VoIP Tech Chat

John Todd (with Digium) sent a great email on SIP Security. Although written towards the Asterisk audience, this email provides a very good guideline towards increasing your VoIP SIP Security. It’s a must read and reprinted here for your easy viewing.

In case any of you were wondering why there has been a fairly notable upswing in the attacks happening on SIP endpoints, the answer is “script kiddies.”  In the last few months, a number of new tools have made it easy for knuckle-draggers to attack and defraud SIP endpoints, Asterisk-based systems included.  There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions, and then scan valid extensions looking for passwords.  You can take steps, NOW, to eliminate many of these problems.  I think the community is interested in coming up with an integrated Asterisk-based solution that is much wider in scope for dynamic protection (community-shared blacklists is the current thinking) but that doesn’t mean you should wait for some new tool to defend your systems.  You can IMMEDIATELY take fairly common-sense measures to protect your Asterisk server from the bulk of the scans and attacks that are on the increase. The methods and tools for protection already exists – just apply them, and you’ll be able to sleep more soundly at night.

Seven Easy Steps to Better SIP Security on Asterisk: Read the rest of this entry »

Note: There’s an intro, the DDA response, and Fred’s response in this article. Jump to the end to read Fred’s response.

A few months back, we posted a nice little article on using Asterisk to get Parking Space Availability from Ann Arbor garages. The response from the VoIP community was fantastic! We received great comments and feedback from people like Jason Goecke, Dug Song, Dave Michels, Evan Cooke, and more! People not only responded, they even showed different ways of providing access to this information. And everyone shared their work in an open forum — truly a great example of open source coding inspiring innovation (albeit with Parking Spaces).

Even better was the local response in Ann Arbor. Edward Vielmetti and Fred Posner were interviewed in the local papers, appeared on a radio show, and even rode the teeter totter. Everyone loved the idea of being able to check on parking space availability… everyone except for the DDA (insert scary music).

The DDA (Ann Arbor Downtown Development Authority), funded by tax dollars,  “provides a diversity of transportation and parking options to meet downtown’s [Ann Arbor’s] ever-changing needs.” The DDA does not like us making information of parking spaces available to the public via phone. Instead, the DDA wants to control this information. Seriously, they want to control parking space availability information.

Tyler Erickson helped Edward Vielmetti and Fred make this project even more fascinating by tracking parking space availability over time. The plan was to provide predictability of availability. For example, “We’re sorry, the lot at 4th and Washington is currently filled, we predict the parking lot will be available in 7 minutes. Press 1 to be notified…”

Wouldn’t that be neat? We thought so… The DDA’s response was to block Tyler’s access. Of course, since it was using Google Apps, it blocked Google, but that’s another story. We inquired as to why this blockage occurred and… well enter Susan Pollay. Susan Pollay is Executive Director of the DDA. She told us (and remember, this is a tax funded organization): Read the rest of this entry »

The structural faults, many of them legacies of the 1980s, represent once-in-a-lifetime dislocations that will take years to work out. Among them: the job drought, the debt hangover, the defense-industry contraction, the savings and loan collapse, the real estate depression, the health-care cost explosion and the runaway federal deficit. “This is a sick economy that won’t respond to traditional remedies,” said Norman Robertson, chief economist at Pittsburgh’s Mellon Bank. “There’s going to be a lot of trauma before it’s over.”

America’s structural burdens have hit home most profoundly in terms of jobs. The U.S. workplace is “in a profound, historic state of turmoil that for millions of individuals is approaching panic,” according to labor consultant Dan Lacey, publisher of the newsletter Workplace Trends.

The latest recession has hit white-collar workers particularly hard, both in terms of layoffs and slippage in their real wages. “These people can’t believe what is happening to them,” says Illinois opinion pollster Mike McKeon. “They decided they didn’t want to work in factories, so they learned how to use computers. They were rewarded with service-sector jobs[...], but now they’re out on the street and no one wants them.” Open season has been declared on corporate bureaucrats. “The middle manager has gone out of vogue in corporate America,” says Lacey. “Indeed, the word manager is the kiss of death on resumes.” Read the rest of this entry »