DoS, Vishing, and SPIT – Oh My!
Meet the Dark
Side of Internet Telephony
By: Eric
Durrand
Internet Telephony, or VoIP (Voice over Internet Protocol), is quickly replacing traditional telephony, as more organizational and home users opt to use their broadband connections for phone communication. The number of VoIP phone lines in the US has grown from 1.8 million in 2002, to 9.9 million in 2005, and is projected to go up to 26 million by 2008, according to a research by the Telecommunications Industry Association (TIA). Providers like Cablevision, Vonage and others turn VoIP to a reality for many, providing quality telephone services for a fraction of the cost, or sometimes for a fixed price.
But not all bodes well for early adopters making the transition into Internet Telephony. As prices of calls plummet, spammers who are used to send millions of junk messages over E-Mail for free, start eyeing the new medium, dreaming of the potential to one day be able to make millions of pre-recorded commercial calls! Experts call this new threat SPIT: Spam over Internet Telephony, and unlike regular E-Mail spam, there is currently no simple filtering solution.
Qovia, a telecom company based in Frederick, Maryland, ran a simulation showing how a single PC can make 1,000 calls a minute using VoIP. In VoIP networks with unlimited calling or “peering”, where there is no financial penalty for making thousands of calls, a spammer (or, rather, SPITer) might find it profitable to make infinite calls even with a very small percentage of response.
Another threat involving VoIP is dubbed Vishing, a paraphrase of Phishing, a common type of E-Mail fraud. In an ingenious fraud perpetrated recently for the first time, individuals got a scam call from what appeared to be the number of a respected financial institution, and told that their credit card had been used illegally. They were then asked to call a fake 1-800- number, and when they did an automated system collected their credit card details and promised to take care of the problem. In fact, the numbers went into the criminal’s database of stolen credit cards, which they could later use to empty their victim’s account.
Denial of Service attacks (DoS), is a final scary scenario to consider. If SPIT spammers can make a thousand calls a minute using a single PC dialing to different locations, what can they do if they keep calling the same number? The answer: temporarily take down the phone line, which could mean considerable disruption to an organization, and potential loss of income.
As with any new medium of communications, VoIP too will inevitably be abused by those who seek to profit at the expense of others. The solution, as always, is not to avoid new technologies, but to embrace them with open eyes and stay wary of the risks involved. As certain nuisances become more acute, various solutions will undoubtedly be developed to fight them. We’ll keep you up to date with what you need to know.
Posted on August 14, 2006 at 02:05 PM in Telecomm | Permalink | Comments (0) | TrackBack
Asterisk PBX: Telephony’s Future?
The Open Source PBX is Making Waves
By: Eric Durrand
VoIP, or Voice over IP (Voice over a Data Network), is hot! A growing number of organizations implement a network based Private Branch eXchange (PBX) Telephon System, and more individuals use VoIP applications like Skype to communicate while online. IP telephony offers greater functionality at a lower cost and according to Gartner Research, U.S. spending on VoIP systems will reach $903 million in 2005, up from $686 million in 2004. Gartner predicts that 97% of new phone system installed in North America by 2007 will either be pure VoIP or hybrid systems accepting both VoIP, and conventional phone calls.
Asterisk PBX, a popular Open Source telephony solution, is one of the forerunners of VoIP for small and medium size organizations, and a way for schools to enjoy features available only in high-end, expensive systems combined with the benefits of VoIP at costs lower then conventional systems. Running on Linux, BSD, Solaris, or OS X, and supporting both VoIP and old fashioned telephone systems, Asterisk provides full featured enterprise telephony services, including extensions, voicemail, music on hold, voicemail to e-mail, conference calls, caller ID, interactive voice response, call queuing and forwarding, distinctive rings, and more. Asterisk treats voice as data so one can receive voicemail messages into one’s e-mail inbox, log phone calls in a meaningful way, or easily manage the automatic call screening and routing system.
An additional benefit of Asterisk PBX is cost reduction: A free system under the GNU public license, it allows small organizations, such as schools and even homes, to enjoy an Enterprise Class phone system. Experts predict that moving from a traditional telephone system to VoIP can save consumers 30% or more in total cost of ownership. An Open Source (GNU) software PBX system can help you save even more by handling old telephony and VoIP, Asterisk saves you money on maintenance; the same technicians that service your computers can service your PBX and its configuration, by using none proprietary phones that are much cheaper, it is also compatible with many existing systems and supports various “Softphones” traditionally used for PC to PC calls, including Windows/MSN Messenger, X-Lite, and Kiax. PC phones and non-proprietary SIP phones can be used with Asterisk PBX to expand the reach of the school phone system. What this means is that companies can now deploy home based extensions of the school phone system; supporting the proliferation of virtual offices and the ability for people to be reached via their office phone system, anywhere in the world. In addition, people working from home can use the office phone system to make their work-related calls. Asterisk will also work with USB phones and SIP-compliant headsets, and even plain old phones, with appropriate adapters.
The functionality improvement over old PBX systems are significant: from authentication and blacklists, to call monitoring and recording, emergency 911 service, MP3-based music on transfer, to automatic SMS messaging – this solution is a 21st century, smart PBX; so smart and cost effective that, in fact, it is predicted that the telecommunications industry will be radically altered. A modified version of Asterisk, Asterisk@Home, brings the benefits of a PBX system into the home, allowing personalized menu systems, transfer music, and even wake-up calls!
You can find useful information in this newly released book by O’Reilly - Asterisk: The Future of Telephony. The book outlines the implementation options, discusses the ground-breaking economical and even social implications of open source VoIP telephony, and shows how to set up the various services, and merge voice and data traffic seamlessly across disparate networks.
Telephony, like other media today, is going through a Digital Convergence Revolution transforming it into a Digital Data Stream over the Internet. In telephony the transformation is almost complete and, in a decade or so, the old voice-only lines will be a thing of the past. The bottom line of this transformation, which your school can start today, is a considerable improvement in the cost effectiveness of telephony; reducing costs, improving productivity, the reach, and mobility of the telephone and the people who use it, through voice-data integration. Asterisk can get you there at a very reasonable price; are you willing to give it a try?
Posted on December 13, 2005 at 03:57 PM in Telecomm | Permalink | Comments (0) | TrackBack
