will not come up in the future, though.

Dependency on Internet speed.
The main thing that makes VOIP great can also be its downfall. Call quality is highly dependent on the speed of the Internet connection. If the Internet speed is not enough, then VOIP calls just might not be possible.

VoIP is traditionally thought of as an alternative to the plain-old-telephone system (a.k.a. “POTS” or public switched telephone network). True, it’s usually cheap and would require none of the usual expensive switching equipment that telephone companies usually use. However, users of traditional telephone systems may not be aware that their telcos are ripping them off by routing calls via the Internet but still charging access fees.

Long distance and overseas calls are usually expensive because of these reasons: For international calls, international gateway facilities charge your local telephone company access fees whenever you dial someone from outside the counrty. For long distance, the same system applies, but this time, the telephone company of the person you’re calling charges your telco for access–or they both have access charges against each other.

The reason they feel they can justify charging expensive fees is because the international gateway facilities (IGFs) are expensive to set up and maintain, and they usually have to comply with regulatory requirements (such as franchises, permits, and the like) before they can run their business. In contrast, Internet service providers are usually viewed as value-added service providers instead of utilities–hence lower barriers and costs to entry.

However, with the onset of VoIP as a popular alternative, telcos have started to route their calls through the Internet, too. I have personally seen several prepaid services (that use calling cards) marketing themselves as good alternatives to the regular telephone system, but not exactly as VoIP solutions. You still have to contact your correspondents by dialing through your local phone system.

What I do notice when I try these services for calling overseas is that the voice quality is different. I mean, you will definitely be able to distinguish between a phone call that’s routed through an analog circuit, and one that’s packet-based. So what does this mean? My telephone company is actually routing my calls through VoIP.

What’s worse is that some telcos I know are charging the same rates for calls, but they’re routing the voice calls via the Internet. This means they’re no longer paying the IGF charges, but still charging us end-users the same rates!

Here is something for all Asterisk users out there. Though we may all be very enthusiastic about Asterisk and the service it provides, we have to be practical and keep our eyes open for vulnerabilities. Even the people over at Digium do not act like ostriches and keep their head buried in the sand – I guess most other service providers act the same way. They are always on the look out for weaknesses that other unscrupulous individuals may take advantage of.

Recently, Joel R. Voss aka. Javantea reported a vulnerability in Asterisk systems that may result in denial of service. Many other sites and blogs have subsequently spread the word about the possible problems that may arise from the vulnerability. People over at Digium themselves have released an advisory about the issue. They have also released work arounds that could help solve the issue and avoid potential problems that may arise from it.

Below is the description of the vulnerability as well as other important details that you may need to resolve the issue. This was taken from Secunia:

Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.

The vulnerability is reported in the following versions:
* Asterisk Open Source 1.0.x (all versions)
* Asterisk Open Source 1.2.x (all versions prior to 1.2.28)
* Asterisk Open Source 1.4.x (all versions prior to 1.4.19.1)
* Asterisk Business Edition A.x.x (all versions)
* Asterisk Business Edition B.x.x (all versions prior to B.2.5.2)
* Asterisk Business Edition C.x.x (all versions prior to C.1.8.1)
* AsteriskNOW 1.0.x (all versions prior to 1.0.3)
* Asterisk Appliance Developer Kit 0.x.x (all versions)
* s800i (Asterisk Appliance) 1.0.x (all versions prior to 1.1.0.3)

Here’s to hoping that you will be able to take care of the vulnerability or Just Leave it to AsteriskGeekz

VoIP (Voice over Internet Protocol) and IP PBXs and Call Centers have become increasingly popular to enable larger businesses to gain many of the long-promised advantages of Internet Telephony. Until now, however, there has been no cost-effective way to virtualize VoIP services so they can be hosted, and delivered by managed service providers in the increasingly prevalent Communications-as-a-Service (CaaS) and emerging Cloud Computing models. What’s more, VoIP’s questionable quality and reliability combined with “techno speak” from the vendor community have slowed adoption by mainstream businesses and their solutions providers. Now, Globussoft has emerged as “Your NEW Asterisk Support Company” to lead the VoIP movement by bringing to businesses of every size and type Hosted Virtual VoIP with the Quality of Telephony™ formerly associated with conventional telephony, TDM PBXes and the legacy PSTN.

What is Asterisk PBX

Asterisk is the world’s number one open source PBX system. It offers flexibility unheard of in the world of proprietary telephone systems. Asterisk facilitates creation of advanced communication solutions.

Asterisk is licensed as open source under the GNU General Public License
(GPL) and at the time of writing is the most popular open source software available today.

Asterisk as a telephony switch

Asterisk has many uses, but primarily as the core of an IP PBX, switching calls, managing routes, enabling features, and connecting callers with the outside world via IP, analogue or digital
(ISDN2/ISDN30/E1) trunks.

Asterisk runs on a wide variety of operating systems but was designed on Linux. It provides all of the features you would expect from a PBX including many advanced features that are often associated with high end, expensive, proprietary telephone systems. Asterisk’s architecture is very flexible and supports voice over IP in many protocols.

Need an IVR? Asterisk has it covered. Need a conference bridge? Asterisk has that covered too. What about an automated attendant? No problem. How about a replacement for your aging voicemail system? That too. Unified messaging? Yep. Telephony interface for click2call via your web site?
Consider it done. Asterisk does it all.

Asterisk for your Call Center

Asterisk PBX has been used by call centers worldwide. Call center solution providers have built complete Automatic Call Distribution (ACD) systems based on Asterisk PBX. Asterisk has also breathed new life to existing call center systems by adding support for home based agent capabilities, predictive dialling, and much more.

Asterisk has become the basis for thousands of communications solutions the world over. If you need to communicate, Asterisk is your answer.

Asterisk Support and Installation Services

We offer various services for Asterisk, Asterisk installation, Asterisk configuration, Dialplan programming, IVR Designing, AGI scripting, manager api, Fax Support , etc.

We have team of experts having wide range of skills and extensive experience in Asterisk. We have successfully completed various projects based on Asterisk.

We have expertise in various opensource solutions based on Asterisk such as A2Billing , FreePBX , TrixBox etc. and many more.

Currently we offer following services for Asterisk.

• Asterisk installation
• Asterisk configuration
• Dialplan programming
• AGI scripting
• IVR Designing
• Fax Support
• Trixbox installation
• FreePBX installation
• A2Billing Installation
• AsteriskGUI Installation

Asterisk Installation

Asterisk PBX is open-source, meaning there is no charge for the software itself, yet it offers a huge array of telephony features normally associated only with high end telephone switches costing tens of thousands of pounds.

Furthermore, Asterisk PBX is highly scalable so it can grow with your business as and when the need arises

At Globussoft we offer complete Asterisk installation service including installation of prerequisites, necessary packages and all Asterisk packages such as zaptel, libpri, Asterisk, Asterisk addons and Asterisk sounds. We can install Asterisk on most of the unix like systems such as Linux, BSD and MacOSX

We can install Asterisk on your server remotely with all prerequisites and necessary packages. You just need to give us your server details, root access and relax. We will do Asterisk installation on your server within less time. A complete peace of mind service for customers.

Asterisk Configuration

Globussoft offers complete Asterisk configuration services. We offer following Asterisk configuration services.

1. Configuration of ZAP channels:
   We can configure various analog interface cards and digital interface cards for Asterisk..
2. Configuration of VoIP providers for PSTN termination and origination
   Generally phone service via VoIP costs less than equivalent service from traditional sources. Therefore people use VoIP providers to terminate international calls. We have experience in configuring various SIP, IAX2 and H323 termination providers. We can also suggest you few good VoIP termination and origination providers.
3. Configuration of extensions
   We can configure SIP/IAX2/H323/ZAP extensions for you. To connect appropriate softphone or hardphone, we need to create extension for it in Asterisk. After creating extension/user, user can connect soft or hard phone to asterisk and start calling.
4. Configuration of ACD, Agents and Queues
   Asterisk has built-in support for call center features. If you want to start an inbound or outbound call center, we can help you with it. With Asterisk setup and operating cost of the call center goes down to earth. We can configure ACD with IVR and create various queues according to your needs. We can configure agents for call center and assign them to different queues.
5. Configuration Find me, Follow me
   One nice feature of Asterisk is follow me. You can receive calls to your extension. If you are not available, it will ring your cell phone or PSTN phone and finally go to voicemail if no one answers the call.
6. Configuration of Meet me
   Asterisk is a very nice conferencing platform. We can configure various conference rooms with and without pin numbers. We can also configure extensions for administrative operations in particular conference rooms.
7. Configuration of Voicemail
   Asterisk has the ability to store voicemails and send them as an attachments to configured email addresses. We can configure Voicemail accounts with email addresses and format of the emails so that you can have customized voicemail to email features.

Dialplan Programming

Dialplans can be defined in extensions.conf or database using realtime Asterisk configuration in Asterisk. Basic Asterisk dialplans can be defined easily in no time. But if you want to create Asterisk dialplans for billing solutions, call center solutions, IVR or any other custom application then creating the dialplans is not so easy. We have expertise in creating complex Asterisk dialplans. We have created many Asterisk dialplans for billing solutions, IVRs, conferencing systems and many other applications.

• We can configure Asterisk dialplans for your billing solution which can consist of authenticating users from agi scripts, checking balance, getting rates for the destination, insert custom CDRs (Call Data Records), etc.
• We can create simple to complex IVRs according to your needs. We can even use text to speech and speech to text capabilities to offer outstanding services from Asterisk PBX.
• We can create more complex customized Asterisk dialplans for various other applications such as conferencing, click to call, notification systems and many more.

Freepbx Installation

FreePBX is a full-featured PBX web application. If you’ve looked into Asterisk, you know that it doesn’t come with any “built in” programming. You can’t plug a phone into it and make it work without editing configuration files, writing dialplans, and various messing about.

FreePBX simplifies this by giving you pre-programmed functionality accessible by a user-friendly web interfaces that allows you to have a fully functional PBX pretty much straight away with no programming required. Some of the features that FreePBX supports out of the box are:

Unlimited number of Voicemail boxes

“Follow Me” functionality

Ring Groups with calls confirmation (so if, eg, a cellphone is out of range and diverts to voicemail, all the other phones keep ringing)

Unlimited number of Conferences (limited by available CPU power – about 300 simultaneous users in conferences on a P4 3ghz – 600 with a dual core!)

Paging and Intercom functionality for man SIP phones that support it.

Music on Hold (via MP3s, or streamed off the internet)

Call Queues

And many other features

FreePBX is built on the LAMPA™ stack (Linux, Apache, MySQL, PHP and Asterisk). It’s a modular system, with click-to-install plugins downloadable over the internet from the online module repository.

FreePBX Features at a Glance:

Add or change extension and voicemail accounts in seconds

Native support of SIP, IAX, and ZAP clients (other endpoints are supported through custom extensions)

Supports all Asterisk supported trunk technologies

Reduce long distance costs with LCR

Route incoming calls based on time-of-day

Create interactive Digital Receptionist (IVR) menus

Design sophisticated call groups

Manage callers with Queues

Upload custom on-hold music (MOH)

Search company directory, based on first or last name

Detect and receive incoming faxes

Share administrative duties

Backup and Restore your system

Save audio recordings of calls

View call detail reporting with asterisk-stat

View extension and trunk status with Flash Operator Panel

View conversation recordings with Asterisk Recording Interface (ARI)

AGI Programming

One of the cool features of Asterisk is AGI scripting. AGI is the Asterisk Gateway Interface, an interface for adding various functionalities to Asterisk with many different programming languages such as Perl, PHP, C, Pascal, Bourne Shell, etc.

Basically there are three types of AGI scripts:

1. AGI:
   Using AGI, you can control dialplan and do various operations with database, system, manager api and almost everything.
2. EAGI:
   EAGI gives the application the possibility to access and control the sound channel in addition to interaction with the dial. EAGI can be used to plan. EAGI can be used to handle voice stream for recording voice or doing speech to text.
3. DEADAGI:
   DEADAGI gives access to a dead channel, after hangup. DEADAGI is generally used to do cleanup operations when call is hang up.

We have expertise in programming AGI scripts. We generally use Perl as a programming language for AGI scripting. We have created many AGI scripts for various applications such as billing solutions, IVR systems, conferencing system, click to call, etc.

Asterisk is released as open source under the GNU General Public License (GPL), and it is available for download free of charge. Asterisk® is the leading open source telephony project and the Asterisk community has been ranked as a key factor in the growth of VoIP.

What Does Asterisk Do?

Asterisk is like an erector set or a box of Legos for people who want to create communications applications. That’s why we refer to it as a “tool-kit” or “development platform”. Asterisk includes all the building blocks needed to create a PBX system, an IVR system or virtually any other kind of communications solution. The “blocks” in the kit include:

* Drivers for various VoIP protocols.
* Drivers for PSTN interface cards and devices.
* Routing and call handling for incoming calls.
* Outbound call generation and routing.
* Media management functions (record, play, generate tone, etc.).
* Call detail recording for accounting and billing.
* Transcoding (conversion from one media format to another).
* Protocol conversion (conversion from one protocol to another).
* Database integration for accessing information on relational databases.
* Web services integration for accessing data using standard internet protocols.
* LDAP integration for accessing corporate directory systems.
* Single and mult-party call bridging.
* Call recording and monitoring functions.
* Integrated “Dialplan” scripting language for call processing.
* External call management in any programming or scripting language through Asterisk Gateway Interface (AGI)
* Event notification and CTI integration via the Asterisk Manager Interface (AMI).
* Speech synthesis (aka “text-to-speech”) in various languages and dialects using third party engines.
* Speech recognition in various languages using third party recognition engines.

This combination of components allows an integrator or developer to quickly create voice-enabled applications. The open nature of Asterisk means that there is no fixed limit on what it can be made to do. Asterisk integrators have built everything from very small IP PBX systems to massive carrier media servers.

Asterisk In Action: Key Applications

Asterisk As A PBX

Asterisk can be configured as the core of an IP or hybrid PBX, switching calls, managing routes, enabling features, and connecting callers with the outside world over IP, analog (POTS), and digital (T1/E1) connections.

Asterisk runs on a wide variety of operating systems including Linux, Mac OS X, OpenBSD, FreeBSD and Sun Solaris and provides all of the features you would expect from a PBX including many advanced features that are often associated with high end (and high cost) proprietary PBXs. Asterisk’s architecture is designed for maximum flexibility and supports Voice over IP in many protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.
Asterisk As A Gateway

It can also be built out as the heart of a media gateway, bridging the legacy PSTN to the expanding world of IP telephony. Asterisk’s modular architecture allows it to convert between a wide range of communications protocols and media codecs. Asterisk as a feature/media server.

Need an IVR? Asterisk’s got you covered. How about a conference bridge? Yep. It’s in there. What about an automated attendant? Asterisk does that too. How about a replacement for your aging legacy voicemail system? Can do. Unified messaging? No problem. Need a telephony interface for your web site? Ok.

Asterisk In The Call Center

Asterisk has been adopted by call centers around the world based on its flexibility. Call center and contact center developers have built complete ACD systems based on Asterisk. Asterisk has also added new life to existing call center solutions by adding remote IP agent capabilities, advanced skills-based routing, predictive and bulk dialing, and more.
Asterisk In The Public Network

Internet Telephony Service Providers (ITSPs), competitive local exchange carriers (CLECS) and even first-tier incumbents have discovered the power of open source communications with Asterisk. Feature servers, hosted services clusters, voicemail systems, pre-paid calling solutions, all based on Asterisk have helped reduce costs and enabled flexibility.

Asterisk Everywhere

Asterisk has become the basis for thousands of communications solutions. If you need to communicate, Asterisk is your answer.

Supported platforms

Asterisk® is primarily developed on GNU/Linux for x/86 and runs on GNU/Linux for PPC along with OpenBSD, FreeBSD, and Mac OS X. Other platforms and standards-based UNIX-like operating systems should be reasonably easy to port for anyone with the time and requisite skill to do so.

Supported hardware

Asterisk® needs no additional hardware for Voice over IP. For interconnection with digital and analog telephony equipment, Asterisk® supports a number of hardware devices, most notably all of the hardware manufactured by Digium®, the creator of Asterisk®.

Features

Asterisk-based telephony solutions offer a rich and flexible feature set. Asterisk® offers both classical PBX functionality and advanced features which interoperates with traditional standards-based telephony systems and Voice over IP systems.

Supported protocols

Asterisk® supports a wide range of protocols for the handling and transmission of voice over traditional telephony interfaces including H.323, Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), and Skinny Client Control Protocol (SCCP).

Using the Inter-Asterisk eXchange (IAX™) Voice over IP protocol Asterisk® merges voice and data traffic seamlessly across disparate networks. The use of Packet Voice allows Asterisk® to send data such as URL information and images in-line with voice traffic, allowing advanced integration of information.

Asterisk® provides a central switching core, with four APIs for modular loading of telephony applications, hardware interfaces, file format handling, and codecs. It allows for transparent switching between all supported interfaces, allowing it to tie together a diverse mixture of telephony systems into a single switching network.