20 Slices
Medium 9780596008680

Security and Monitoring

Theodore Wallingford O'Reilly Media PDF

Chapter

10 10

CHAPTER

Security and Monitoring

Like the Web, email, and other Internet communications tools, IP telephony can be secured. This fact is one of its biggest appeals over old-school telephone equipment.

Security means enforcing system policy, recording instances of abuse for forensic and litigation purposes, encrypting or otherwise hiding sensitive information in transit, bolstering call-management systems’ resilience to exploitive attacks and computer viruses, and securing the access perimeter of the VoIP network.

Security tools and enforcement practices for VoIP applications are the same, essentially, as those for other IP-based apps, because they run on the same network. The security objective of VoIP systems is largely the same as those of other IP-based systems: in a nutshell, preserve the operational status of the system.

There are many threats to this objective and many countermeasures to the threats.

Policy enforcements points, like firewalls, protect lower layers of the network, while authentication systems like RADIUS and application proxies provide higher-layer security. This chapter describes how to secure and harden a VoIP server, the basics of DMZs, how to enable logging of VoIP traffic with iptables, how to tweak the logging configuration of Asterisk, and how to log and monitor VoIP network traffic.

See All Chapters
Medium 9780596008680

Circuit-Switched Telephony

Theodore Wallingford O'Reilly Media PDF

Chapter 4

CHAPTER 4

Circuit-Switched Telephony

Conventional telephone networks, whether public (PSTN) or private, bear several things in common. First, the phones used to make calls across them almost always use one- or two-pair physical connections. Second, the call-management device nearest the end user, be it a key system or a PBX, usually provides a dedicated, singlepurpose circuit for each phone. The voice applications delivered by legacy systems are rigidly tied to the lower layers of the network. For instance, you can’t get plain old telephone service from a cable company or a satellite provider because they can’t provision copper telephone lines to your premises. Finally, the capacity of the data links used to carry traditional telephone calls rarely increases over time. It remains fixed, forever tied to the quantity of cable pathways between one point and the next.

These traits are common among legacy voice setups, whether they consist of heavyduty TDM-bus PBX systems or just a few analog phones connected to the PSTN.

See All Chapters
Medium 9780596008680

Network Infrastructure for VoIP

Theodore Wallingford O'Reilly Media PDF

Chapter

13 13

CHAPTER

Network Infrastructure for VoIP

In earlier chapters, we’ve talked about dial-plan design, PSTN trunks, and dial-tone services. We’ve covered some of the equipment used to link VoIP-based networks with legacy telephony systems: equipment like media gateways and ATAs. Signaling protocols like SIP, media protocols like RTP, and quality of service have been described. Each of these elements is dedicated to a specific, tactical duty in your telephony system.

But the “big picture” that contains and unifies all of these disparate technology objects together into a functional system is topology: the lay of the telephony land. At the base of this functional system is infrastructure. The transport, security, and directory services elements enabling your voice applications on the IP network are your

VoIP infrastructure. Topology includes geographical issues, too—the physical locations of voice resources and connectivity maps of your wide area network.

There’s quite a bit to take into account. In this chapter, we’ll talk about methods for building a reliable VoIP infrastructure. We’ll cover general IP WAN layouts, the use of private trunks to link PBX systems, disaster recovery and survivability, choosing a location for PSTN connect points, optimizing VoIP WAN links, and directory services for telephony.

See All Chapters
Medium 9780596008680

SIP Methods and Responses

Theodore Wallingford O'Reilly Media PDF

Appendix A

APPENDIX A

SIP Methods and Responses

Table A-1 shows SIP methods.

Table A-1. Methods

INVITE

A SIP device is being invited to participate in a call.

ACK

Confirms that the client has received a final response to an INVITE request.

BYE

Terminates a SIP call. Can be sent by any party involved.

CANCEL

Cancels any pending call but does not terminate a call that has already been connected.

OPTIONS

Queries the capabilities of servers without requesting to establish a call.

REGISTER

Registers an IP with a SIP registrar.

PRACK

Insures reliability of provisional 1xx responses if a UAS offers them.

UPDATE

Updates a previously made offer for a not-yet-established session.

REFER

Initiates a call transfer by telling the recipient (specified by URI) to contact a third party using the contact information provided in the request.

SUBSCRIBE

Subscribes to be notified of an event occurrence; for example a user presence update.

NOTIFY

Used to notify that an event has occurred.

MESSAGE

A method signifying the payload is an instant message.

See All Chapters
Medium 9780596008680

Asterisk Manager Socket API Syntax

Theodore Wallingford O'Reilly Media PDF

Appendix C

APPENDIX C

Asterisk Manager Socket API Syntax

AbsoluteTimeout Channel Timeout

Sets an absolute timeout in seconds for the specified channel. The call will be ended after the time has elapsed. The following example limits the call on the current channel to 10 minutes:

Action: AbsoluteTimeout

Channel: SIP/201

Timeout: 600

ChangeMonitor Channel File

Equivalent of ChangeMonitor( ).

Action: ChangeMonitor

Channel: Zap/1-1

File: Zap1-1-incsound

Command command

Execute the specified dial-plan command. The command must include all arguments necessary for it to work.

GetVar Channel Variable

Gets a variable from the specified channel.

Hangup Channel

Hangs up specified channel. Equivalent to SoftHangup( ).

IAXpeers

Lists IAX peers. Equivalent of IAX2 show peers CLI command.

ListCommands

Lists available Manager API commands.

Logoff

Closes the connection to the Manager.

MailboxCount Mailbox

Gets the message count for the specified mailbox.

MailboxStatus Mailbox

Gets the message-waiting indication for the specified mailbox.

See All Chapters

See All Slices