Business security voip

PABX fraud is on the up – by Manuel Basilavecchia of Netaxis

PABX fraud growth

This week we have David Cargill as guest editor. David runs the Operations Working Group at  the Internet Telephony Sevice Providers’ Association (ITSPA) and takes a special interest in VoIP Fraud. David has invited a number of experts to contribute guest posts on fraud related subjects. This ties in with the ITSPA/ Workshop on Wednesday that has VoIP fraud and WebRTC as its main themes. This is his first choice of post, in which PABX fraud growth and is discussed, is written by Manuel Basilavecchia – Co-owner, Sales and Marketing Director of NetAxis Solutions.

It is commonly agreed to estimate that the loss due to fraud in the telecommunication industry represents 0.5% to 5% of revenue of telecommunications operators.

Even if all of those scenarios are well known for years, many of them are still impacting the telecom industry. Of course, not only Telecom providers are impacted, as retail/corporate customers are impacted as well by telecom fraud.

In this article, we’ll focus on a specific kind of PABX fraud (and all mechanisms related) which is PABX hacking.

To make a fraud possible and generate money, a fraudster needs two things:  Traffic (generation) and a termination (Cash collection).

In order to generate the traffic the fraudster will hijack a PABX. Alternatively the fraudster will pay a third party to perform the hijacking. In that case, we’ll talk about IRSF fraud type (International Revenue Shared Fraud). Once the access to the PABX is effective, the PABX will be used as resource to generate calls to high cost destinations.  As the fraudster owns the numbers targeted by the fraud, a money flow will be established and the fraudster could retrieve the money.

At first glance, the mechanism is not that complex, but the thing is that it has worked for years and is still working nowadays.

Let’s try to figure out why

In most of the cases, hijack of the PABX is not that difficult. Indeed, very often the password by default has not been changed by the administrator. Also in case the password has been changed, a very basic password is used which is quite easy to guess by a fraudster. Alongside this, these systems are always subject to vulnerabilities which can be easily exploited by a basic hacker.

In most of the cases, that attack is made outside business hours  including weekends, assuming that the PABX activity is not monitored during these intervals.

In this way, the customer is even not aware that he has been victim of an attack.

This lack of monitoring during some times of the day/week has the consequence that very often the fraud is discovered when the customer receive his telecom supplier’s invoice.

There is also an aggravating factor which is the payment terms. Indeed, usually the billing period between retail customer and its telecom provider is monthly while the billing period for Premium rate numbers is weekly with as consequence that once the fraud is discovered, the fraudster already got the money and it is very difficult to get the money back (or withhold payment).

This is having negative consequence on the relationship between the retail or the corporate customer and the telecom provider. Indeed, as the fraud is involving international destinations, international carriers are part of the scheme.

Having several players in the scenario makes it quite complex and difficult to find a fair solution for all the parties and someone as to assume the loss generated by the fraud. Let’s consider a practical case that will illustrate all those considerations:

A fraudster buys some Premium rate numbers in a foreign country, keeping in mind the high cost per minute associated. As a second step, he will ask and pay (share revenue) somebody to generate traffic artificially towards those numbers.

Once the attacker gets access to the PABX, he will generate as much as possible traffic in the shortest time (night or week-end)

The fraudster will receive payment from the Premium rate number 7 days later.

Assuming that nobody will notice this traffic increase on customer side (same on operator side) this traffic will become visible when the customer will receive his telecom invoice; usually one month later.

Quite clearly it is too late to react and very difficult to avoid a loss. Indeed, the usual traffic flow for international traffic is the following. Traffic starts at a retail customer and is sent to his telecom operator. As it is regarding international traffic, the telecom operator will use one or several international wholesalers to terminate this traffic. Those international wholesalers could also use different suppliers to terminate the traffic. The number of intermediaries and the misalignment of the payment terms make it complex to withhold payment and very often a party will have to suffer a loss, in most cases being the retail customer of his telecom supplier

In case of fraud, the size of the operator could put him in a very difficult situation. There have been cases where the operator is forced to choose between losing the customer or have to assume the loss generated by the fraud. If the telecom supplier is not financially robust, this could have very big impact on business.

As a conclusion, to avoid risks linked to this type of fraud it is important to:

  • Take all appropriate measures to secure the PABX of the customer. This point is often difficult due to the diversity of the installed based or the lack of expertise at customer side. So a good information campaign needs to be setup.
  • Deploy a Fraud Management System that, in near real time, will look at any customer traffic patterns in order to detect abnormal activity in terms of volume or destination.

Of course, the FMS needs to be operated by people having skills in fraud detection, or better, expert consultants to detect fraud but also to avoid false positive cases and not block legitimate traffic (and revenues).

Additionally, this will provide the capabilities to the operator to mitigate the financial exposure by reacting quickly to fraud cases (reducing the impact) and by providing evidences in order to open claims towards authorities and upstream providers (Recovering losses).

Manuel Basilavecchia is Co-owner, Sales and Marketing Director of Belgium based NetAxis Solutions. Manuel Basilavecchia brings over 17 years of business strategy, innovation and technology experience to his role as co-founder. As Director of Sales and Marketing, Manuel is focused on developing NetAxis Solutions business by bringing advanced carrier-grade communications services to Service Providers and Corporations and by providing high-technology products to the industry. Manuel holds a Master in Electrical Engineering – Electronics and Physics, a Master on Medical Physics and Bioengineering, and an MBA in management.

Loads of posts on PBX fraud here. Also come back for a different VoIP fraud post each day this week.

Business voip voip hardware

Practical IP Phone Design

ip phone hot-desking ip phone roi ip phone interoperability ip phone security lesley hansen on designing an ip phonePractical Applications for Your IP Handsets

In the last of her articles on IP handset design Snom Marketing Manager Lesley Hansen talks about practical applications including ip phone hot desking.

IP phones are unique in that they were built to support IP first and telephony second. When businesses embrace the richer world of unified communications the benefits of IP phones become evident. With IP phones business users can use converged services which incorporate voice into data and video applications.  Advanced IP phones are really multimedia endpoints that bring these capabilities together with a single interface. IP phones interface with IP Telephony servers or IP PBXs and they can deliver features to your phone that are not available with more traditional office phones. Business productivity features such as Auto Attendants, Music on Hold and Automated Personal Attendant services, but also user productivity features such as caller id, voicemail, voice to email, transfer announcements and speed dial.

Beyond the elegant feature list on an IP phone there are certain practical applications that the handset needs to be designed to accommodate in order for the business to get the most from their IP handsets.

Hot Desking

In IP Telephony hot-desking can be best described as when your extension is whatever phone you’re logged onto. Hot desking means that a business can make efficient use of office space allowing workers to use available desk space rather than deploying one desk per user and having empty unused desk spaces when employees who spend time in other offices or at customer sites are not in their local office. Hot desking in an office environment can save on lighting, heating, and power and space costs and promote improved interaction between employees.  In a call centre where a desk space may be expensive because of the tailored equipment, Hot desking is an excellent way of using the resources available to best effect.

IP phone hot desking does not only save money for the business it also make the individual more productive. Any small business with multiple locations will see a great benefit in hot desking.  A person may have a number of offices and travel and work out of each of them, depending on the day of the week or week of the year.  With hot desking, they’re always connected to their voice mail, and easily accessible via their extension number.  They have all the features and functions that they are used to having on their IP phone.

Hot desking also benefits the end customer, the employee can log in on any phone in any office and be fully connected.  No more problems for the end customer searching and guessing to find out what office their contact is working out of today.

When designing an IP phone for hot desking it needs to accommodate multiple IDs simultaneously and to be able to download user profiles from the switch when a new user logs on.

Home Working

Home working is the scenario where you live and work in the same place and brings new challenges to the design of IP Telephony handsets. Enabling home working allows for a reduction in commuting charges and mobile bills. As calls on your private IP network are free you can also make savings on call costs. Home working requires an IP phone to be easy to setup and reliable to use. There is no technical resource in most homes and to keep costs down and productivity up the IP phone needs to be a plug and play device. Once a phone is plugged in needs to be fully operational with the same features and functionality as the user has when in the office. The principle behind home working is that the user is allocated a single IP extension on the IP Switch which is retained no matter whether working on a home extension or logged in to an office extension.

Moves, Adds and Changes

Moves, adds and changes (MAC) is the general term for the routine work performed on items such as Telephony handsets in an enterprise, including installations, relocations and upgrades. MACs can cost a business valuable time and can involve reconfiguration, physical relocation and testing and setup. Using an IP phone the costs for MACs can effectively be eliminated since users can log themselves onto any handset and so effectively manage the move or change themselves. Costs savings from user empowerment through IP in moves such as office relocation or re-organisations, staff rotation and data centres moves are considerable. It is important when selecting an IP phone to ensure it has been designed to easily accommodates remote deployment and remote management facilitating low cost moves, adds and changes within the business.

Support for Multiple Profiles

It is not uncommon for a business to employ people who work representing more than one role or business venture. In these situations the IP phone can be designed to allow the user to have multiple identities so that they can have calls coming in to multiple incoming numbers over multiple lines and can recognise which line the call is coming in on and answer the calls appropriately for the businesses. When making calls in this type of situation it is also important that the outgoing caller id is appropriate to the business being represented. The ability to support multiple identities is a simple feature of IP phones but one that is easiest to use when designed into the handset.

Speaker or Conference Phone

Clear communications is critical if business calls or meetings are to be productive. The audio quality achieved through a speaker-phone or a specially designed conference phone is different, they are optimised differently to handle multiple voices and background noises. Therefore understanding the use of a phone is an important consideration in phone design and selecting a phone that is optimised to the task being performed is key to experiencing good voice quality. With a High Definition voice codec in use by all conference participants, combined with decent quality microphones and speakers, you will experience much clearer audio.

This post on practical ip phone applications is the 8th and last in our series on how to design an ip phone. Other posts in the series are linked to below:

How to design an ip phone
How to design an ip phone for voice quality
IP phone design for it departments
IP Phone Security
IP Phone Interoperability
IP phone ROI
IP Phone aesthetics

Check out all our VoIP posts here.

Business voip voip hardware

IP Phone Aesthetics

ip phone roi ip phone interoperability ip phone security lesley hansen on designing an ip phoneDesigning IP Phones for Beauty and Practicality – IP phone aesthetics

In the 7th of 8 posts on how to design an IP phone Snom Marketing Manager Lesley Hansen talks ip phone aesthetics.

Design is at the service of the user and the product functionality. In order to reach a good design, we must give priority to decisions that are taken during the products development. A design that is artistically pleasing is one of the criteria that is considered by Snom when we design any new handset or conference phone.

All telephone handsets have at their base the model used by Siemens in their first handsets for traditional telephony 30 years ago. Siemens invested in the development of the technology from day one. They set great store by ergonomics, intent on making the telephone more convenient. They started with the introduction of the hand receiver, followed later on by the scoop-shaped receiver which typified the design for many years.  This investment in design and interest in the ergonomics and practicalities of handset manufacturer is an approach emulated by Snom Technology to this current day.

The handset designer is not working with a blank sheet of paper on which to fashion their creations.  Each new handset has a specification which details the features and functionality that are required in the handset. These features and functions dictate the chipset to be used and the memory and circuit board content that has to be incorporated into the unit.  The designer typically works with a telephone engineer who has an awareness of the audio rules to achieve best quality audio. For example every speaker needs a chamber and the chamber design can fundamentally affect the voice quality.

IP phone aesthetic design is a trade-off between artistic and audio quality. It is in this area more than any other that Snom pushes at the limits in IP Phone design. Snom add uniqueness to their product offering in the quality of audio achieved improving and enhancing the basic CODEC quality.

Once a drawing of the design is approved a prototype is made and the handset is tested mechanically to ensure the design is practical and efficient. There follows a series of tests and modifications aimed at achieving an optimum balance of audio quality, practical efficiency and beauty in design.

It is during this stage that unique elements can be added into the handset design to enhance it’s usability in the workplace. For example some of the Snom handsets have a unique stand that enables them to be either desk or wall mounted at the angle best suited to the user.  This makes them more comfortable in use for some workers. There are also differences between handset models based on the environment in which they are to be used.  For example a phone designed for voice use in noisy offices is designed to reduce interference from outside noise.  One intended for use in an office where users have to concentrate has a handset designed to be put down quietly without disturbing other people in the office.

Another example is that a handset designed for use by service providers and on premise installations with remote office must avoid the need for local provisioning or configuration, and one designed for use in a local office environment must include abilities to interface with other devices in the office. Mobility is the main design feature that users focus on as a differentiator.  However in a professional handset range there are numerous other features that make one handset more appropriate for use than another.

The design of the handset is critical.  If a handset feature is incorrectly optimised by the manufacturer then new software can be introduced to make the change needed to improve the sound or usability.  Although this is inconvenient to the customer, and unprofessional from the manufacturer’s perspective the costs incurred are low.

This is not an approach used at Snom but some manufacturers do release multiple software upgrades using just this model – test and change at the expense of the customer in order to keep their own costs low and speed to market rapid.

If the basic phone design changes the costs incurred for replacement of the expensive and specialist tools used to inject the plastic components are irrecoverable.  This high cost of error is one reason that Snom keep all our design and prototype manufacture in house in Berlin. Hence we have the control to ensure the design is tested in small quantities tool production before it moves to mass production elsewhere. This approach ensures we have a tight control over the quality of our handsets and are able to ensure that we produce professional and enterprise IP phones.

This post on ip phone aesthetics is the 7th in our series on how to design an ip phone. Other posts in the series are linked to below:

How to design an ip phone
How to design an ip phone for voice quality
IP phone design for it departments
IP Phone Security
IP Phone Interoperability
IP phone ROI

Check out all our VoIP posts here.

Business UC voip

6th UC Executive Dinner sponsored by Snom

kevin murphy btuc executive dinner is another hit

Just a quick footnote re the 6th UC Executive Dinner held on Tuesday night in London. We had 23 top industry executives signed up for the event which is by invitation only. Tuesday night’s event was held at London’s top Michelin starred Spanish restaurant Barrafina.

The speaker Kevin Murphy runs BT’s voice network and treated us to a great talk on where BT’s voice capabilites are going. This event is gaining in strength each time it is held.

On Tuesday we had C Level representation from a great mix of companies including some who had flown in especially for the occasion. Major multi nationals including BT, Ring Central and Vonage mixed with smaller business focussed UK companies together with key vendors in our space.

snom sidebar adAs well as extending a special thanks to Kevin Murphy I’d like to thank German SIP handset manufacturer Snom for their generous sponsorship. Snom were one of the first manufacturers of SIP phones and are therefore one of the oldest companies in the game.

These evenings are operated under Chatham House rules whereby nothing said on the night is attributable to any individual. This makes for a very open discussion in an environment where many of the participant are competitors. That isn’t to say this is a cartel under another name. The topics discussed are those relevant to the industry as a whole.

Check out what people say about the Exec Dinners:

Colin Duffy – CEO,  Voipfone
The uc executive dinners are always good for high quality gossip, industry chit chat and networking – you can guarantee learning something or meeting someone new and useful. Far more importantly though, they’re just a damn good evening out.

Tim Meredith – Director of Unified Communications and Mobile, Daisy Group PLC

I just wanted to thank you for being an excellent host and putting on a really informative (and fun) evening. I hope to attend many future evenings!

Andy Davidson – CTO Allegro Networks, Chairman LONAP, Chairman IX-Leeds, Director Euro-IX

Lively, informative, and tasty!  That’s how I’d describe each evening I’ve spent in the company of Tref and his invited guests.  You’re guaranteed several conversations with colleagues and key decision makers at organisations across the industry over a relaxed dinner at a fantastic hand-picked menu and location.

Check out our events page here.

Business UC voip voip hardware

Designing for the Financial Director – IP Phone ROI

ip phone roi ip phone interoperability ip phone security lesley hansen on designing an ip phoneWhy does the Finance Director care about IP Phone Design? It’s all about IP Phone ROI

In her sixth post this week the SNOM’s prolific Marketing Manager Lesley Hansen talks about IP Phone ROI (Return on Investment).

The best quality and most elegantly designed IP Phone in the world will not be widely accepted unless it meets business expectations regarding cost. Cost in its broadest sense will include cost of acquisition, cost of deployment, cost of ownership and return on investment. Any IP Phone design must consider each and every one of these aspects. It is because of the pressure on all businesses to meet financial targets that the Finance Director is a critical player in our considerations as we design and manufacturer each new IP handset.

Since much of the motivation for moving to IP telephony is cost related building an accurate business case, including capital, implementation, and operational costs, is crucial to selecting the best vendor and architecture for your organization.

Cost of Acquisition

There are hundreds if not thousands of IP phones on the market and they range in price from around £50 for standard phones to several thousand pounds for secure encrypted handsets for use by government employees.

Soft phones are the simplest and least expensive type of IP telephone since many are available free of charge. Soft phones work through specialised software installed directly onto a PC, laptop, or mobile phone handset. With a soft phone no handset is required, but for the comfort of the user and for improved voice quality soft phones are best used with a good quality headset or USB telephone.

One you start looking at an IP handsets at the bottom of the range you find the standard phone without many bells and whistles.  Typically standard features include caller ID, limited conferencing capabilities and speed dial.  As you move up in price you gain capabilities such audio capabilities and audio quality for features such as speaker phones, wider conferencing capabilities, history memory, programmable options and support for hearing aids.

Even further on you get advanced functionality such as support for voicemail and CTI options.  You also gain connectivity options as the price increases, moving from a connected IP handset with an Ethernet port to ones that supports WiFi and Gigabit Ethernet, multiple Ethernet USB connections and even Bluetooth.

At the top of the range, excluding specialist phones such as the security handset already mentioned, are complex professional handsets with high quality audio provided through noise cancelling capabilities making them ideal for the busy and noisy office. Some come with programmable options for integration into your business processes as well as colour display screens with web access.

Depending on the role of the person using the IP Phone, there will be a different set of needs and each person will be looking for something different in their handset. An executive may want the latest and greatest IP Phone, while a receptionist may only be concerned with the number of total calls they can handle at one time. Most people want the standard features in a phone such as Call Waiting, Call Transfer, Call Parking and Conferencing. The items that will most effect the cost per handset are needs such as a high quality speakerphone, a large display and the capability for extra extensions.

So the selection of the right IP Phone is likely to involve a number of different handset types,  a range of costs to meet the difference requirements of different employees and a degree of integration with your business functions. Doing your homework on what handsets are needed by the business is likely to save the company money in the long run. Providing handsets where the price reflects the importance of features to the business is paramount.

Cost of Deployment

Hosted VoIP is increasingly being adopted to avoid the excess costs and complexities of deployment of on-premise solutions. This is great from the end customer’s point of view as they get predictable costs.  For the IP phone manufacturer it simply moves the demands for easy to  deploy handset to the service provider rather than the end customer. The need is still there. The installation, provisioning and training costs for IP handset deployment varies greatly from vendor to vendor as well as from installation to installation. For example the question of how many remote deployment teams are needed and the complexity of the server/PBX installation will affect costs.

To reduce the costs of deployment Auto Provisioning can be used to provide general and specific configuration parameters (“Settings”) to the phones and to manage firmware actualization. Deployment applications enable enterprise customers and service providers to reduce deployment costs with automated remote configuration and ongoing management of the IP phones.

The Auto Provisioning application provided by Snom allows remote administration (configuration and maintenance) of an unlimited number of distinct Snom phone types. This application enables the user to unpack a Snom handset from the box, connect it to a local network and get it up and running without the need to configure anything.

The phones can be set up manually but the easiest way to provisioning the IP Handsets is to use the built-in plug and play provisioning functionality. The phone configures itself by retrieving a PBX generated phone configuration file from interoperability partners or using the phones DHCP.  The provisioning manager needs to approve the handset registration and assign an extension. The server will send a provisioning link to the phone. Once the phone receives the link, it will apply the configuration on the fly, and will be ready to use. If a firmware update is needed, a restart will be performed.

Selecting handsets designed for remote provisioning is critical in the long term cost of any IP Telephony solution.

Cost of Ownership

A lot has been written about the ongoing costs of owning an IP Telephony systems. It’s tough to get accurate operational costs before actually incurring those costs, but we do know based on experience that operational costs tend to be highest during the first two years of usage of a new technology. Once staffs gain expertise from using the technology, the operational costs drop by about 20%.  Reports indicate that without installing a solution offering ease of operation and remote management it is easy for a company to simply spend the money they have saved on Moves, Adds and Changes (MACs) by moving to IP Telephony on the management and monitoring of the new IP telephony system. External MACs for an old TDM environments use to cost £120 on average, and range from £50 to £200 each. IP MACs typically cost under £10 each.

The Graphical User Interface of an IP-PBX or Telephony Server will be much more user friendly than traditional PBXs.  This allows for easier changes and additions. Because phones are IP based, they are like PCs, and when they are moved from one connection to another they connect right back up to the PBX server.

These offer considerable savings compared to a time when a simple phone move needed to have cross connects changed and a phone technician making a billable service call. However if the IP Handset is at a remote site and local configuration or a remote restart is needed then there can still be costs incurred.  The best way to control these costs is with the selection of a handset with remote management and configuration capabilities and from a vendor who is not prone to excessive numbers of firmware updates which require handset resets or reconfiguration.

Here the recommendation is that to keep operational costs low you ensure that the phone´s interface allows remote users to simulate the usage of the phone´s keypad and special features.

IP Phone ROI

The idea of moving to IP Telephony solely to save money has slowly subsided, although it has not gone away entirely. In the early years of VOIP, companies had to find an ROI in order to justify replacing tried-and-true equipment for new technology. Now, they’re more often already in a TDM-replacement phase, so ROI becomes less important as organizations are focusing on other benefits, such as streamlined features, improved productivity, and integrated voice/data/video collaborative applications.

To be clear, there can be a net savings, and this is typically achieved after the first two years. But this net saving is easily eroded if the IP Handset selected is not suitable so that handsets have to be replaced, possibly because the wrong model for the role was selected in the first place or because the usage levels experienced in a busy office.

While the eventual costs savings for installing IP Telephony can be substantial, the start-up costs of deploying an IP telephony solution depend on a number of variables, including the size of the enterprise and the choice of vendor. To help organizations understand the total cost of ownership (TCO) of an IP telephony.

Other posts in our IP phone design week:

How to design an ip phone
How to design an ip phone for voice quality
IP phone design for it departments
IP Phone Security
IP Phone Interoperability

Check out all our VoIP posts here.

Deployment is a key contribution of the Value Added Reseller involved in the sale. Anyone interested in becoming a Snom VAR can check out their site here.

Business voip voip hardware

IP Phone Interoperability cc @snom

No man is an island – IP Phone interoperability explored

ip phone interoperability ip phone security lesley hansen on designing an ip phoneIn the fifth article of the series SNOM UK Marketing Manager Lesley Hansen talks about IP Phone interoperability.

Ensuring that you make the most out of your investment is important and is often a consideration as you shop for a new phone system. Budget-conscious business decision makers will want to protect their investment in existing hardware or applications. Forward looking companies plan for the longer term and want to ensure today’s investment remains part of tomorrows solution,. IP phone interoperability is therefore an important issue.

Gateways can be used to help businesses connect a legacy PBX, take the first step towards SIP, or even connect to a Unified Communications(UC) solution. However using a gateway is like involving an interpreter in a conversation. The information will get across but it is slower and more likely to be subject to misunderstandings.#

Optimum performance and simplicity is achieved by selecting products that have been tested and proven to interoperate together.

There is no unique definition of ip phone interoperability because the word has different meanings depending on the context. There are also different shades of interoperability. What can be interoperable in one given system implementation may not work with another, different implementation.

The glossary of telecommunications terms, from NTIA’s ITS defines interoperability as “the ability of systems, units, or forces to provide services to and accept services from other systems, units or forces and to use the services so exchanged to enable them to operate effectively together” and as “the condition achieved among communications-electronics systems or items of communications-electronics equipment when information or services can be exchanged directly and satisfactorily between them and/or their users.”  To me the interesting words here are effectively and satisfactorily.

 The more diverse networks, products and vendors exist, the greater the need to ensure that they can interoperate to ensure that end-to-end communication is possible. At the same time, the more difficult the problem becomes.

So what happened to the standards?

Standards enable interoperability in a multi-vendor, multi-network, multi-service environment. Good standards should leave little room for options and should be universal, produced in consensus with other interested bodies. Of course, this needs time, so a proper balance between quality and speed is needed otherwise a standard that takes too long to produce becomes obsolete.

In a competitive situation not all vendors will choose to comply to all parts of the standards. Moving away from a standard in small ways is what often produces competitive differentiation. It is often non-compliance with standards that secures a long term customer unable to incorporate other vendors’ products into the network. Often, particularly  with larger vendors, a divergence from a standard will over time evolve into a new standard, further confusing business user with a wide array of incompatible standards.

End points in the telephony solution are one of the low cost high volume items in the network.  As such IP Phones are one of the aspects of the IP Telephony solution where standards and interoperability should give the business choice and flexibility without loss of functionality.  Here there is little if any justification for  the use of non-standard based products.  Even standard products however can still have interoperability issues.

Is Interoperability Important to IP Handsets?

There are two possible approaches to IP handsets.  One is to regard the handsets as disposable with a write off period of 12 or 18 months. In this case durability and interoperability are probably both moot subjects as long as the handset functions as well as needed when purchased.  The handset will effectively be written off in the first year of the project and there is no need for it to be interoperable with any other part of the network.

Alternatively there are professional and enterprise handsets where the investment in the handset is recognised as being not only the cost of the hardware but the provisioning and support and maintenance costs. In this case the build quality of the handset is likely to be considerably higher and the life of the handset considerably longer. The Snom 300 series handset for example has a life expectancy in excess of 8 years, a fact that considerably improves the ROI for any IP Telephony project.

If you make the decision to invest in a short life, low cost end points then it is possible using an Audio Lab to have the solution tested with the PBX and IP network to ensure you are not sacrificing voice quality. In a fully equipped Audio Lab you can measure the quality of your VoIP phones and VoIP accessories including wired and wireless headsets, speakerphones and conference audio-devices by utilizing state-of-the-art audio quality measurement equipment and an anechoic chamber facility.

Leading measurement technology combined with the know-how and experience of the audio quality team enables comprehensive subjective and objective testing to determine audio quality parameters to maximize VoIP device potential. The measurement system should use the IP phone specifications published in the latest ETSI and TIA releases.

Establishing IP Handset Interoperability

VoIP systems employ session control and signalling protocols to control the signalling, set-up, and tear-down of calls. They transport audio streams over IP networks using special media delivery protocols that encode voice, audio with audio codecs. Various codecs exist that optimize the media stream based on application requirements and network bandwidth.

So we must look beyond the standardised elements such as session control, signalling and codes when we look for IP Handset interoperability. This is where testing comes in and why most vendors are committed to working with partners to establish and maintain the inter-operability of their products for effective and satisfactory working. Effective and satisfactory implies the need to support the features of the device without any loss of voice quality or service or any degradation to the advertised features of the products.

For example the Microsoft Unified Communications Open Interoperability Programme tests and qualifies devices, infrastructure components, online solutions, services, and solutions provided by third party companies for interoperability with Microsoft Lync Server and clients. Their qualification programs for enterprise telephony services and infrastructure ensure that customers have seamless experiences with setup, support, and use of qualified telephony infrastructure and services with Microsoft’s unified communications software.

Testing IP Handsets

Typically only products that meet rigorous and extensive testing requirements and conform to the specifications and test plans will receive qualification in a vendors interoperability programme. While the specifications are based on industry standards, the programs also define specific requirements for interoperability with third party devices and testing requirements for qualifying interoperability. To qualify as interoperable with third party PBXs or telephony servers IP handsets must meet enterprise-class standards for audio quality, reliability, and scalability. Basic interoperability testing for IP Handset with a PBX would include items such as

  • Call Origination
  • Call Termination (calls are terminated correctly)
  • Call failure handling
  • Hold – Unhold a call
  • DTMF functionality

Additional to these basic interoperability tests the following functions are recommended for IP Handset/PBX interoperability testing:

  • VoiceMail integration
  • attended/unattended transfer
  • Music on Hold
  • Busy lamp field

As a footnote the VoIP industry periodically gets together to test ip phone interoperability. This get together was originally called the SIP bakeoff until a certain bakery products manufacturer threatened legal action. These “test fests” have long since been called SIPITs, details of which can be seen here.

Other posts in our IP phone design week:

How to design an ip phone
How to design an ip phone for voice quality
IP phone design for it departments
IP Phone Security

Check out all our VoIP posts here.

Business security voip voip hardware

IP Phone Security

ip phone security lesley hansen on designing an ip phoneIP Phone Security ensures IP Telephony is not compromising the business

She’s back again. Guest editor Lesley Hansen discusses what needs to be considered in ip phone security design.

VoIP or IP phone security is a hot topic. Security attacks continue to evolve and attackers find ever more sophisticated ways of attacking systems. VoIP is only an application running on the IP network, and therefore it inherits the security issues of the IP network. This means VoIP security is only as reliable as the underlying network security and if the IP network has security vulnerabilities, these can be exploited once VoIP is implemented.

The goal of every IP network component manufacturer should be to build a product that maintains a high level of security and provides relevant data to tools to monitor the system for attacks.  Once the system in in place ongoing IP telephony security maintenance is primarily related to the IP PBX or telephony servers; keeping up-to-date with operating system and third-party service packs to eliminate well-known security holes, implementing critical support patches on servers, updating anti-virus definitions to protect against well-known worms and viruses and performing daily backups of servers with periodic data recovery tests.

But the IP handset is an important point of access into the IP network. End points such as IP handsets provide a point of vulnerability and a number of standard exist to secure the telephony network, but these are not always supported in the IP Handset, and where supported they are not always implemented by the network manager.

Avoiding Denial of Service Attacks

Denial of Service (DoS) attacks can take down telephony. A distributed DoS (DDOS) attack is a concerted and coordinated effort to flood a network with requests. Though the attacked network may not be penetrated, these attacks can “busy” a system rendering it unusable. To protect against this it is important while implementing the IP handsets to ensure that ports are not unnecessarily left open, all unnecessary ports and services should be shut down and unused services should be deactivated. This is where interoperability partners become key.

For example PBX manufacturers like 3CX and Vodia Snom 1 and Asterix PBXs support the Snom security settings from the handset – out of the box.  This means there are no configuration requirements so delivering a rapid roll out while ensuring the system is up and running with full security and minimum disruption or delays. Not all PBX manufacturers and IP handset vendors will be interoperability partners.  To ensure a wide number of PBXs can be supported and provide the business with a high degree of choice handset vendors should work with the TLS and SRTP standards for configuration setup.

TLS and SSL encrypt the data of network connections in the application layer. They use X.509 certificates and hence asymmetric cryptography to authenticate the other party with whom they are communicating, and to exchange a key. This session key is then used to encrypt data flowing between the parties.

Protect Against Unauthorised Access

When deploying an IP telephony system IT personnel and voice administrators need to take appropriate measures to prevent threats such as toll fraud. Toll fraud refers to internal or external users using the corporate phone system to place unauthorized toll calls. Toll fraud can occur with both TDM and IP-based voice systems and a standard method of protecting against it is the ability to control call type’s for example banning mobile or international calls.

This call control is sometimes handled by low cost routing within the PBX but it can also be done within the IP handset dial plans. A handset with this capability helps to protect against telephone fraud even when the PBX does not have low cost routing.

Ideally in a well-designed handset the telephone will provide security beyond that provided by the firewall. Security at the handset ensures protection from people on the inside network who have physical access to phones and can bypass the firewall. This means the handsets provide a higher level of security against phone tapping/unauthorised access. Supporting the 8021x standard helps avoids fraudulent use of the network and protects against 3rd party/un-authorised devices. Handsets that supports 8021x, where the PBX also supports the standard, will allow the device to request authentication from the switch. This ensures that if a device connecting to the switch does not have the credentials then the switch does not allow access.

Encryption Against Eavesdropping

VoIP systems that don’t use encryption make it relatively easy for an intruder to intercept calls. Any protocol analyser can pick and record the calls without being observed by the callers. In man-in-the-middle attacks, an internal user spoofs the IP address of a router or PC to spy on voice traffic as well as data entered on the phone keypad during a voice conversation, such as passwords. After copying the information, the user forwards the voice traffic to the intended destination so that neither the sender nor the recipient knows that the conversation was intercepted. Typical motives include espionage and harassment.

Eavesdropping has become easier because of widely available packet-sniffing tools. The method used to combat this is encryption. Provided that both the handset and the PBX supports the standards, encryption ensure that the audio and the signalling traffic are both protected. Products can be configured as enabled for security so that signalling is in TLS and audio in SRTP. These security encryption standards means that all communications from the handset to the PBX/Server is protected from snooping and tapping.

Greater levels of encryption are available but at a cost. At the top of the pile Secusmart in Dusseldorf provides an encryption technology currently used by the German government that can be incorporated into the IP Handset, these handsets are forbidden for sale to counties under embargo and the end users need to be checked and validated before despatching handsets. At CeBit a Snom handset with GSMK Cryptophone technology was presented, this provides an internationally accepted secure IP handset solution that sells to sells to organisations such as military, government, pharmaceutical and broadcasting where the information has such a high value that the increased cost for the handset and call manager with encryption is justified.

Once end points with the required standards are selected, for many organisations attention to detail during set up and use of passwords, plus a controlled rollout of the handsets and strictly following instructions when installing the endpoints plus using the SRTP protocol or VPN tunnels to increase network security will provide a secure solution without the additional investment in these higher levels of encryption.

Other posts in our IP phone design week:

How to design an ip phone
How to design an ip phone for voice quality
IP phone design for it departments

Check out all our VoIP posts here.

Business voip voip hardware

What the IT department is looking for in an IP phone design

lesley hansen on designing an ip phoneIP Phone Design for IT Departments

In her third post of the week on IP phone design SNOM Technology AG Marketing Manager Lesley Hansen explores the issues that have to be taken into consideration to keep the CIO happy – IP phone design for IT departments.

The average Information Technology (IT) Department is a busy places, especially since IT and Telecoms have now come together in one area of responsibility within most organisations. The challenges posed by telephony have increased since hot desking and mobile working have become an intrinsic part of business life.

The scale may change but the same challenges apply whether you are an individual running IT for a small business or a team running IT for a large company. In addition to maintaining existing systems and handling moves, adds and changes most IT departments are actively working to introduce new systems and applications and they often also provide a helpdesk function for assistance to all staff with use systems and application software.

So when we introduce the IT department to a new IP handset it is important to have recognised the demands and pressures they are under and so we need to have made sure we have incorporated their requirements while designing the product. Critical considerations for IT are those characteristics that facilitates the easy and cost effective operation of their department. In practical terms this means we need to consider issues of support, adds, moves and changes, return on investment, configuration, maintenance and use of the handset in multiple scenarios and situations.

Supporting Moves, Adds and Changes

Moves, adds and changes (MAC) is the general term for the routine work performed on computer and telephony equipment in a business and includes installations, relocations and upgrades. The professional handset must be easy to set up and administer ongoing and must not break the IT budget and MACs can be one of the most costly aspects of supporting a telephone system.

Adding additional IP handsets involves the configuration and installation of the new handsets and it’s synchronisation with the PBX or Telephony server. With professional IP handsets today this can be done remotely by the network manager or by the Value Added Reseller using predefined user characteristics and then the preconfigure handset can be despatched directly to site to be plugged in by the user. The saves the IT specialists from travelling to site and allows them to have a central controlled view of the installations.

Change is inevitable in business as organizations grow, expand, and adapt to new market demands. Whether the changes involves moving staff or equipment in the present location or moving to an entirely new location there is a potential cost involved to the IT Team as they deploy new IP handsets or allocate users to new handsets. One of the advantages that can be designed in to an IP handset it that it can be relocated by plugging into a new Ethernet port and will automatically re synchronise with the PBX or Telephony Server.

Security Considerations

Security is a big issue today – so it is important to design IP handsets to support encryption and Snom handsets are all designed in accordance with the EU privacy recommendations. A risk of MACs is that it introduces an opportunity to security attacks. Remote Provisioning delivers substantial benefits for ITSPs & End Users, but Provisioning Servers must be secured. As a vendor we are aware that Provisioning Servers are a prime target for attack to steal SIP credentials which can then be used to make fraudulent calls.

Key protection considerations according to the Internet Telephony Services Providers’ Association (ITSPA) recommendations for provisioning are authentication of provisioning requests which should ideally be using HTTPS client certificates, ensuring that SIP passwords are deleted from SIP servers as soon as provisioned and avoiding the use of TFTP for remote provisioning. All of these considerations are important to the IT department when selecting an IP handset and Snom’s provisioning application is fully compliant with the ITSPA Recommendations for Provisioning Security, released in July 2014.

Securing VoIP communication minimizes threats to the network and the risk of theft of private information by a hackers. Security issues with a VoIP implementation often have little to do with the telephony system. If an existing network has security vulnerabilities, these can be exploited once VoIP is implemented. Your choice of handset can play a vital part in addressing security concerns. For example the Snom 710 comes with a preinstalled security certificate for quick and secure provisioning without manual interaction. It also supports the latest VoIP security protocols to ensure secure desktop communications.

Support and Cost of Downtime

Another concern for the IT specialist is downtime, a report from a major telephone supplier last year indicated that one in five companies fire an employee when a network outage occurs. The sectors where IT staff were most at risk of losing their jobs due to core network errors were the natural resources, utilities and telecoms sectors, where one in three companies fired employees. This is because network downtime is costly to the business. Gartner analyst Andrew Lerner in mid-2014 cited a figure of  $5,600 p/minute, which extrapolates to well over $300K p/hour. Even if these figures seem excessively high for your business it makes the point that the reliability, resilience and durability for all components of the network are key to the business and if neglected risk business profitability, and so the IT specialist is looking for an IP Handset that is reliable and easy to support.

Snom handsets are designed to have an have exceptionally low RMA’s – we ensure this is the case to reduce the cost to the business both in downtime and in support costs.

Costs of Ownership (COO) and Return on Investment (ROI)

A solution that will be cost effective and easy to roll out means considering not only the cost of acquisition, but the cost of ownership and life of the product but also the durability of the handset and it’s connecting network, as they effect the cost of operation and their IT budgets.

Interoperability is also key as it effects not only the cost of the solution today but also the cost to the business if changes are needed in the future. Only when all these aspects are taken into account will the IP Handset be considered to deliver value for money to the IT department. Ensure the handsets you are considering are compatible with a large number of SIP components and VoIP systems of other manufacturers. Standard based handsets reduce operational cost and complexity and so have the ability to reduce the cost of building and supporting a telephony infrastructure. Interoperability enables “best-of-breed” deployments, this best-of-breed environment meets the requirements for rapidly deploying IP Telephony solutions. Interoperability also empowers you to leverage existing investments effectively extending the life of existing components and protecting the investments you’re your business has made.

IP Handset durability is also important in this area because if reduced this increases the exchanges required due to faulty handsets, with knock on costs for repair or replacement. To keep the cost of ownership down a vendor need to ensures that the product life is sufficiently long to provide the project with a return on investment.

Further posts in this week’s guides to how to design an IP phone can be found below:

How to design an ip phone

How to design an ip phone for voice quality

Business voip voip hardware

Designing IP Phones for Voice Quality

lesley hansen on designing an ip phone designing an ip phone for voice qualityDesigning IP Phones for Voice Quality

In the second of this week’s posts on designing IP phones SNOMTechnology AG UK Marketing Manager Lesley Hansen explores the subject of designing IP phones for Voice Quality.

Voice quality is not a single thing, and it can be highly subjective. Although you can measure the voice quality of a codec used in the IP Phone each vendor’s implementation of these codecs may be different, resulting in higher or lower voice quality. But voice quality is one of the primary requirement in IP Phone design for a professional and enterprise handset and skimping on voice quality testing is one of the easiest ways for a vendor to avoid development costs and produce a sub quality handset.

What is Toll Quality?

Toll Quality is the panacea. The aim of every VoIP Vendor, and the claim of many vendors is to provide Toll Quality Voice. That is voice quality equal to that of the analogue long-distance public switched network. But it is not measurable. A common benchmark telephony vendors and carriers use and the ITU has adopted to determine the quality of is the mean opinion score (MOS). MOS is a test that has been used for decades in telephony networks to obtain the human user’s view of the quality of the network. A MOS score of 4 is perceptible but not annoying and 5 is rated as excellent. But MOS provides a subjective measurement based on a single set of circumstances. For instance the MOS score given in a quite office and that given in an office with extensive background noise would be different.

Measuring Voice over IP (VoIP) is more objective, and uses a calculation based on performance of the IP network over which it is carried. The calculation is defined in the ITU-T PESQ P.862 standard. Like most standards, the implementation is somewhat open to interpretation by the manufacturers. Even more significant, depending on the implementation by the IP Phone manufacturers, a calculated MOS of 3.9 in a VoIP network may actually sound better than the formerly subjective score of > 4.0 that was considered to be the equivalent to Toll Quality.

Building the Handset

The design of the handset will also affect audio quality, this includes aspects such as the thickness of the plastic selected and the shape of the phone. For best quality IP Phone design an audio engineer is involved with the industrial designer from the first stage of each new phone design. The audio engineer can explain the audio rules to the designer.

For instance every speaker needs a chamber to create depth of voice, the curves on the phones will affect how audio signal is reflect, and the thickness of the plastic used is critical to the final audio quality achieved.

Handset design is a trade-off between the rules of audio and the aesthetic vision of the designer. It is this seeking for high quality audio combined with pleasing aesthetic design that forces IP Phone developers to improve and come up with new solutions that take them beyond today’s knowledge on achieving high quality audio.

Selecting the CODECs

The word codec is a shortening of ‘compressor-decompressor’ or, more commonly, ‘coder-decoder’. A codec encodes a data stream or signal for transmission, storage or encryption, or decodes it for playback or editing. As with conventional telephony, with VoIP the speech is initially captured in analogue form with a microphone. This analogue information is then transferred into a digital format by a converter and changed through codecs into corresponding audio-binary formats.

In order for the data to be converted correctly back into speech after being transported, the receiver must use the same codec as the sender. Depending on the codec used, the data can be compressed to differing extents in this process. Most codecs use a procedure through which information not important for the human ear is omitted. This reduces the amount of data and thus reduces the bandwidth required for transfer. However, if too much information is omitted, the speech quality will suffer.

Different codec procedures handle the audio compression with different levels of efficiency. Some are specifically designed to achieve a low bandwidth at any cost. Depending on the codec, therefore, the bandwidth needed and the speech quality will vary. The design skills of the IP Phone manufacturer in the management of codecs creates a clear differentiation between vendors.

Refining Voice Quality

Methods such as jitter buffers, echo suppression, echo cancellation and packet loss concealment can be used in IP handset design to improve voice quality.

Echo suppressors work by detecting a voice signal going in one direction on a circuit, and then inserting loss in the other direction. This added loss prevents the speaker from hearing his own voice. Echo cancellation is based on recognizing the originally transmitted signal that re-appears, with some delay, in the transmitted or received signal. Once the echo is recognized, it can be removed by subtracting it from the transmitted or received signal.

When silence suppression is on, comfort noise needs to be generated locally by the IP Handset at the other end of the call so that the other party will not mistakenly believe that the call has been terminated. By preventing echo from being created or removing echo if it is already present voice quality is improved, at Snom we call this Automatic Noise Reduction.

IP Phones echo controls are implemented digitally using a digital signal processor (DSP) or software and at Snom we implement to the ITU requirements. Digital signal processing is the mathematical manipulation of the information signal to modify or improve it. DSP is not one size fits all. Different DSP coefficient pre-sets are needed for different room types. Refining the voice using these techniques will improve the subjective quality, as an additional benefit the process also increases the effective use of bandwidth as silence suppression prevents echo from traveling across the voice network.

Transmitting high quality voice over IP is made more difficult due to packet loss and jitter. A technique used to reduce jitter involves buffering audio packets at the receiving handset, so that slower packets arrive in time to be played out in the correct sequence at the appropriate times. The objective of jitter buffering is to keep the packet loss rate low and so improve the voice quality. A fixed method, which uses a fixed buffer size, is easier to implement than an adaptive method, but will result in less satisfactory audio quality because there is no optimal delay when network conditions vary with time.

Snom handsets support adaptive jitter buffers which although more complex and expensive to implement perform continuous estimation of the network delays and dynamically adjust the playout delay at the beginning of each transmission so ensuring a high quality of voice.

Packet loss concealment (PLC) is a technique to mask the effects of packet loss in VoIP communications. Because the voice signal is sent as packets on a VoIP network, they may travel different routes to get to destination. At the receiver a packet might arrive very late, corrupted or simply might not arrive. This could happen where a packet is rejected by a server which has a full buffer and cannot accept any more data. In a VoIP connection, the receiver should be able to cope with packet loss.

All these voice techniques enhance and improve voice quality, and are quantifiable and measurable components of high quality IP Phone design and should be viewed as absolute requirements in professional and enterprise handsets.

Testing the Voice Quality

Testing voice quality on a new product should begin as soon as a first injection of plastic is produced and continue throughout the life cycle of the product.  In Snom we believe in the value of doing our testing house and have made a considerable investment in German engineered state of the art Audio equipment that will simulate not only the voice from the phone handset and speaker phone and in relationship to the human head, but also test for voice quality under different conditions such as with background noise from a busy office or factory and in a variety of network conditions. Ongoing testing ensure the quality of voice provided by VoIP phones and VoIP accessories and end points including wired and wireless headsets, speakerphones and conference audio-devices.

Accurate and effective audio measurements require time, preparation and patience. Snom’s testing in done in our Head office in Berlin using our state-of-the-art audio quality measurement equipment and anechoic chamber facility. Leading measurement technology combined with the know-how and experience of the Snom audio quality team enables comprehensive subjective and objective testing to determine audio quality parameters to maximize VoIP device potential. The measurement system uses the IP phone specifications .published in the latest ETSI and TIA releases.

Check out a past article on SNOM audio quality testing here. Also the first post in this series of designing IP phones can be found here.

Business voip voip hardware

How to design an IP phone

lesley hansen on how to design an ip phoneWhat is involved in designing an IP Phone?

Lesley Hansen is UK Marketing Manager of German SIP handset vendor SNOM Technology AG and is this week guest editor of This role of guest editor is one that I have introduced to bring a focus on specific themes and is an enhancement of the “themed weeks” that have become so successful on this blog.

Lesley is a time served veteran of the telecoms industry and SNOM are one of the oldest players in the SIP game. SNOM were there right at the beginning of the SIP industry before commercial services were available. When SNOM introduced their first handset the only other vendors around were Siemens and Pingtel (long since deceased). SNOM and Lesley are uniquely positioned to talk about their subject.

This week Lesley  has at my invitation put together  a series of posts outlining the issues and challenges involved in the design and manufacture of IP Telephony handsets. SNOM are obviously going to get a lot of mentions in this series but the intent is not to be a sales pitch for the company. It is natural for Lesley to refer to her own company’s experience in writing the pieces. In this first post Lesley outlines the areas that she is going to cover this week.  She refers to articles that are coming during the week and to which I will link as they go live. I leave the rest to her…

This is the introduction to a multi-part series of articles looking at the issues involved in designing an IP phone. Founded in 1996, Snom Technology AG manufactured the world’s first SIP Handset and continues today to provide a market leading brand of professional and enterprise IP Handsets. As such we are exceptionally well qualified to discuss the concerns and challenges of designing IP Phones.

What is an IP Handset?

A VoIP or IP phone is simply a handset that uses Voice over IP (VoIP) technology to allow calls to be made and received over an IP network (like the Internet) instead of using the traditional Public Switched Telephone Network (PSTN). The audio signals from the voice calls are digitized into IP data packets, the handset is connected to an IP network and these IP packets are routed through a private IP network or over the public Internet creating a connected voice call.

IP Phones look very much like traditional office handsets but they are based on a different underlying technology. The use of IP Technology raised potential issues of call quality due to the breaking of the voice into small data packets and these have to be managed in the handset design, and since IP Phones interface with VoIP system telephony software, they have to be able to support features and capabilities that were not provided by traditional office phones. This additional functionality makes the user interface more critical to ensure an easy to use and reliable handset. A good quality of design in an IP Phone can make the IP Handset a valuable resource for many years. A poor design can deliver poor quality voice and become an expensive resource to support and a source of much frustration from business users.

Designing to meet user expectations

Users have clear demands. They want their IP Phones to work and they want them to look good. The problems in designing an IP Phone arise when we try to quantify what working and looking good really means. Elegance and simplicity are very important in phone design but must be balanced with practicality and ease of use this is one of the challenges of IP Phone design. (Further Information: Article on Designing for Beauty)

People are very finicky about voice quality in VoIP because they were used for years to the impeccable quality of landline phones.  The standard for voice quality on a telephone handset has therefore been set by the PSTN and this is what we refer to as toll quality voice.

Voice quality was one of the darkest spots on VoIP’s reputation the early years after its introduction. Now there has been much improvement. For toll quality voice to be achieved on an IP Phone the issues created by using a packet based network where there are no inherent controls on the order or speed of delivery of the packets have to be considered in the phone design. Echo, choppy voice, broken voice, buzzing and delayed speech are common descriptions of problems experienced with the early VoIP connections.  Although some of these factors are the result of a variety of factors not all related to the handset itself, the handset design must minimise the effect of each of these. The one of these most attributed to the IP Handset is echo and designing for echo cancellation and control is key. (Further Information:  article on Voice Quality)

Designing for the demands of IT

One of the challenges with an IP Phone is that the handset has to be configured before the phone can talk to the IP Telephony PBX or IP Server, so before the phone can be used. Provisioning is critical, at its core, the provisioning process monitors access rights and privileges to ensure the security of an enterprise’s resources and user privacy. As a secondary responsibility, it ensures compliance and minimizes the vulnerability of systems to penetration and abuse. In a good quality phone design it is possible to configure phones centralised, which saves a lot of time and money in sending personnel to site.

But the demand is not only these during setup, the design should also ensure updating phones or setting special configurations is easy. This is possible because of this centralisation. Auto-provisioning or auto-configuration is the name we give to this easy and time-saving way to configure IP-phones for IP-PBXs. With auto-provisioning, all user information is entered at the central web interface of the PBX or form the IP Phone management software.  Required data includes the MAC address of the IP-phone, the desired extension and the caller ID which is displayed on the called party phone display. The IP-phone receives the configuration over the local IP network. (Further Information:  Article on Designing for the IT Department)

Ensuring IP Telephony is not compromising the Business

The growing reliance on VoIP has reduced business telephony costs, but it also increases their complexity and this needs to be kept in mind in the IP Handset design. Security has become one of the hottest issues in telecom management. IP telephony not only increases the complexity of data networks, particularly in hybrid telephony environments built with equipment from multiple vendors but it increases security risks. For IP telephony management to be effective it cannot focus solely on reporting on network usage, ensuring dial tone availability and managing call quality, it must place an emphasis on security and protecting the enterprise from telephony-borne attacks.

Today telecom managers face pressure to protect the organization from telephony-related threats, and to do it all while cutting costs and improving ROI. Security measures such as encrypting voice services, placing VoIP equipment behind firewalls, and defending against Denial of Service (DoS) attacks are just some of the steps you can take when introducing VoIP into your organization’s network infrastructure.  Other measures include guarding against toll fraud, securing phone records, and protecting the phones. While there is no such thing as a bulletproof VoIP implementation, you can protect your business by selecting IP Handsets designed to provide high quality security to the business. (Further Information:  article on Designing for Security)

No man is an island – and neither is an IP Phone!

Many solutions using IP Phones are hybrids. A hybrid telephony solution could be mixing either IP or PSTN, it could involve a mix of hosted and on premise telephony services and to get the fully set of functionality needed by the business it is likely to include hardware from multiple vendors. Even if an IP Telephony solution is deployed as single vendor, single deployment single technology it is highly likely that over time elements of third party products or new technologies will be introduced.

It is therefore very important when designing an IP Handset that standard are complied with consistently to ensure the IP Phone is able to operate in a mixture of existing and potential environments. Snom’s operates an interoperability program that gives customers the opportunity to find out which components work with each other. To assure the interoperability between the IP Phones and other elements of the IP Telephony solution, all Snom handsets undergo a range of interoperability tests in our labs. Advanced features such as transfer and Music on Hold are required to work. For our partners gaining the Snom Advanced level of interoperability means that the customer can be assured that the tested functionality works smoothly. (Further Information:  article on Designing for Interoperability)

And the final design criteria – cost

The best quality and most elegantly designed IP Phone in the world will not be widely accepted unless it meets the business expectations regarding cost. Cost in its broadest sense will include cost of acquisition, cost of deployment, cost of ownership and return on investment. Any IP Phone design must consider each and every one of these aspects. (Further Information:  article on Designing for the Financial Director)

Snom’s investment in Handset design is significant and over 45% of our workforce is focused on Handset design, testing and development. This approach has made Snom a leader in the market and unique software and hardware developments on the Snom handsets are emulated by many other IP Telephony and Handset manufacturers.

Lots and lots of VoIP posts on – check em out here

Business Engineer peering voip

ITSPA Awards 2015 tickets now on sale – I’ll be there with LONAP at the Tate Modern

ITSPA Awards 2015 – 2.30 – 5pm, 19th March, Tate Modern

Yo y’all. Tickets for the ITSPA Awards 2015 are now available here. If you are in the Internet Telephony Service Provider community or supply to them you need to be there. These events are always fantastic networking opportunities. You get to mix with most of the players in the UK hosted VoIP community.

If you are a supplier, most of your prospects will be there. If you are a service provider your competitiors’ CEO is likely to be there and very approachable. I’ll be there for a chat as well (fwiw).

As an added bonus some of the LONAP board will be there – I include myself. LONAP as most of you will know is an Internet Exchange Point (IXP). Quite a few ITSPA members are also LONAP members. We have also recently had a number of enquiries from other ITSPA members re joining LONAP.

The benefits of joining LONAP for ITSPA members are clear. Lower latency and lower internet access costs for your traffic – the use of peering in this situation has a well established business model.

So in the interest of world peace and low latency networking LONAP are inviting their members and prospects for a few beers after the Awards themselves. We will thereafter be decamping to a curry house of good repute.

If you are a LONAP member or prospect and are going to the ITSPA Awards let me know in advance if you want to come for the curry as I will need to pre-book the numbers. If you fit into one of these categories but are not coming to the Awards themselves and want to come for the curry also let me know. No freeloaders, time wasters or snake oil salesmen:)

Just as an fyi for the ITSPA Awards 2015 we have had 66 entries from 34 companies for the categories below:

  • Best Consumer VoIP
  • Best Business ITSP (Small Enterprise, Medium Enterprise and Corporate)
  • Best VoIP CPE
  • Best VoIP Infrastructure
  • Best VoIP Innovation

We aso have as separate awards

  • The ITSPA Members’ Pick
  • The ITSPA Champion

Exciting eh? Not everyone can win at the ITSPA Awards 2015 but you are guaranteed to have a good time and chat with useful people. Book your tickets now:)

Amazingly posts about the ITSPA Awards on this blog go back to 2008! Check em out here.

Business security voip

SBCs – Maintaining Your Network’s VoIP Security

Session Border Controllers (SBCs) can greatly enhance VoIP security, all but eliminating toll fraud while also maintaining voice connectivity. welcomes VoIP Week contributor Simon Horton, the Director of Sales, EU for Sangoma.

The term SBC (short for Session Border Controller) is liberally used in the VoIP industry today, but from my travels around the telecom channel it’s clear that there is significant misunderstanding and distrust on the role played by SBCs and when they are required.

The uptake of Enterprise Session Border Controllers or E-SBCs is being driven by the rise of SIP trunking in the UK. The number of ISDN channels (the traditional way of connecting enterprise to the telephone network, using dedicated copper wire) is shrinking at about the same rate as SIP trunking is growing, so assuming that the market size is static my conclusion is that all of the folks leaving ISDN are going to SIP trunking. In addition to the cost benefit, flexibility, and disaster recovery capabilities of SIP trunking, the proliferation of good quality and value connectivity (e.g., leased lines, EFM) is enabling the market growth.

Why SIP is more inherently risky

In the days of legacy TDM connections (Time Division Multiplexing, or the copper wire) phone calls took place on approved equipment connected to private networks run by the telco. Nothing else was connected or could be connected. Contrast this situation with SIP, where the connection could be across a public network or a network shared with data derived from multiple devices. In addition, calls can be placed and terminated across a wide range of devices such as IP-phones, smart phones, desktops, etc.

SIP deconstructed

Before examining how SBCs can help a typical enterprise it’s worth explaining that SIP consists of two main parts. First, there is the SIP protocol that sets up the call and conveys information about that call. Second, there is the media that carries the voice in RTP packets. Both of these streams need to be considered in order to maintain security.

Attacking the SIP protocol could allow a hacker to gain access to passwords and allow an unwanted intruder to spoof calls and allow toll fraud, a hot topic in our industry today. There are other ways that SIP can be disrupted as well. Denial of Service (DoS) attacks can cause packet overload situations where the legitimate SIP messages cannot be processed and hence calls will not progress.

Media can often be tapped into and heard using tools that are readily available on the internet. The media ports can also be subjected to DoS attacks that can disrupt the audio.

The role of the SBC

The E-SBC sits at the edge of the enterprise network and manages all the voice connections made with SIP. SBCs are very feature rich and there is a lot of information out there discussing the many roles and functions that these flexible devices can perform. The SBC will be able to deal with disruptive DoS attacks by dropping packets at the network level before they become a problem. Encryption is also possible so that media and the call setup messages cannot be tracked. In addition, toll fraud is made much harder with the addition of policy control that allows only certain patterns of traffic to proceed as well as only allowing known users and IP addresses to make and receive calls.

Why not a firewall?

Traditional firewalls are great for protecting data networks, but typically they provide inadequate protection for SIP. Firewalls cannot prevent some of the threats identified here as they are not constructed with an intimate knowledge of SIP. Remember those two parts of SIP we discussed earlier? Well, the average firewall cannot tie the two of those together; this is a key component of the SBC so that only the necessary connections are allowed through the edge of the network. A typical firewall also cannot delve deep within the SIP message, ensure its legitimacy, and if necessary drop it quickly before it gets to the IP-PBX and cause damage.


The recommended best practice is to install an SBC wherever there is a change in SIP network or wherever the WAN connections join the SIP network. A correctly configured SBC can provide piece of mind in that the possibility for toll fraud is eliminated and that voice connectivity will be maintained regardless of whatever else may be happening.

Business Mobile mobile connectivity phones security voip


Those who build or sell VoIP systems need to begin coping with BYOD, because soon enough it will inevitably be on your system’s spec sheet. welcomes VoIP Week contributor Paul Hayes, ProVu Communications Ltd.’s Product Development Director

Whether you’re a developer of IP PBX or a provider of hosted VoIP telephony services, you need to be doing something about mobile BYOD. BYOD (aka Bring Your Own Device) is the concept of company employees using their own hardware in addition to, or instead of, the hardware provided by and owned by the company itself. I use the term mobile because increasingly people want to use mobile phones and not desk phones. It may be a slightly foreign concept to a lot of readers, but there is a whole generation of future business people just around the corner who will have grown up with a mobile phone in their hand at all times.

It’s a simple idea on the surface, you have an iPhone because you like it and find it easy to use, right?

It might seem like this is all about greedy employers wanting their staff to buy their own kit, but not so. It stands to reason that allowing staff to use devices that they know, trust, and perhaps even enjoy should result in good productivity.

Enough has already been written on the advantages of BYOD, so what I want to talk about instead is how you as someone who builds or sells VoIP systems copes with BYOD, because if it’s not on your system’s spec sheet in the near future you’re going to seem rather old fashioned.

In my eyes there are two main issues the VoIP platform must overcome: maintaining professionalism and management of the devices.

First is the issue of maintaining professionalism. In the early days of VoIP there was a sense of triumph whenever pressing that tick button on your shiny new VoIP phone resulted in a working call with good audio quality. Thankfully, things have moved on, but the last thing you want is for your BYOD solution to represent a step back. It has to work reliably and it has to sound good, too, just like your VoIP desk phone does. At the same time, businesses need to look professional and maintain their own presence. For instance, most businesses don’t want the outbound phone calls they place to be seen as coming from different mobile numbers.

The second issue is device management. How do you know what people are using their mobiles for? How do you control which application they are using? How do you even change a setting on the device when it’s not owned by the business? How do you do all that without crippling the device?

The key to resolving these two issues is centralised management. We’ve been doing this with desktop VoIP phones for over ten years now, the same techniques must now be applied to mobile devices as well.

A company in Sweden called Opticaller Software has an interesting take on it all, offering a solution that involves an application for mobile devices (the usual suspects: iPhone, Android, Blackberry) and a server part that (for now) runs alongside an Asterisk IP PBX. That’s fairly interesting, of course, but what really makes it relevant here is that they also have a hosted management engine, a system that allows you to push the app out to mobile devices and that manages all settings related to the operation of the app. This is absolutely essential, and it seems to make the Opticaller solution fairly unique for the moment. Thus, no matter where the mobile devices are, provided they have just a tiny bit of a data connection, it is possible to control mobile telecommunications much like you can with desktop phones. All phone calls go through the VoIP PBX where they are recorded and accounted for and, crucially, you can control the outbound caller identification used for each call.

The mobile application itself does something that is both clever and yet simple. It uses the mobile voice network for the actual phone call. Maybe one day Wifi will be good enough to be used for mobile voice whilst out and about, but today that simply is not the case.

I used the Opticaller system myself on a recent business trip to Prague and found it very handy for calling people in the office using nothing more than their internal extension numbers. Also, it was very handy in reducing costs as I only suffered roaming charges for inbound calls and not outbound one. Please don’t make the mistake of thinking this is all about saving money, though, as the real problem being solved is how to integrate mobile BYOD into a VoIP phone system.

Business security voip voip hardware

VoIP Security and Your IP Phone

Concerns about massive growth of telephone tapping incidents has led to a growing demand for IP telephone handsets that provide VoIP security. welcomes VoIP Week contributor David Kirsopp, Technical Director snom UK Ltd

An IP-PBX can be reached from potentially anywhere in the world, and your communications network is vulnerable if not properly secured. As such, making sure you enhance security through your choice and implementation of your IP handsets is one of the security measures you should be considering when introducing VoIP into the organization’s network infrastructure.

Concerns about massive growth of telephone tapping incidents has led to a growing demand for secure telephone handsets. The practical availability of secure telephones is restricted by such factors as politics, export issues, incompatibility between different products, and high prices.

When the VoIP traffic over the Internet is unencrypted, anyone with network access can listen in on conversations. Unauthorized interception of audio streams and decoding of signaling messages can enable an eavesdropper to tap audio conversations in an unsecured VoIP environment, a common threat. And eavesdropping is how most hackers steal credentials and other information; for example, customers reciting their credit card numbers to an airline booking attendant. All that’s needed is a packet capturing tool, freely available on the Internet, or switch port mirroring, and hackers can save the files, take them home, and cause disaster with the stolen information.

Equally or more dangerous than the hacking of the phone calls themselves is that the phone system may enable entry into the company network, and thus the phone connection becomes as portal to all data within the company.

Of course, there are solutions and safeguards that can reduce or even eliminate security weaknesses within VoIP systems.

Authentication-Based IP Addresses

Static configuration of your IP phones to your extensions will prevent easy access by intruders into a conversation. Specifically, you can specify at the IP-PBX which IP address can use a particular extension as a trusted address.


Unlike PSTN calls which traverse dedicated circuits, VoIP calls are really just data going across the Internet…data that must be protected. By using encryption techniques like TLS and SRTP, you can protect both the signaling and the media stream, preventing others from listening in on the conversation using simple tools such as port mirroring and an RTP trace.

SIP packets contain private information: the IP address of the phone, the SIP server, the signaling and media ports that it’s expecting to listen on, the MAC address of the phone, and in some cases even the management port of the phone. This information should be sent over a TLS tunnel to hide it from snoopers, who though they will be able to see TLS packets will have no idea what’s in them.

Well-designed IP phones provide secure SIP signaling via TLS and audio stream encryption by incorporating SRTP (Secure Real-time Transport Protocol), a security profile that adds confidentiality, message authentication, and replay protection to the RTP protocol. SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. These factors provide significant advantages, especially for voice traffic using low-bit rate voice codecs such as G.729. Ensure your phones provide TLS-based SIP signaling (SIPS) with a SIP proxy server and audio stream encryption using secure RTP based on 128-bit AES. SIPS not only prevents message manipulation and eavesdropping, but it also assures the proxy server of the identity of the client phone; hence, identity spoofing threats are also subdued by this mechanism. Some phones, including those produced by snom, also use AES in counter mode (AES-CM) for secure RTP, which creates a unique key stream for each RTP packet and thus makes it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream.

Secure Media (over UDP)

If you want to increase security further, then purchase a certificate from a Certificate Authority (CA) like VeriSign, which is equivalent to having your documents signed by a Notary Public who is a trusted third party, verifying that you are who you say you are.   Getting the certificate into the IP phones is currently the tricky part, as some phone vendors are not burning them in at the factory using the MAC address as part of the key.

Plug and Play and Certificates

Plug and play of phones on the wide area network is nothing new. The phone presents a MAC address, and based upon that MAC address the IP-PBX automatically provisions the phone so that it can make calls. The IP-PBX, however, is not able to verify the MAC address of the phone since it came from the WAN. In this case, the MAC address reflects that of the router as that is where it came into the LAN. This is a security risk, however some handsets have certificates burnt in at the factory, so after a key exchange the IP-PBX can be assured that the phone is who it says it is and that a certain MAC address belongs to a particular phone.

Centralised Security

Alternatively, security can be guaranteed from a central point independently from the individual applications and end devices. The advantages of this centralized approach is that it will be a one-off implementation with low maintenance costs and the possibility to secure communications from multiple manufacturers. One option for centrally provided security is a Virtual Private Network (VPN), which are typically used for connections with field bases employees in which a company network connects the branch offices to the computer centre or connects geographically separate servers or computer centers.

End User H/W phones voip voip hardware Weekend

VoIP Hardware: Giving a British Icon a 21st Century Makeover

Repurposing a 20th Century British classic for the new millennium. is pleased to welcome “VoIP Week” contributor Mark Williams, Director of Sales at Obihai Technology.

The GPO746 is loved by many – it’s hard to ignore the classic look and high quality construction of the original — but with most of us now using VoIP it is often left to sit there as an ornament and gather dust.  But we can give it a 21st century upgrade!

The GPO poses a few challenges for VoIP hardware enthusiasts. First, it requires a ring capacitor to drive the bells when it rings. Also, the GPO is a rotary dialer, which most modern ATAs don’t support. But where there is a will there is a way, and here I will offer detail on two approaches that can be taken to ready this classic for the world of IP.

The Easy Approach

The easiest way to get your classic phone to work with VoIP is to plug all the adapters inline, external to the phone. To convert the rotary dial clicks into DTMF you can use a Dialgizmo, a device that sits inline between the ATA and the phone. It works well, though it will occasionally detect the hook flash as a “1” and send the DTMF so you need to be careful when taking the handset off hook.

Along with the Dialgizmo you’ll need to find a ring capacitor. You can either purchase an inline ring capacitor from an online store, or you can repurpose a master socket if you have one lying around.

Finally you’ll need an ATA.

mw1-GPO746 plugged into a re-used master socket
The GPO746 plugged into a re-used master socket, which in turn in plugged into the Dialgizmo, which is plugged into an Obihai OBi202 ATA.

Using this simple conversion approach you can get your classic phone working over VoIP.  But you want a more elegant solution, I hear you say?

The Advanced Approach

You say you don’t fancy having a string of adapters connected to your classic phone? Well, if you are handy with a soldering iron, the Rotatone offers another method, an integrated solution, installed inside your GPO746.  And if you’re not handy with a soldering iron, don’t worry – they also have a service where you can send in your classic phone to have the Rotatone and a ring capacitor installed (after making a ham-fisted attempt at soldering — It’s been many years — I chose the send-in option).

The Rotatone is the black box on the left.  It is wired between the rotary dialer and the control board of the GPO746.
The Rotatone is the black box on the left. It is wired between the rotary dialer and the control board of the GPO746.

The Rotatone has the advantage of not suffering from hook switch triggering DTMF tones, and having the ring capacitor installed in the device also removes another item from the daisy chain between the phone and the ATA.

So how about we go a step further an install the ATA within our classic phone as well!

The OBi200 (and OBi300) ATA both fit perfectly between the hook switch of the GPO746.  If we remove the line cable from our phone we can wire this plug internally straight into the back of the ATA and route the power for the OBi via the line cable’s port.  Rather than drill into the case to create a hole for an Ethernet cable we can instead plug an OBiWiFi adapter into the back of the ATA to allow it to operate wirelessly.

Everything installed inside the GPO746.
Everything installed inside the GPO746.

We now have our WiFi-enabled GPO746 IP Phone, repurposed and ready for the 21st century.  And you can even take it a step further by installing an OBiBT USB adapter into the USB port.  To do this you’ll need to use a USB hub to allow plugging the OBiWiFi and OBiBT adaptors into the one port. If you can find a place to squeeze that in you will have a GPO746 that’s not only wireless but that can also pair with your mobile phone via Bluetooth.

So what are you waiting for?  Winter is just around the corner, and there are few better excuses for spending an afternoon converting your phone in a small room filled with solder fumes.  Best of luck!

Conversion Complete 1     Conversion Complete 2

Business security surveillance & privacy voip

Why are the Major Telcos Afraid of encrypted voip?

A significant disconnect exists between the reality of today’s IP communications and the security concerns and needs of the customer (read encrypted voip). welcomes VoIP Week guest contributor Peter Cox, UM Labs Ltd. Founder and CEO.

One of UM Labs’ long-standing customers is using our product to provide encrypted VoIP connections from remote users (mostly home workers) and to encrypt calls they make and receive on their SIP trunk. Their motivation is simple: They are in the USA and their business makes it necessary for them to work closely with federal government, a connection that subjects them to security and compliance requirements. This customer’s view is that applying encryption to all VoIP calls — including those made and received on their SIP trunk — is an essential step towards meeting these requirements. Even if some SIP trunk calls are then relayed in clear text, as is the case for PSTN calls, the encryption applied on the connection to their trunk provider protects their network and ensures the confidentiality of SIP trunk calls on the connection between the service provider and their office. This effort demonstrates that they are taking all reasonable steps to secure the network connections under their own control and is thus a significant step towards meeting the compliance requirements.

Recently, our customer’s existing service provider announced that they were considering discontinuing encrypted SIP trunk connections, and being unable to find an alternative they asked me for some alternative service provider recommendations. I posted the question to the SIP Trunking & Enterprise VoIP LinkedIn group and received a number of helpful replies. My question also sparked some interesting discussion. A number of the participants gave spurious reasons why encryption was too difficult or not needed on a SIP trunk. What surprised me most was that representatives of two very large and well known telcos weighed in against encryption. One claimed that providing an encrypted SIP trunk connection was incompatible with legal intercept requirements, while the other tried to claim that since enterprises trust their data on “private” networks shouldn’t they trust their voice as well?

Addressing the claim that SIP trunk connections are not compatible with legal intercept requirements, I submit that when properly implemented and with the appropriate systems encrypted VoIP does not prevent legal intercept or call recording for compliance purposes. What it does stop is unauthorised call monitoring. The risk of unauthorised call monitoring is not confined to VoIP, as there is a significant risk to calls on cellular networks (see my recent blog at Encryption also has a role to play in controlling other threats, including call fraud.

Regarding the comment about enterprises trusting their data on private network connections to service providers, this I found even more surprising. I have spent many years in network security and this is the first time I have heard a connection to a 3rd party service provider classified as sufficiently private to trust for data transmission without some form or additional security. While connection to service providers may be more controlled than the open Internet, they are not private. Most enterprises will naturally want to protect their data with a VPN, so it makes sense to do the same for voice.

Part of the problem is that part of the telecoms industry is stuck in the past, back in the days when the phone companies owned and operated the networks. Things have moved on, and a significant proportion of all communications now runs on IP networks, much of it on the Internet. The move to IP has spawned new applications such as presence and IM and is the driving force behind convergence. The use of IP networks, and specifically the Internet for voice and UC, is a big step forward, but we must recognise that a different set of security rules apply. We have the knowledge and technology to address the security issues. Rather than finding reasons to avoid implementing VoIP and UC security technologies, the industry needs to embrace them and promote their implementation.

I won’t name the two telcos, but if you are interested in seeing them incriminate themselves you can follow the full LinkedIn discussion at

This is a VoIP week post on Check out other VoIP themed posts this week:

Why are major telcos afraid of encrypted VoIP? by Peter Cox
Emergency calls and VoIP by Peter Farmer
VoIP, the Bible and own brand chips by Simon Woodhead
Why the desktop VoIP telephone isn’t going away by Jeff Rodman
Small business VoIP setup by Trefor Davies
VoIP fraud-technological-conventionality-achieved  by Colin Duffy

Legal ofcom Regs voip

Emergency Calls and VoIP

Emergency Calls and VoIP have always been a contentious issue, but the need for ever increasingly innovative and cheaper ways of communicating means the tensions are getting worse than ever.

Despite what many of you may think, Regulatory Affairs is fun. Bear with me for a second. This isn’t quite like a train spotter defending a book of carriage numbers as fun (though for them I am sure it is). Regulatory Affairs is a truly multi-disciplinary job. Each day, I have to be a little bit telecoms engineer, lawyer, accountant, economist, lobbyist, salesman, compliance officer, and more. My work this year has taken me to documents in the British Library regarding the 1984 privatisation of BT that were pertinent in a dispute being argued at Ofcom, and I am currently working and planning on charge control periods for 2016-2019 and beyond. Every day you get to be at the leading edge of technological environments, helping businesses understand the regulatory environment and coming across some wonderful problems and innovations.

That fun gets drained, though, when it comes to 999 (or 112 for our European brethren…and I think we can all safely say we know 911 is America). Lives are at stake, and it is rightly a very important topic, however much I despise having to deal with issues arising from it.

There are two pieces of history that tie on to why we have the 999 environment we have today. The first one, serious and sombre, is that the foundations of the regime today came about following the 1986 Hungerford Massacre where the local exchange couldn’t handle the volume of calls as Michael Ryan perpetrated his horrific crimes. There were only two lines into the 1986 equivalent of a call handling authority for Newbury at the time. The second is more interesting than serious, that being that the design of pay phones in 1925 was such that the dial was fixed but the number 9 and 0 could be used — the former thrice for emergency services and the latter for the operator — without having to put money in to release the dial. The urban myth is that it was chosen in the pulse dialing days because overhead wires could touch in high wind and send a 1 pulse … if done three times in a certain period would make a false call. The avoidance of this was simply a fortunate consequence of the pay phones.

More recently, in the late nineties, we have had significant improvements to location information databases, we’ve had the rise of mobile phones and the location information therein, and we’ve also had the ability to text 999 (pre registered users with special needs as I recall). In amongst all of this we have VoIP, one of the most important innovations in telephony for a generation. Today I can sit in a hotel in Brazil and make calls presenting my UK 0208 number. More importantly, I can make such calls from an app via a smartphone connected to a switch/PBX/platform in the UK that doesn’t even know I am abroad.

So what on earth happens when I dial 999?

That instance is simple; apps should probably just let the handset deal with it natively so as to pass on all the relevant information….. but what if I sign into a hosted PBX in my colleague’s home office and something goes wrong? I’ve been a good boy as a homeworker and the call handling authority would see the address of where I am most often – my own home office. Thankfully, Emergency Calls are presented to the call handler in two ways, based on a prefix the originating network places on the call — there’s one for old school legacy TDM fixed network that says “reliable address” and there’s a second one that says “unreliable address” used for roaming VoIP. Cutting a very complex story short, that triggers a different script for the operator to follow. The mobile world is somewhat different and their location information plans regarding GPS chips etc. will undoubtedly save lives. We’ve managed like this for coming up to a decade, since Ofcom made its last pronouncements on VoIP and Emergency Calls. All well and good.

The legacy broadband superimposed over narrowband copper voice world has a short shelf life now, though. Various government bodies and Ofcom are consulting and whatnot on how to deal with Emergency Calls when we can’t rely on the BT Exchange to power the line (the narrowband voice at least) should the wider electricity supply be compromised. Right now if there’s a power cut at home I will lose broadband and my phone. I can, however, go to the garage, dig out an old phone and plug it into the master socket and knock myself out. The current regulatory/government consensus is that data-only/wires-only/naked services should have at least one hour battery backup to remove this potential problem.

Wow. 1 hour.

Essentially then, in a VoIP only world (or strictly VoIP or other technology over naked DSL or somesuch), if someone wants to axe-murder me during a power cut I am in deep trouble if nPower cannot get their ducks back in a row within 59 minutes and 59 seconds.

According to Ofcom’s own research, 26% of socio-economic group DE households are now mobile only (16% in other groups if you are interested). They are relying today purely on whether they’ve remembered to charge their phone and/or Apple have invented a hydrogen cell, as opposed to the usual offering making you reminisce for an old Nokia and that the local masts have sufficient backup power in a prolonged outage too. I suppose, in my alluded to axe-murdering power-cutting thunderstorm I would also have my mobile, but everyone knows I have to carry around a 14000mAH battery pack because I always forget to charge my phone! This situation in itself is why I am surprised that the fixed requirement is just one hour…… after all, we are familiar with the snowmageddonwe endure each winter, with communities sometimes cut off for days.

At times I get the impression (and I have some sympathy with this position) that some VoIP companies would like to be able to just have a disclaimer that says “This device/service cannot be guaranteed to be able to make Emergency Calls” or somesuch. With the growth of VoIP and our need to have this technology widely accepted and embraced by the populace — and our desire to not pay for the line card and metallic path to the voice processor in the exchange — I don’t think that just making it someone else’s problem will wash….. you can just see the Daily Mail headlines now.

That all said, the solution isn’t a room UPS for every household, nor is it a hot-standby generator for every street. We also cannot avoid much longer the roaming VoIP location information issue; a return to the pre 1998(ish) situation of the caller having to give their address would be retrograde. That will make it interesting, and for once, I may not actually hate dealing with Emergency Calls in Regulatory Affairs either.

This is a VoIP week post on Check out other VoIP themed posts this week:

Why are major telcos afraid of encrypted VoIP? by Peter Cox
Emergency calls and VoIP by Peter Farmer
VoIP, the Bible and own brand chips by Simon Woodhead
Why the desktop VoIP telephone isn’t going away by Jeff Rodman
Small business VoIP setup by Trefor Davies
VoIP fraud-technological-conventionality-achieved  by Colin Duffy

Business voip

VoIP, the bible and own brand chips!

Cheap voip? Get what you pay for says Simon Woodhead.

It has been many years since I had to persuade someone that you got what you paid for with VoIP and that cheap voip routes were not the same as quality voip routes into bona fide networks, even though the transport may be the same. That cost obsessed underbelly of the industry still exists, but the vast majority of buyers of wholesale services now seek quality and have learned from mistakes of the past.

Along the way, those of us who started as pure-VoIP wholesalers have now grown into bona fide PSTN operators with SS7 interconnects into key trading partners. VoIP is the transport, not the product, and the product has improved drastically over the years.

Concurrently, previously pure-play TDM operators have discovered VoIP. Many now use VoIP for the exchange of international minutes, some even insist on it for domestic inter-carrier interconnects. Others have embraced it as an edge interface to an unchanged TDM core. Again, VoIP is the transport, not the product.

However, we’re now embarking on a new phase and I’m finding myself again echoing words of the past when speaking to potential customers. Those pure-play TDM operators who have relatively recently discovered this new VoIP toy are seeing the temptation of it not just as a transport but as a product, i.e. they can sell VoIP but rather than that being an interface to a stable core network and established interconnects, they can buy VoIP routes on the back-end and make extra margin. It is horrific from our position to test routes from global network operators and find them in some cases utterly unusable because they’ve tasted the forbidden fruit, and unlike the rest of us haven’t yet learned what a short-term game that is.

Others are pushing VoIP “interconnects” as an alternative to a regulated interconnect – a managed service outside of OFCOM’s scrutiny – at prices they dictate. Buyers of those products are seduced by the brand, the relative ease of set-up and have comfort that VoIP is the transport to a stable proven network and quality routes. In our experience they quickly learn that this is not the case.

We’ve even heard of established TDM operators dismantling their established TDM interconnects in favour of said VoIP-based managed services. Russian Roulette in many respects, especially with those customers paying for the established quality of a TDM core.

In short, having come from a time of VoIP being the product, learning and evolving to it simply being the transport, we’re sadly back there. Bigger, later, prestigious travellers are now seeing VoIP as a product on both the buy and sell side of their business. Rather like in the bible, it is the serpent urging them to taste the forbidden fruit and some are.

For practitioners this makes “caveat emptor” more applicable than ever. There’s no certainty that brand X represents a single level of service with multiple transports, but rather multiple levels of service at multiple price points. To put it in food terms, Sainsbury’s own brand chips range from premium to economy – you’re not getting premium at economy pricing just because it has their name on. Further, I’m reliably informed that Waitrose actually own their own farms, despite being a fraction of the size.

I have no doubt VoIP will continue to surplant TDM as a core transport for voice. In the interim, while it is luring the naive, be careful out there! Unforgiving consumers expect you to make the right choice. Cheap voip doesn’t necessarily mean good voip.

Previous post by Simon Woodhead on VoIP fraud. Simon is CEO of Simwood and is a respected comms industry veteran.

This is a VoIP week post on Check out other VoIP themed posts this week:

Why are major telcos afraid of encrypted VoIP? by Peter Cox
Emergency calls and VoIP by Peter Farmer
VoIP, the Bible and own brand chips by Simon Woodhead
Why the desktop VoIP telephone isn’t going away by Jeff Rodman
Small business VoIP setup by Trefor Davies
VoIP fraud-technological-conventionality-achieved  by Colin Duffy

broadband Business H/W UC voip voip hardware

Why the Desktop VoIP Telephone isn’t Going Away

Major leaps in technology allow business phones — the desktop VoIP telephone — to serve a rapidly growing range of needs. welcomes “VoIP Week” contributor Jeff Rodman, Polycom‘s Chief Technology Evangelist. Since co-founding the company in 1990 Jeff has been instrumental in the realization of Polycom’s iconic products for voice, video, network communications, and other media.

The death of the desktop telephone has been predicted for decades. Technology has steadily advanced, business processes and communications needs have grown, and it’s actually rather surprising how that stodgy old friend the “desktop phone” has prospered. Look at its challenges: the PalmPilot, mobile phones and the Blackberry first, then on to Skype and other soft clients, unified information systems, mobile iOS, Windows and Android devices, teleworking, personal video calling, open-air workspaces, multiple Unified Communications and Control (UC&C) platforms, and the internet itself. And, of course, an always-growing need for specialised applications and consistent, efficient globalisation.

The desktop device remains firmly in place, though. What has actually happened is something that many didn’t see coming, yet is obvious in hindsight. The question was never really about when the desktop telephone would disappear, but rather how changing work needs and new technologies would shape its evolution.

“Personal transportation” did not disappear when Karl Benz introduced the Motorwagen in 1885, it evolved as technology moved beyond the horse. A broad range of personal transportation solutions emerged, from the motorbike to the motorhome, addressing such specific needs as the sedan, snowmobile, and all-terrain vehicle along the way. Similarly, the phone (which we might describe as a personal desktop live communications device) is not vanishing. It is, rather, becoming even more critical to business success, as it has advanced from its roots. Once merely the “black phone on a desk,” there is now a range of devices to cover an assortment of user needs from a basic desktop VOIP telephone to the rich integration of essential capabilities known as the Business Media Phone.

What is a phone today?

Modern business phones exist in many forms, but the most basic requirements they all share are durability and reliability. They are always on and ready for use, unlike cell phones, which require charged batteries and wireless connectivity. Similarly, soft clients or UC clients running on PCs must be running to accept calls or place calls. A phone is one thing we expect to always work, which is why they have traditionally been built like “brick houses,” never knowing who might slam down the handset, douse them with tea or drop them off of a tall table. Any phone is designed for a tightly defined set of uses, which it flawlessly performs. Whether a particular phone today supports only voice or a full bouquet of functions and applications, it is expected to do those jobs with unblinking confidence. As we will see, any device that might hope to take its place must be measured against this simple but essential standard of absolute reliability and responsiveness, one which we might call the “phone’s prime directive.”

Beyond this, major leaps in technology allow business phones to serve a rapidly growing range of needs. The adaptations to serve these can be broadly categorised in three directions— extensibility, unification, and media. Manageability and reliability, looking at the centralized support model removes the hassles from the end-user who can simply use it and doesn’t have to worry about software updates or configurations.


Whether PSTN, SIP, or some proprietary network, the most basic analogue phone needs only a handset and a phone cable. The underlying vision usually supports a much larger assortment of abilities, though, and different models within the same family will express different combinations. These can take the form of additional interfaces to support Bluetooth, wired, and DECT headsets, memory stick hosting to preserve conference audio, additional Ethernet jacks, “sidecar” accessories to provide one-touch selection of additional lines, and even add-on interactive HD video. Each of these extends the usefulness of a phone, by enabling future enhancement without burdening the initial purchase. The extent to which a phone can support this kind of evolution is one measure of its suitability for an organisation.


Although the range of abilities, environments, and platforms that might be supported by contemporary phones is much broader than it was just a few years ago, the user still expects them to work together simply and reliably. This means that functions must tie together transparently, and any complexity has to be neatly and efficiently concealed. The functions performed by the desktop phone must be able to connect to a wider set of networks; but more than that, the user’s experience has to remain consistent—a user cannot be confronted with wildly different behaviour just because, for example, SIP dialling and the Microsoft Lync platform are both in use within the organisation. For this reason, one essential requirement of a properly-implemented phone is that it retains compatibility with existing infrastructure. This means that interoperability among different UC and UC&C host platforms and simple, predictable behaviour is essential for a successful phone, whether it is a basic voice phone with enterprise directory access, or a full-fledged Business Media Phone, such as the Polycom range of VVX Business Media Phones.


Today, conversations can take place among almost any combination of styles and environments (i.e., HD or narrowband voice, accompanying charts and presentations, HD video, small-screen video from a handheld device, or even Immersive Telepresence rooms). They can be between two people in only two places, or among a gathering of groups and individuals everywhere (i.e., at airports, desks, homes, workspaces and conference rooms).

Although there is today a growing expectation that participants will join meetings with video, a phone must give its user a clear perception of the meeting and also present its user as a competent, efficient participant in that meeting, whether the user has joined with video or only audio. This means that whether sitting in open spaces or quiet offices, phones must reject surrounding noise while allowing their users to speak clearly. Further, if video capable, they must send a clear, high-fidelity image even if their display is compact. Just as a user does not want to sound like they’re on a muffled Smartphone, they also want to look as if they’re working from a professional HD video system, not shaking and blurry with a precariously- mounted camera.


The desk phone has changed and today it does enormously more than it did in the past, yet it remains a keystone of effective business operation. By providing consistency, reliability, comfort, and an easily managed connection, there are few tools in business that prove their continuing worth as well, or as quickly, as well-built table-top voice or Business Media Phones.

Over the past three years, the tables have turned. Savings that some organisations had expected to gain by leveraging employee BYOD’s have evaporated as enterprises are often now the ones who buy those smartphones for employees, often at considerably higher life-cycle cost than a well-built desk phone. This is one reason that we’re really not entering a “smartphone world,” and why the market for real desktop phones of all descriptions continues to grow. Organisations that experiment with smartphones discover that they’re no panacea, and they return to the purpose-built and IT-friendly desktop phone — and especially to its powerful newer sibling the Business Media Phone — as the tool for doing what they do best, communications without compromise…

The bottom line is that regardless of what the final decision for each employee turns out to be, the first step toward making correct choices is to carefully investigate, taking care to understand what is important to the organisation and to each user, and get the facts about the options available when making a long-term investment such as a phone system.

This is a VoIP week post on Check out other VoIP themed posts this week:

Why are major telcos afraid of encrypted VoIP? by Peter Cox
Emergency calls and VoIP by Peter Farmer
VoIP, the Bible and own brand chips by Simon Woodhead
Why the desktop VoIP telephone isn’t going away by Jeff Rodman
Small business VoIP setup by Trefor Davies
VoIP fraud-technological-conventionality-achieved  by Colin Duffy

Business voip

Small business VoIP setup.

In which looks at a small business VoIP setup.

Last week I took delivery of a new IP phone. Twas a Yealink T46G. I’ve been using my SGS4 with a skype client to make outbound calls to the pstn.   The droid has got an intermittent problem with the audio and whilst I’m waiting for my new Oneplus One to arrive (tomorrow if the gods of the East Midlands transport system are in a benevolent mood – it has arrived as I write yay) I figured it would do no harm to look at a small business VoIP setup and sign up with a number of VoIP service providers to compare their services.  The Yealink allows me to have 6 ITSP accounts.

It’s years since I’ve done any hands on phone testing. At Timico it got to the point where it was all done for me whilst I strummed the NetOps guitar and wrote blog posts. Back in the day the setting up of a new SIP phone was never straightforward. Every manufacturer had different ways of doing things, as did every service provider. Trying to match up which element of credentials went into which field on the phone could take days.

The Yealink was a breath of fresh air – v easy to set up. Having got the phone I then needed a service to use. There was no point in using Timico. I wouldn’t learn anything new there. A roll of the dice brought up Voipfone. Voipfone CEO Colin Duffy regularly contributes guest posts to this blog so it seemed a reasonable thing to do.

Voiphone have an automated front end. I created a new account and stuck a tenner’s worth of credit in. They gave me a password and I was off. However the service didn’t work straight away. I could get a dial tone and in fact was able to call Voipfone but no outbound. The guy at Voiphone sorted it in no time. Although they don’t sell Yealink phones they must have experience in dealing with most vendors’ kit.

I found the phone’s IP address – easily done from the menu – and stuck it in my browser address bar which took me to the phone’s web page. Username and password entered and we were able to check the settings. I’d missed a field for the outbound proxy server address. Doh!

Both phone and service worked beautifully. This is my experience of VoIP services generally, provided you have good enough connectivity. In my case I was on the network. In theory as good as it gets. I’ve also tried it at home from the office/conservatory and also no problem.

Now there’s a few things to note about this experience. Firstly it was very quick to get up and running. If I was a new business (which coincidentally I am) I could have my comms up and working in minutes.

Secondly If I had more than one business (which coincidentally I do) I could very easily set them both up with diffrerent numbers operating from the one handset. Your phone answering spiel wouild be driven by which line rings.

The Yealink feels good on the desk and in my hand. You might easily say a phone’s a phone and in one sense you would be right. The User Interface is important in a phone. It’s just little things like the rubber feet. They just feel right. Just the right amount of give when you touch the phone.

This isn’t really an advert for either Voipfone or Yealink. I just happened to use them though for a small business VoIP setup they are perfect. I could have used Timico or any other number of ITSPs. This is an advert for hosted VoIP telephony in general. I brought the phone home from the office today. Everyone else was out so I figured I might as well work from home. It’s comfortable, though I wouldn’t want to do it all the time.

Over the next chunk of time I’m going to take a look at various VoIP services and let you have my observations. In an ideal world I’d also have my Skype and Google accounts registered on the phone. Not there yet.

That’s all for now. It’s VoIP week on Y’all come back now.

PS I named the Voipfone line Colin. If I sign up with more ITSPs I’ll use their CEO’s names too:)

colin Voipfone

This is a VoIP week post on Check out other VoIP themed posts this week:

VoIP fraud-technological-conventionality-achieved  by Colin Duffy

Bad Stuff Business ofcom scams security voip

VoIP Fraud — Technological Conventionality Achieved

VoIP has reached the mainstream. We know because the fraudsters are coming after us. welcomes VoIP Week guest contributor Colin Duffy, CEO of Voipfone and ITSPA Council member.

VoIP merges two of the largest industries in the world: Telecommunications ($5.0 trillion) and the Internet ($4.2 trillion). It is big business.

Estimates of VoIP market size vary, though they are universally large. For instance, Infotenetics Research estimates the global residential and business VoIP market to be worth $64bn in 2014, growing to $88bn in 2018. Visiongain, on another hand, puts the 2018 value at $76bn. WhichVoIP (Bragg) has it as $82.7bn by 2017, and also claims that VoIP calls account for 34% of global voice traffic – 172bn call minutes. And then there is the United States Federal Communications Commission, which estimates that “In December 2011, there were 107 million end-user switched access lines in service [ the USA and..] 37 million interconnected VoIP subscriptions.

And with opportunity comes the thief:

ICT Recent Scenarios: VoIP Week: Colin Duffy
(Corporate ICT)


(You have to love that New Scotland Yard hack…..)

But it’s not confined to big organisations; perhaps a little closer to home:

“A family-run business says it has ‘nowhere left to turn’ after hackers rigged its telephone system to call premium rate phone numbers — racking up a bill of nearly £6,000. ‘We reported it to the police, but we were told there was very little likelihood of them catching anyone so they wouldn’t be able to investigate’, she added.”                               

— Lancashire Telegraph

The Communications Fraud Control Association publishes a global fraud loss survey, and in 2013 they estimated that the global telecommunication industry loss to fraud was an enormous $46.3bn, which included:

  • VoIP hacking ($3.6bn),
  • PBX hacking ($4.4bn),
  • Premium Rate Services Fraud ($4.7bn),
  • Subscription Fraud ($5.2bn)
  • International Revenue Share Fraud ($1.8).

Over 90% of the telephone companies included in the CFCA’s survey reported that fraud within their company had increased or stayed the same since the last report.

Globally, the top emerging fraud type was identified as Internet Revenue Sharing Fraud, with Premium Rate Service Fraud (both international and domestic) also in the top five. Of the top five emerging fraud methods, PBX Hacking was the most important with VoIP Hacking at number three.

Who’s doing all this is a big and interesting topic, but here’s a starter:

Top Ten Countries where fraud

Top Ten Countries where fraud

East Timor

CFCA, Global Fraud Loss Survey, 2013

What can be done?

Earlier this year a customer of Voiceflex was hacked to the tune of £35,000 when over 10,000 calls were sent to a Polish Premium Service number over a period of 36 hours. The customer refused to pay, which resulted in a court case that the telco lost. Now the industry is looking to its terms and conditions for protection, but it’s clear that this isn’t enough – the cause needs addressing.

The best approach would be to cut off the money supply – if Telcos could withhold payments for known fraudulent calls, the activity would end. But this solution requires changes to inter-operator agreements and cross-jurisdiction interventions.

“We are currently in discussions with our fellow EU regulators about steps that may be taken to address cross-border [Dial Through] fraud and misuse. It is important that companies using VoIP systems take steps to ensure both the physical and technical security of their equipment in order to avoid becoming an ‘easy target’ for this type of criminal activity […..] We are approaching the NICC and relevant trade associations to ensure their advice is updated to help businesses better protect themselves against newer types of dial-through fraud that have emerged as technology has developed.”

— Ofcom 2013

For once I agree with Ofcom. The industry needs to work harder at target-hardening. We need to be making this industry safer for our customers.

There’s a lot to be done but a good start is to read and apply the guidance issued by ITSPA – the UK trade organisation for Internet Telcos.

I’m taking a close personal interest in VoIP fraud and security, and I invite anyone who has more information or who wishes to discuss this in more detail to contact me at email

A naive user asked me, ‘why can’t you just make safe telephones?’ Well, why can’t we?

Business voip voip hardware voip security workshop sponsors announced as Yealink

Yealink announced as voip security workshop sponsors at Sandown Park on 8th October

Further to last week’s announcement, IP phone vendor Yealink have come on board as ITSPA/ VoIP security workshop sponsors. The workshop being held during Convergence Summit South at Sandown Park on 8th October.

This is quite apt as Yealink are one of the first IP phone vendors to introduce security certificates as standard on their handsets. This means that when properly provisioned people can’t spoof your CLI because the proxy server is expecting to see a particular certificate to accompany your account credentials.

Yealink are a company that have been creeping up on the rails over the last few years. In the early days of SIP there were only a small number of handset vendors including one or two from the Far East. Then the number of players exploded as the market climbed the curve of expectancy (or whatever it is called). Now however we only see a few active vendors, at least in the UK and some of the Enterprise manufacturers don’t really appear much in the hosted market which is what ITSPA is all about.

The emergence of Yealink from the Far East is quite significant. I’m sure they must have been around for donkeys years but they have slowly grown to be one of the vendors getting most of the attention in the low end market. This is in no small part due to the team they have here in the UK.

Having Yealink on board as VoIP security workshop sponsors is a big help to the industry  as these events do cost hard cash to put on. Although the market is potentially huge – ultimately VoIP will replace the PSTN, it is still a relatively small community of players and events such as the ITSPA/ voip security workshop do represent great opportunities to get face time with stakeholders.

Anyone wanting to come to the VoIP security workshop can sign up free of charge here.

Engineer security voip

Announcing ITSPA VoIP security workshop sponsored by Yealink is teaming up with ITSPA, the Internet Telephony Service Providers’ Association, to produce a twice yearly VoIP security workshop. The first one is during the Convergence Summit South show at Sandown Park on October 8th, Read on to find out more.

Announcing the ITSPA/ VoIP security workshop

Telecom Fraud – Part 1 – A Case Study for the Channel by a Paul Taylor from Voiceflex @ 2.30pm

The Part 1 talk which is part of the main Convergence Summit South programme nicely sets the scene for the ITSPA/ VoIP security workshop colocated at the same venue. The ITSPA/ VoIP security workshop goes into the main types of fraud perpetrated on VoIP service providers and their customers and discusses how to stop it happening in the first place.

Telecom Fraud – Part 2 – Prevention is Better than the Cure by ITSPA (the UK VoIP trade body) & @ 3.15pm

yealink secure voip provisioningThis VoIP security workshop is intended to provide attendees with an overview of the current fraud threats facing the Telecoms/VoIP industry, outlining its scale and discussing the ways to mitigate against these problems before it is too late. Looking from all angles (service provider, reseller and vendor perspective), there will be short presentations from various industry players, outlining their experiences, followed by a panel and Q&A session to discuss the best methods of combatting fraudulent activity and best practice tips. Nibbles and drinks will follow to continue the discussion.

The format includes:

1) Telecoms/VoIP Fraud – the current state of play and how bad is it? – Simon Woodhead of Simwood

2) An outline of three specific types of fraud and what to do to tackle it

a. PBX Hacks David Cargill

b. Accessing SIP credentials  Steve Watts of Yealink

c. Identity spoofing Colin Duffy of VoIPfone

Simon Woodhead will also do a slot on general protection against non-specific threats.

3) Audience Q&A – How to prevent fraud, spot fraudsters and adhere to best practice.

This week is also going to be VoIP week on We have a gang of regular contributors providing posts but if you have an idea for an interesting VoIP posts let us know. You have to be from the VoIP/ITSP industry and it should not be a blatant sales pitch for your company’s products and services.

Finally on the 8th October, the same day as the VoIP security workshop, we are having the 5th UC Exec Dinner. This time the speaker is Dean Elwood, CEO of Voxygen. Dean is coming to talk to us about what is happening with OTT VoIP services in the big telco community. This is only open to senior execs in the UC industry. More details here.

Business voip

VoIP week on 6th – 10th October

Advanced notice of VoIP week on 6th – 10th October

There are times in the year where VoIP becomes a natural subject to talk about. On these occasions we have a VoIP week on This is where we get lots of guest contributors to write stuff about VoIP. In our case the guest contributors are normally senior industry executives and as such usually have something worth listening to (ok or worth reading if you want to be pedantic).

Our last VoIP week was way back in May where we had a diverse set of posts included articles on Net Neutrality (still in the news now), security and fraud, the technology of location identification for Emergency Services, considerations in designing conference phones, the birth of a new handset, will OTT services kill off the telephony service provider and more.

We saw nostalgia and forward thinking. What’s happening in the Google UC world and will ITSPs need to embrace Lync? There was also a post highlighting a real world case study of someone trying to find a serviced office that would allow them to use their own VoIP service.

The statistics for the week included 6,640 visitors, 9,352 page views and an average of 296 RSS feed reads a day. There were a total of 414 shares including 90 via Twitter, a whopping 188 via LinkedIn, 73 for Google+ and 63 for Facebook. This mix suggests a predominantly business interest in the subject of VoIP.

This coming VoIP week is timed to coincide with the Convergence Summit South, a channel trade show in which VoIP services resellers descend on Sandown Park Racecourse to discuss VoIP business and to drink lots of beer. That week we are not only having a week of VoIP blog posts. We have a VoIP security jointly organised with ITSPA – the Internet Telephony Service Providers Association and the twice yearly UC Executive Dinner. More on the workshop very soon.

The Exec Dinner is by invitation only and largely attracts C Level individuals from the Unified Communications (ie VoIP) industry. Although attendance is by invitation if you are a senior exec in the UC game and want to come you are very welcome to get in touch and I’ll point you in the right direction. These dinners are always great networking events and have a senior industry guest speaker to spark a debate. This next dinner has Voxygen CEO Dean Elwood discussing OTT services in the large telco market.

Finally VoIP week wouldn’t be VoIP week without its guest contributors. If you think you have something to say by all means get in touch and tell your friends. Note this is not an open invitation to write a sales oriented post filled with links to your own product.

C ya.

Engineer events fun stuff voip voip hardware

England v India Trent Bridge – a tale of two Andersons & Yealink VoIP phone

England v India highlights – Root & Anderson  10th wicket world record, I am nearly knocked out by a cricket ball, Pamela Anderson gets cricketer autograph & I spot a Yealink VoIP phone.

England v India at Trent Bridge was the backdrop for  great day out with the kids yesterday. There are two ways to “do” the cricket. One is with your mates. This is a boozy day out beginning with a pint and “full English” at 10am in the pub followed by a steady day’s cricket watching and a curry to finish off. The other is with the kids.

It was with the kids yesterday that I was nearly knocked out by a cricket ball and saw Pamela Anderson getting an autograph from one of the English players fielding at the boundary.

Arriving early we took our seats and settled in to watch a bit of net practice. Sat at square leg the nets were just in front of us but after a while the kids wandered off to look around the ground. There I was minding my own business, not particularly watching anything, when suddenly I heard a cry and I was hit by a cricket ball.

The ball glanced off the side of my head, hit my shoulder and plopped down beside me. It took me a moment to realise what had happened. One of the batsmen in the net had hit it over the top of the side netting. A couple of inches to the right and it would have landed squarely on the top of my bonce with potentially lethal consequences.

Without thinking I picked up the ball and threw it back. I should have kept it as a souvenir. There is evidence of the incident however. My hat – pictured in the gallery below was somewhat damaged as you can see.

Test match cricket is a great day out. The entertainment is not just on the pitch. The crowd provides just as much fun as the players. In the gallery below you can see a steward trying to confiscate a “beer snake” which is a stack of empty plastic beer glasses. Much beer is drunk at these events. For some reason the stewards want to confiscate the stacked glasses. The snake gets handed around the stand, growing in size as more glasses get added on the journey. The steward trying to confiscate the snake provides great sport as each time he gets near the snake is passed along to someone else.

In the gallery below there is also a photo sequence where “Pamela Anderson” gets the autograph of one of the England fielders. Pam was there with a party of lifeguards sat quite close to us in the New Stand. Also look out for a couple of horses sat amongst the crowd.

As far as the actual England v India cricket match went we were treated to a world record tenth wicket stand of 198 runs between Joe Root (154 no) and Jimmy Anderson (81 and no relation to Pamela afaik). The game now looks like being a draw and the rain forecast for the last day will hopefully provide some respite for the English team, now fielding, who have another test starting in a few days time.

There is, as is often the case, a technology slant to this post. Hanging around the boundary at lunch I couldn’t help noticing a Yealink VoIP phone nestled in amongst the equipment of one of the cameras. I love spotting little things like this. The kids have got used to it. The Yealink VoIP phone is not dissimilar to the Cisco I spotted at the Harbour Lights cafe in Peel in the Isle of Man. I’m not sure what the Yealink VoIP phone model is. I’m sure someone out there will know:)

Business Mobile Regs voip

So Long 084 and 087 (and Thanks for All the Fish)! welcomes guest contributor Alex Kinch, Founder and CEO of Ziron.

The game is finally up for many ‘rip-off’ 084 and 087 numbers. Thanks to the EU’s Consumer Rights Directive – and the corresponding UK legislation (The Consumer Contracts (Information, Cancellation and Additional Payments) Regulations 2013), as of 13-June-2014 customers will not pay more than the “basic rate” when calling a wide range of businesses for customer service, complaints, renewals and cancellations. Hopefully by that point the majority of businesses will have already swapped their numbers, however what is really interesting is the reason why this change is taking place and what the impact will be.

Alex Kinch

I may be showing my age, but I remember when the 084/ 087 numbers hit the mainstream at the start of the millennium. For businesses the advantage was clear: profit resulting from the call charges. Understandably, though, this didn’t make consumers very happy, and you can see their point. After all, who wants to be charged a premium rate whilst waiting an age listening to “Greensleeves” on repeat?

Mobile operator Three estimates the cost to consumers at half a billion pounds a year with research and testing company Which? pitting the figure at £385 a year, per household, which is not really small change by anyone’s standards. Thus, it’s no wonder that 67% of the consumers surveyed by Which? thought that these high-rate numbers were being deliberately used to discourage people from calling them.

So with Which? and other consumer rights groups complaining to the government to take action, it is great that something is finally being done to end this ‘rip off’. As with everything, however, there is a catch: certain types of companies are exempt from the legislation, including financial services, gambling, construction, and property sales and rental. There is hope, of course, that the Financial Conduct Authority (FCA) will put pressure on their members to voluntarily comply.

All of this has been good news for the numbering market, as demand for 03 numbers has gone through the roof. It feels as though consumers get that 03 numbers are ‘national’ numbers, but that they are billed like a geographic call. The real question, though, is how this will affect call volume and whether businesses will find other ways to recoup their lost revenue. I guess we will find out next month…

Related Posts:

security voip

Wot? No Password?

UM Labs Ltd. Founder and CEO Peter Cox’s post is based on a presentation given at a recent ITSPA workshop on the risks of auto provisioning.

Everyone understands the need for security on the Internet. We all know the importance of using strong passwords and — painful as it may be — regularly changing those passwords. As such, would it surprise you to learn that there is one widely used Internet service that routinely provides sensitive information to anyone that asks without asking for a password or employing any other form of authentication?

The service I refer to is phone auto provisioning. If your company has an IP phone system (as most mid-to-large companies do) or if you outsource your phone system to an IP service provider, the chances are that your phones are using auto provisioning and possibly without using authentication. ITSPA has recognised the problem and is working on producing guidelines to address it.

One of the benefits of VoIP is that you can take a phone out of the box, plug it in just about anywhere, and it works. Of course, there is a lot going on behind the scenes. For instance, for an IP phone to work it must first be configured with such details as a phone number, the network address of the system it should connect to, and a password the phone uses to authenticate itself to the service provider or internal phone system. Calls cost money, so phones must be identified and authenticated when they connect to the service and when they are used to make calls. The problem is that the complete configuration for a phone is long and complex. It could include 100 or more parameters, for example:

	sips persistent tls:     1
	download protocol:       HTTPS
        sip line1 proxy ip:
	sip line1 registrar ip:
        sip line1 proxy port:    5060
	sip line1 registrar port:506
	sip line1 password:      xxxxxxxxxxxxxxxxx

Of course, nobody wants to have to type such information in, so this is where provisioning steps in. When a handset is connected it contacts a pre-defined provisioning server (just a specialised web server), identifies itself via its unique MAC address, and downloads its configuration. Simple! The problem, though, is that most provisioning servers identify the phone (particularly when hardware IP phones are connected) solely via its MAC address — a 12-digit value unique to each phone that is normally printed on the phone alongside the serial number.* As such, if a provisioning server gets a request for a MAC address it recognises the server replies with the complete configuration needed to configure the phone….and most provisioning servers DO NOT ask for a password or use any other authentication mechanism. Thus, anyone who knows or is able to guess your phone’s MAC address can download its configuration, including the password needed by the phone to make calls.

Distributing passwords to anyone who asks without some form of authentication is clearly a bad idea. And guessing MAC addresses is not as difficult as it sounds. All an attacker has to do is to connect to a provisioning server and try each of the 16.7 million possible addresses for a specific vendor, which may sound like a big challenge but which in truth is not. To support this point I recently wrote a very simple script to do exactly this in just 5 minutes. I then pointed my script at a service provider’s provisioning server and ran it using a restricted set of 1,000 address. Running on a £25 Raspberry Pi, my script took roughly 7 minutes to complete and returned the complete configuration of two phones including passwords. And as I had no way of knowing if any of the 1,000 MAC addresses belonged to phones connecting to the service provider, 1,000 is a good hit rate.

At a rate of 7 minutes to scan 1,000 MAC addresses it would take 86 days to scan the entire range of 16.7 Million addresses used by a particular phone manufacturer. Then, having done that, I could get the configuration — including the password — for every phone from a single vendor used by the targeted service provider. And what if I was not willing to wait 86 days? I could invest in faster hardware or spend a bit more time writing a more efficient script (or both) and easily complete the scan in a week.

The information that my script returns would be invaluable to an attacker, offering an easy route for call fraud that could leave the victim with a bill of tens or thousands of pounds. Thus, ITSPA’s initiative to address the problem could not be more timely.

*All systems connecting to a network, whether a wired Ethernet connection or a WiFi connection, must have a globally unique MAC address hard-wired in when the device is built. These MAC addressees are managed by the IEEE, with each manufacturer assigned a six digit prefix (A list of vendor prefixes is published at MAC addresses are base 16 numbers, so the remaining 6 digits can be used to create 16.7 million unique addresses.

broadband Engineer net neutrality voip

VoIP not working over your broadband connection? We may have the explanation.

VoIP over broadband not working? It may be the router.

Routers provided by some major ISPs are preventing their customers from using VOIP services such as Skype.

For some time now members of the Internet Telephony Service Providers Association have been keeping a list of routers through which VoIP doesn’t appear to work. The routers themselves include functionality or elements of firmware that are either not user configurable or there are elements of the ISP service that mandate their router without an obvious means of using an alternative. This means that if a customer wants to use Over The Top VoIP services such as those provided by ITSPA members they usually can’t.

Unfortunately whilst this may well not be a deliberate act of anti competitiveness on behalf of the ISP it has the same effect as if VoIP was being blocked in the ISP network – interesting considering that some of these ISPs offer VoIP services of their own.

If you have such a router you probably can’t use Skype or any other VoIP service offered by the 100 or so independent providers in the UK. Whether this is deliberate or not is a moot point. The end result is that the ISP is affecting your ability to use the broadband service you pay for.

Most major ISPs are signatories to the Broadband Stakeholders’ Group Code of Practice and have undertaken to respect what is known as Net Neutrality or the promise not to favour any one type of traffic over another. This is a fundamental principle of how the internet works.

If an ISP provided routers over which 3rd Party VoIP services did not work whilst their own VoIP service continued to work perfectly well they would be flouting these principles. Effectively they would on the one hand be saying they are “good guys” which comes with obvious PR benefits whilst in practice being “bad guys”.

Dan Winfield, CEO of VoIP provider Voxhub says:

“This is an ongoing problem. It can affect customers that work from home at any time even if they have things up and running. A new update is shipped out by an ISP and effectively wipes out their phones. You can see the roll outs happening over a period of time as people call for support. The worse side of this is that customers get angry with us and we cannot do much. We cannot guarantee our service will work on home broadband as a result. When we roll out to offices, we always supply routers to get round the problem but this doesn’t work for home users.”

Not all ISPs are affected. It would be interesting to hear from any reader who has a broadband service but over which VoIP will not work.

Engineer fun stuff H/W voip voip hardware

Snom Audio Lab

Dusan Aleksic is the Head of Hardware Development for Snom Technology AG

In the end of nineties Serbia was under UN sanctions and as a young electro engineer I was a part of the small team tasked with maintaining the gas masks in stock. I had an open issue before me: the carbon microphone was out of date and needed to be replaced. Unfortunately, the microphone in question was originally produced in another part of the former Yugoslavia and it could no longer be had. Also, copying it didn’t work as our punch tool machine was unable to make such complicated rounded holes with the strange patterns, and simply making holes on the microphone’s surface and trying to talk through them produced terrible results. We quickly realized that we would need to create a new design and establish a correlation between hole-shapes and design patterns of the microphone and its audio performance. In our audio lab we had a single B&K audio measurement system, which was a bit old hat but still in good shape and still in calibration range, and after some time the job was complete.

I moved on and became a part of the new growing network convergence world that first developed digital terminals and after that VoIP and wireless devices. In the beginning of the 2000s, VoIP’s early stages, the acoustical audio measurements become unimportant. People believed that the “mighty” DSP could solve any problem, and the knowledge on terminal devices and acoustic design had been pushed to the second plane: in most cases speech transmission quality judgment excluded electroacoustic components.

How It All Started

At snom technology AG we were aware of the complexity of VoIP terminal devices from the early beginning. We improved audio quality over the years by combining our acoustic experience with the latest DSP algorithms and our VoIP signaling know-how. Specifically, we solved various issues inherent in VoIP technology, including processing delay, network delay, network packet loss, need for VAD and CNG, countless types of noise, etc. And, of course, we addressed the main issue, that being synchronization, as by its very nature VoIP is an asynchronous connection, and sometimes audio packets are dropped simply because the sender and receiver are not using the same clock.

VoIP Audio Measurement equipment evolves in sync with VoIP technology, and as a VoIP pioneer snom has helped it to quickly reach a mature state which, improving overall overall audio quality through the use of various narrow and wide band codes.

Snom Audio Lab at a Glance

For modern telecommunications, old audio standards such as TIA-810B (Narrow band) and TIA-920 (Wide Band) fail to match requirements. These standards are focused on half duplex connection. Important aspects of the audio quality are not exposed, and many typical problems remain unresolved.


TIA-based audio optimized devices are unable to match customer expectations for perfect audio quality, and for that reason two years ago the snom development team began following the latest audio requirements for wide-band audio based on ETSI 202 739 and ETSI 202 740.

With ETSI, all requirements from the TIA standard are covered, but it doesn’t stop there. ETSI extends the requirements in frequency response domain and in loudness ratings, which requires high quality electroacoustic converters. ETSI also includes double talk behavior measurements and speech quality in presence of network impairments (packet loss, jitter) and, at the end, speech quality in presence of the background noise.


Today the snom audio lab uses Head Acoustic software and equipment, and I believe we have the best-in-the-market tool to create the non-compromise audio quality. We can fully cover all ETSI measurements, and we can do additional various HQS-IP items, such as TOSQA and PESQ, or spectral echo attenuation vs. time, or test our mockup designs to fix all over-limits distortions in the very early phase of the ID development.

Snom has put all of these tools and software to design the 7xx phone family, and with this product we deliver the best quality to our customers, this according to the latest requirements of modern telecommunication. Snom7xx, for example, has been built to pass the frequency response requirement based on ETSI 202-379 at every handset-to-ear pressure. The handset uses a specially designed high leak receiver that allows for the best sound quality at every handset. We use the most realistic artificial ear type during tests, too, which makes the receive curve extremely difficult to surpass.

On another front, high quality jitter buffer and packet loss concealment software in snom 7xx have been improved via the Head Acoustic network simulator in very bad network conditions. The speakerphone has excellent double talk performance, and algorithms such as background noise cancellation and adaptive gain control provide for voice clarity in every condition.

In the end, I am glad to appease the machine haters out there by saying that subjective tests are as important as objective tests, and I can remember many cases where the good objectively-tuned phone just provides bad audio. At snom, well-tuned audio devices mean a lot of objective tuning followed by subjective sessions, until the job has is finished.

Related Posts:

End User fun stuff voip

When You Look Behind You There’s No Open Door

Someone asked me, “What is the future of VoIP?”

I can’t even predict my future living situation, let alone the fate of the Internet.

I went to dinner last night with an out-of-town friend. We met some other friends down in a part of south Austin that not long ago was a dinky mostly-Hispanic neighborhood, complete with dinky houses and dinky Mexican restaurants. On this occasion, though – and I understand this is pretty much the norm now – we waited over an hour for a table at a restaurant called El Chile. On a Monday night.

Once again: ATX WTF?

What’s going on? Is there some festival in town nobody told me about? All of us are baffled. And more than merely baffled we all lament our missed opportunities, having not bought more real estate in Austin in the 90s.

Back in 1992 I lived in a little cabin off of West Mary Street in south Austin, close enough to the railroad tracks to high-five train engineers as they passed by my window. And when I say “little”, I mean that place was small, with a ceiling low enough that any person of average height could extend their arms overhead and press against it. I was reading a lot of existential literature back then. The guys who lived in the other half of the cabin dropped a lot of acid, and I had a standing invitation.

I realized one day that I had to make a life change, when while reading one of Henry Miller’s diatribes on the value of excrement I found myself saying, “This guy makes a lot of sense.” That was too much. I couldn’t go down that path. I laid down the Miller, and the Sartre, and the Nietzsche. I cleaned up. I sobered up. I resurrected my forsaken programming skills, and I went to work, launching a career in software development.

Computer science was not a profession on the radar when I was a kid. Instead, it was called Data Processing. A bunch of guys huddled in the basements of tall buildings who wore pocket protectors, button-down white shirts, and who carried slide rules. And I am not talking caricature. I met these guys, being friends with various adults who worked near the data processing department, and that is how it truly was. The image from the 70s of the stereotypical weakling engineer getting corporate sand kicked in his face? Based on fact. Those programmers were not among society’s movers and shakers.

Things change.

Nowadays, it’s like those old E.F. Hutton commercials. (I know, you’re too young. Google it.) These days in a post-9/11 world, where the dot-com bust has faded in memory, the guy who launches the latest greatest IPO has the ear of the tech world. When programmer geek-nerd talks, people listen.

And who is that? Who has everyone’s ear these days? Is there anyone who can really track where technology is going to be in 5 years? In 2 years? Next year?

I’m sitting at dinner with my friends – instead of waiting an hour behind a line of hipsters we walk across the street to another restaurant called Bouldin Creek Coffeehouse that offers a Slacker Buffet: rice and beans. Perfect – and we start talking about missed opportunities. I tell my out-of-town friend that the little cabin I occupied in 1992 is probably selling for $500k these days, and he — correctly — winces in disbelief.

Bouldin Creek Coffeehouse

Another friend at the table worked at Microsoft for a time, and he tells us of one project manager who got in early and cashed out with $20 million. This person then created a startup with that money and sold a grand total of 13 units of her product, 5 of which she bought herself. $19.8 million burned through. Riches to rags.

Some people who end up in the right place at the right time come to the (wrong) conclusion that they are geniuses. Others realize the nature of luck and don’t ascribe their success to their personal abilities. And still others have to fail and succeed several times before their true abilities shine through. Time reveals the truth.

People who work hard and who are smart tend to do well in a meritocracy, which often leads to the incorrect assumption that someone who is in a position of power or success must have greater abilities than someone who is not. This is one of the pitfalls of living in a meritocracy.

Who came out on the winning side of last year’s technology?  Is that going to be the winning horse in the next race?

I worked with a woman who left PCs Limited in 1988, just before that company changed its name to Dell Computer Corporation. She kicks herself to this day. How could she have known? I kick myself sometimes for not re-investing in Apple in 2008. I kick myself sometimes for not investing in Netflix. I try not to dwell in regrets or on those blind spots of the past, though, opting instead to derive what lessons there are to learn from it all.

The fact is that there may yet be some value in the words of Henry Miller, who wrote:

“This is the greatest damn thing about the universe. That we can know so much, recognize so much, dissect, do everything, and we can’t grasp it.”

Over this past week I spent time trying to grasp the future of data and voice over the Internet. It’s just an area of focus. There is no end point. There will never be a point where it’s all understood.

I am reminded of something the wise old Tallulah Bankhead said:

“If I had to live my life again, I’d make the same mistakes, only sooner.”

So I guess this is it. It is the time. Get on with it.