Compose Thread
All Threads
Your Threads
Newest Posts
SearchNewest Posts
» Topic: Ipitomy VoIP PBX
|
HostCheetah  | |
| http://www.ipitomy.com/ General Questions What is IPitomy? IPitomy is a scalable PBX solution featuring a range of traditional telephony and emerging VoIP technologies. IPitomy supports the creation of branch office networks connecting multiple locations locally or around the globe. A full range of PSTN and VoIP technologies such as analog lines and T1 lines are supported. Least cost routing, Voicemail, Queues, Auto Attendants, Conferences, Music on Hold and much more... a real cost saving in a fully featured PBX solution! |TOP OF PAGE| What is VoIP? VoIP (Voice over Internet Protocol) is a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls. Voice data is sent in packets using IP rather than through traditional PSTN circuit transmissions. VoIP is usually much cheaper then PSTN. |TOP OF PAGE| How secure is VoIP? VoIP can be deployed to use industry standard high encryption technologies (SSL and VPN). |TOP OF PAGE| Can I use VoIP with regular (analog) telephone? YES. To use VoIP with your regular analog phone, you will need to install an ATA (Analog Telephone Adapter) or channel bank devices. These devices convert the analog signal to digital data in order to work with VoIP. |TOP OF PAGE| Does IPitomy work if the power fails? YES, but only with UPS (Uninterruptible Power Supply) device installed in the system. A UPS can maintain operation of critical equipment for up to several hours until utility power is restored. The use of a Power Over Ethernet (POE) switch, combining power with Ethernet cabling, is also a good choice. |TOP OF PAGE| Can VoIP receive calls from PSTN? YES! It is possible to place or receive any type of calls (local, long distance, international, etc) to/from PSTN lines. |TOP OF PAGE| How good is a VoIP sound quality? The quality achieved is usually excellent, although the voice quality depends on bandwidth quality as well as its availability. You can check your bandwidth using IPitomy’s bandwidth calculator. |TOP OF PAGE| What about sound quality on LAN? Excellent audio quality on LAN is a standard feature of IPitomy. |TOP OF PAGE| Why should I consider purchasing IPitomy? IPitomy will make your business run faster and easier than ever before while it saves you money on your total communications expenditures. IPitomy is reliable IPitomy is EASY TO USE with web based administration IPitomy will grow your bottom line due to better communication with customers/clients and reduced telephone bills. IPitomy can keep your employees in contact while traveling or at home. No more unavailable employees. IPitomy allows better management of employees. IPitomy will help you to record or monitor employee calls for quality assurance purposes. |TOP OF PAGE| How can IPitomy help me improve my business results? The following IPitomy features will help your business improve employee productivity by allowing them to reduce the amount of time they spend on tasks, reach each other more easily, and work together more efficiently: Conference calls will help your employees to conduct meetings regardless of time or location - saving traveling time, reducing expenses, and limiting inconveniences. Call recordings will improve calls, costs, and staff management. Call forwarding will assist in employee mobility, allowing your employees to be at different locations while still receiving calls. Unified Messaging sends voice mail to email to improve voice mail response time |TOP OF PAGE| The following features will help your business maintain high quality customer service: DID (Direct Inward Dialing) will allow your clients to reach a line directly without going through an operator or dialing several numbers. Automated Attendant answers all incoming calls and prompts callers to dial an extension, other destinations or leave a voicemail message - all without the help of an operator – freeing up valuable time for other tasks. Music On Hold will inform and entertain your customers while waiting to speak to someone with informative messages and music. The following features will help your business get the most out of the networks: Outbound dialing controls will control dialing of specific outbound routes, such as international, preventing unauthorized use of your services and resources. Backup will automatically store your system settings, recordings and other important data for easy retrieval/restore. IPitomy Updates will update your system with the latest bug fixes and enhancements of existing features when available. |TOP OF PAGE| How can IPitomy save me time and money? IPitomy allows your business branch offices to communicate easily using the VoIP feature, rapidly reducing telephone costs and time. Users will be able to contact remote a office co-worker simply by dialing an extension. IPitomy easily creates conference bridges between employees on local or remote (overseas) levels, directly saving significant amounts of time, and possible travel costs. IPitomy allows calls to be diverted to employees' mobile phones resulting in more flexibility, mobility, and time. Increased efficiency results in reduced expenses. IPitomy browser based system administration allows your users to easily navigate through the configuration. Therefore, it will save significant amounts of time and expense on system maintenance, technical support, training, etc. IPitomy's VoIP service (IPitomy Exchange) will dramatically lower telephone communications costs. |TOP OF PAGE| Will my telephone bills reduce if I use VoIP feature when comparing to PSTN (Public Switched Telephone Network)? Yes. VoIP feature should rapidly reduce your business telephone costs! |TOP OF PAGE| What is OS platform for IPitomy? IPitomy OS platform is Linux. |TOP OF PAGE| What features and functionalities are included with the IPitomy? Please refer to: |TOP OF PAGE| Does IPitomy support Emergency call services? Yes. Emergency calls can be placed by direct dialing, or by using a prefix number for an outgoing phone and then dialing the emergency number. |TOP OF PAGE| Do my employees need special education to use IPitomy? NO. IPitomy’s browser based system administration allows your users to easily navigate through the system. IPitomy has been designed to be intuitive and simple to use. Since IPitomy is an all in one telecommunications system, the seamless integration of all of the system features simplifies the entire process reducing the learning curve dramatically. |TOP OF PAGE| Technical Questions Can I divert incoming calls to my mobile phone? YES. IPitomy has complete call forwarding and follow me that are simple to use. |TOP OF PAGE| Can I still use PSTN with IPitomy? Yes. Standard plain old telephone service (POTS) and T1/PRI are all supported. |TOP OF PAGE| Is it possible to connect IPitomy to already existing telephones in my company? YES. IPitomy can connect with your existing analog telephones. IPitomy has gateway devices that can be used to drive analog telephones and analog telephone lines. For digital key systems and PBX’s, IPitomy can connect to analog ports on the switch to provide IPitomy Exchange VoIP services and remote extensions and branch office connections for less than upgrading most legacy hardware. As soon as you decide to migrate all the way to IPitomy, your investment is protected instead of wasted on outdated upgrades. |TOP OF PAGE| Can IPitomy replace our existing PBX system? In most cases, IPitomy is less expensive than upgrading an outdated PBX or key system. When you add IPitomy Exchange, the return on investment is rapid. When you add in the additional savings of business efficiency gained by recovering lost days due to homebound employees, weather related interruptions, and reduced travel time, you will conclude that you cannot afford to put off deploying IPitomy! |TOP OF PAGE| How many extensions can IPitomy provide my company with? IPitomy has several products that are optimized for the size of the business using them. The system size is ultimately limited by the amount of processor, memory and bandwidth. All IPitomy systems can be connected in a branch office network with distributed systems growing to any size. |TOP OF PAGE| Is it possible to upgrade miniPBX to maxiPBX or megaPBX ? YES. IPitomy will provide you with the opportunity to upgrade the number of extensions. Depending on the size, you may have to move to a more powerful platform, but the software will remain the same. |TOP OF PAGE| Can I have all my local offices and branch offices abroad connected with IPitomy solutions? YES. IPitomy can connect all your offices (local and remote) together into a network. Additionally, your company will show a cost savings using VoIP for phone calls versus traditional long distance calls over the PSTN. Each branch office only requires a broadband connection. |TOP OF PAGE| Can our IPitomy network use VPN? YES. Your VoIP data will be encrypted between each office over the Internet. |TOP OF PAGE| Does IPitomy include conference bridges with remote offices? YES. Conference bridges are included in all of the products. |TOP OF PAGE| Does IPitomy provide all necessary equipment including telephone units? YES. IPitomy provides and supports all of the required equipment. We design and manufacture our IP PBX, IP telephones, and gateways. It is possible to use other SIP telephones with IPitomy as well. We support Aastra, Polycom and Cisco telephones. |TOP OF PAGE| Do I need to do additional installation or configuration of any hardware or device included with IPitomy? IPitomy will be installed and configured according to your business needs and technical requirements by a local IPitomy dealer. |TOP OF PAGE| Does IPitomy allow all existing extensions within my company to remain the same? IPitomy supports 3 and 4 digit extensions. |TOP OF PAGE| Sales Questions How much does IPitomy cost? IPitomy is priced according to the number of extensions/lines and your exact business needs. We will provide you with a complete quotation based upon your requirements. An IPitomy dealer will discuss your requirements with you and recommend the best solution. |TOP OF PAGE| What is the warranty period for IPitomy? The warranty period for IPitomy hardware is one (1) year. Extended warranty plans are available. |TOP OF PAGE| After I purchase the product will I be informed about any software or hardware upgrades? YES. IPitomy informs customers and clients about all available upgrades, news, release notes, etc. |TOP OF PAGE| Is there any maintenance support provided by IPitomy after I purchase the system? Yes. Your local IPitomy dealer is there to provide support and advice. As easy as IPitomy is to use and configure, it is always good to have a local support representative available who stocks spare parts and knows how to quickly resolve telecommunications issues. |TOP OF PAGE| Can I add additional extensions to the system? Yes. The system is easily expandable through a software license update. |TOP OF PAGE| How does IPitomy treat Updates? Updates and Minor Updates are included in your 12 month support contract which is included in the sales price. The renewal of your support contract or purchase of a longer term agreement will extend this. |TOP OF PAGE| How does IPitomy treat Upgrades? Upgrades are feature enhancements that are available at an additional cost. |TOP OF PAGE| |
||
» Topic: Read POP3 e-mails on multiple computers
|
|
HostCheetah | |
| Read full FAQ here: http://office.microsoft.com/en-us/outlook-help/read-pop3-e-mail-messages-on-multiple-computers-HP010102443.aspx By default, when you download new messages from a POP3 e-mail account, the messages are deleted from the POP3 mail server. If you check your POP3 e-mail account from different computers by using the default Microsoft Office Outlook 2007 POP3 settings, the computer that downloads a new e-mail message is the only location where the message is stored. The message is no longer on the POP3 mail server when you connect from another computer. To view your messages from different computers, you can choose to download a copy of new e-mail messages and not delete them from the POP3 mail server. What do you want to do? Download a copy of the messages and leave them on the POP3 mail server Download messages and delete them from the POP3 mail server Download a copy of the messages and leave them on the POP3 mail server Downloading a copy of your messages can be useful if you check your POP3 e-mail account from multiple profiles or computers. For example, you can download a copy of the messages on both your work and home computers and then delete them from the POP3 mail server. NOTE E-mail messages that you send are saved in the Sent Items folder in Outlook only on the computer from which they are sent. You cannot access the Sent Items folder of one computer from your other computers that run Outlook. Consider including your e-mail address in the Bcc box so that you can download the messages that you send on another computer.  When you connect to your POP3 mail server from your laptop computer, a copy of your new e-mail messages is downloaded to Outlook. When you connect from your work computer, a copy of your new e-mail messages is downloaded to Outlook. When you connect from your home computer, a copy of your new e-mail messages is downloaded to Outlook. Because the Leave a copy of messages on the server check box is not selected in Outlook on your home computer, a command is sent from Outlook to the POP3 mail server instructing it to delete the messages that you just downloaded. No other copy of Outlook can now download these messages from the POP3 mail server. On each computer where you want to read your e-mail messages but not save them permanently, do the following: On the Tools menu, click Account Settings. The Account Settings command is missing Under Name, select the POP3 e-mail account that you want to change, and then click Change. NOTE If your profile does not contain a Microsoft Exchange account, your messages are stored on your computer in a Personal Folders file (.pst). However, if your profile contains both an Exchange account and a POP3 e-mail account, and the default setting is to deliver all new messages to your mailbox on the server running Exchange, your downloaded POP3 messages are stored in your Exchange account. Any profile that you use on any computer that has access to your Exchange mailbox will be able to see the previously downloaded POP3 e-mail messages. Click More Settings. Click the Advanced tab, and then under Delivery, select the Leave a copy of messages on the server check box. You can also select whether to automatically delete messages from your e-mail server after a specified number of days, when you delete the item on your computer, or when the Deleted Items folder is emptied. These settings might help prevent you from exceeding the maximum mailbox size set by your Internet service provider (ISP). Do one of the following: Get new messages manually On the Tools menu, point to Send/Receive, point to the POP3 e-mail account, and then click Inbox. Get new messages automatically On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups. Keyboard shortcut To open the Send/Receive Groups dialog box, press CTRL+ALT+S. Under Group Name, select a group that contains your POP3 e-mail account, and then under Setting for group name, select the Schedule an automatic send/receive every n minutes check box. Enter a number between 1 and 1440. The latter number schedules an automatic send/receive once daily. NOTE If you have not created custom Send/Receive groups, select the All Accounts group. Your POP3 e-mail server will be checked and new messages will be downloaded according to the schedule that you specified. NOTE Most ISPs have a size limit on your POP3 mailbox. If you do not delete items from the server, your account will eventually exceed the amount allotted by your ISP, preventing additional messages from being received, and you can possibly incur additional charges. For more information, contact your ISP. TOP OF PAGE Download messages and delete them from the POP3 mail server On the computer where you want to save the e-mail messages, you will configure Outlook to download the messages and delete them from the mail server. After you use this computer to check your e-mail messages, the other computers will no longer be able to download the messages. If you have not added the POP3 account to the Outlook profile, add it now. On the Tools menu, click Account Settings. The Account Settings command is missing On the E-mail tab, click New, select Microsoft Exchange, POP3, IMAP, or HTTP, and then click Next. Click POP3, and then click Next. Enter your name, e-mail address, and password in the corresponding text boxes. Do one of the following: Get new messages manually On the Tools menu, point to Send/Receive, point to the account, and then click Inbox. Get new messages automatically On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups. Keyboard shortcut To open the Send/Receive Groups dialog box, press CTRL+ALT+S. Under Group Name, select a group that contains your POP3 e-mail account, and then under Setting for group name, select the Schedule an automatic send/receive every n minutes check box. Enter a number between 1 and 1440. The latter number schedules an automatic send/receive once daily. NOTE If you have not created any custom Send/Receive groups, select the All Accounts group. Your POP3 e-mail server will be checked and new messages will be downloaded according to the schedule that you specified. TIP If you want to access new messages on any computer, an alternative is to use the steps to download a copy of the messages and leave them on the POP3 server on all your computers. When you select the Leave a copy of messages on the server check box, also select the Remove from server after n days check box. This allows you to check your mail from any computer within the specified number of days. Mail is deleted from the POP3 mail server after the time limit is exceeded. |
||
» Topic: TrixBox : Firewall or ACL's and Restrict IPs
|
|
HostCheetah | |
| Thread: http://fonality.com/trixbox/forums/trixbox-forums/open-discussion/sip-port-5060-why-do-you-keep-using-it Obeliks: The SIP signaling port to can be changed from its default setting of 5060. If your PBX is not behind NAT but exposed directly to the internet, ( or for some reason you port forward 5060 ) this would prevent your PBX from being discovered during automated scans looking for PBXes to crack. Given the fact almost nobody does that, what are the arguments against it ? Kerryg: Not all SIP trunk providers allow you to change it on their side. This is probably the single biggest obstacle for "rolling your own port". My biggest response to that is why in the hell would you have a system exposed directly to the internet and not behind a firewall? With a firewall you can (depending on the model) lock down the ports to specific IP addresses and avoid the port scanning issue. -- Kerry Garrison http://www.VoipStore.com - http://3cxbook.com (888) VOIPSTORE - (888) 864-7786 Jlutes: Just because you move the port doesn't stop anyone from finding you PBX. It doesn't take very long to do a port scan on an IP address. Though I do agree changing it will stop what we call 'script kiddies' or people who have no idea what they are doing but have this cool program that does this and that, it won't stop a true cracker or even slow them down much. All that said, we NAT our boxes and though we don't change the ports for SIP traffic, we do change the ports for web and ssh access. We had one intruder that got in through SIP and made some phone calls on our dime. We blocked the IP address and configured the Permit string on all of our devices and haven't had trouble since. What I guess I'm saying is that if it ain't broke, why fix it? P.S., I agree with Kerry - get a firewall! Obeliks: Not all SIP trunk providers allow you to change it on their side. I am talking about changing the port on your side, not on the trunk provider side. The trunk provider finds you based on your registration. The only problem I can see with this change is when your trunk provider has a fixed IP configured for your end of the trunk and does not allow you to use a non-default port, but I believe most would allow you to change the port when using fixed IP. As a matter of fact I just configured my trixbox on a non-default port and everything works just fine. The biggest issue was to reconfigure all extensions to register on a different port with my trixbox. Some softphones do not allow you to change the port. I was successful with X-Lite, but could not change it with Blink. In case of ATAs and VoIP phones this reconfiguration is very easy. Astrosmurfer: Changing port numbers is an ineffective security measure. You are only delaying the inevitable and the length of that delay may be very short. People try to hide other services like HTTP and SSH by changing the listening port but it is trivial to find these systems regardless of the port. Likewise, it is quick and simple to find a SIP server on any port. There was a time, when internet connections were very slow, that it was sufficiently "expensive" to scan an entire port range. But now, when more and more people are hosting their services on multimegabit connections and even home users have highspeed connections, full sweep port scans are trivial and relatively quick. It's been discussed countless times but, even if you aren't using NAT, you should still use a firewall, VPN and fail2ban. Changing ports is ineffective. Obeliks: Well, everybody is entitled to their own opinions. ;-) If you are using a non-default port then for an attack directed specifically at you, it is not going to add much protection. But almost no attacks are like that. In most of the cases the internet is scoured for potential victims and attacks are directed at those who are easiest to find. I certainly would not want to be a victim of a 0-day attack. Remember, you don't have to outrun the bear, just the next trixbox user ;-) Running on a non-default port can buy you some time, so you can install patches when they become available. I am not convinced that majority of the users on this forum employ fully staffed security teams to deal with network attacks and can respond immediately to all asterisk security issues. I agree that fail2ban should be part of the deployment but what are you going to do if the next yum update breaks it and you do not notice or if you are dealing with an attack that fail2ban does not offer protection for ? Obeliks: get a firewall! This statement could be attributed to a firewall vendor ;-) Firewalls offer no protection if you have to accept packets from unknown extensions/peers. If you know where your traffic will be coming from then properly configured iptables can offer sufficient protection and there is no need for a separate firewall. BubbaPCGuy: Quote get a firewall! This statement could be attributed to a firewall vendor ;-) Unquote Well the statement would be attributed to any (decent) network admin. Using IPtables is fine but to make a blanket statement like " there is no need for a separate firewall" shows us that you in fact have no business setting up PBX or any computers connecting to the net. It is folks who try to think they are smarter than the hordes of hackers / scripts out there, who make trouble for the rest of us...where do you think they get those botted boxes to do the scanning???? They get them from you folks without a firewall. To filter traffic is easy..the rule is inet connected severs is to BLOCK all reaffic and then ALLOW ONLY that which needed. IPTables working hard on a PBX will effect the PBX, why subject the box to that???I can see No reason to. As someone who has had PBXes on the net for YEARS (racks full) without a single breakin, it is very safe to run on standard ports as long as you do not allow just any ole IP address or do not use VPN (which MY way) to give access If your end users can not afford a static IP then drop in a Open VPN server or use VPN end points (routers)...but ALWAYS use a firewall in front of ALL web connected units. Safety comes at a cost but it is still cheaper than running around naked. Obeliks: Using IPtables is fine but to make a blanket statement like " there is no need for a separate firewall" shows us that you in fact have no business setting up PBX or any computers connecting to the net. I would be cautious with statements like this. Some people may question your professionalism. There is no web site I know of pumping significant amount of traffic (>10Gbps) and using firewalls. You can check with people who run Youtube, Akamai or any other major internet player. You use ACLs on your routers. You also make sure your servers do not have more holes than swiss cheese. Here is some info on the subject: http://trixbox.org/forums/trixbox-forums/open-discussion/security... http://trixbox.org/forums/trixbox-forums/open-discussion/security... http://trixbox.org/forums/trixbox-forums/open-discussion/list-por... As someone who has had PBXes on the net for YEARS (racks full) without a single breakin, it is very safe to run on standard ports as long as you do not allow just any ole IP address or do not use VPN (which MY way) to give access This was not the case I was discussing in my original post. My post was directed at people who do allow traffic from arbitrary IPs, like people with mobile devices who need to have their phones registered no matter where they happen to be, "road warriors" with softphones, etc .... IPTables working hard on a PBX will effect the PBX, why subject the box to that??? How hard do you think Iptables will work ? Do you have any numbers to support your statement or is it just another example of FUD ? |
||
» Topic: R-FX Networks Linux Security Scripts
|
|
HostCheetah | |
| http://www.rfxn.com/about/ About Us What is R-fx Networks? In the spring of 2001, R-fx Networks was born as nothing more than a simple web hosting/design site with a single project fostering growth from the then budding Ensim & Cpanel web host community, System Integrity Monitor (SIM). That project, SIM, was a convenience tool for being sick of failing ProFTPd & Apache services at 4am and the parent control panels being unable to automatically restart them for one reason or the other. The project and subsequently the site then grew to be much more over the years, spawning a number of other projects while taking the site through an identity crisis which ultimately ended up as a Linux Managed Services Provider since then. Throughout the years one thing that has dominated is my commitment to maintaining free and open projects for the web hosting community at large, which I am proud to say is still a commitment going forward. The projects have always been made first and foremost for myself and those that employee me, then in turn I publish those projects to the community as surely if they create convenience in my life they can do the same for others. This sometimes conflicts with the interests of the community who require or desire certain features that are not inline with my own development path, however at the end of the day most people understand and are very patient with development requests. The bottom line is, typically if I can not find a use for a requested feature in a project then it will not make it it into the public release – it is that simple. Where did the old site go? The old site was an antiquated relic of the past, representing R-fx Networks in a broken and rundown state from the days when it was a hybrid of a community project site and managed services provider. Although the projects have continually been maintained, the old site did not serve them justice and was no longer actively updated which gave a bad impression for attracting new users to the projects. Ok What now? This new site will serve as a development blog and the continued source for our maintained projects (apf, bfd etc..) along with expanding the lack-luster documentation that currently exists into a more defined version. The projects will receive the attention they have long deserved along with expanded resources for feature ideas, bug reporting and more. In addition, the new site will also serve as a personal blog spot for work, life and what ever else I feel like bantering about on a particular day. This will not detract from the top priority which is the projects but they are nevertheless my projects so take my bantering as a necessary baggage. |
||
» Topic: SQL Injection Protection with SonicWall
|
|
HostCheetah | |
| See how a SonicWALL can protect your SQL server from injection attacks. Learn step-by-step on how we configured the firewall to provide this protection http://youtu.be/AV1iDkEaaXQ Purchase a New SonicWall / Services as well as Renew security Services at SonicGuard.com |
||
» Topic: How to Hack Trixbox. Make free calls.
|
|
HostCheetah | |
| by Kerry Garrison | March 2009 | Linux Servers Networking & Telephony Open Source Read full story here: http://www.packtpub.com/article/securing-your-trixbox-server Even though a trixbox system is a phone system, it is still a basic computer system like any other. One of the problems that we face is that extensions and VoIP service providers typically come into the system over the open Internet; this means that certain aspects of our system are wide open to the outside world. During the week that this article was written, several new scripts came out that allowed people to scan machines over the Internet, find systems that are running Asterisk, get the list of available extensions, and then hack the passwords. These tools allow a malicious hacker to get into your system and start making long-distance phone calls. There were numerous instances of companies with phone bills reaching into the thousands and even tens of thousands of dollars. Because of issues like this, it is more imperative than ever that you understand how to properly secure your trixbox server from the outside world. In this article by Kerry Garrison, we will focus on how to secure the trixbox server. Start with a good firewall Never have your trixbox system exposed completely on the open Internet; always make sure it is behind a good firewall. While many people think that because trixbox is running on Linux, it is totally secure, Linux, like anything else, has its share of vulnerabilities, and if things are not configured properly, is fairly simple for hackers to get into. There are really good open-source firewalls available, such as pfSense, Viata, and M0n0Wall. Any access to system services, such as HTTP or SSH, should only be done via a VPN or using a pseudo-VPN such as Hamachi. The best designed security starts with being exposed to the outside world as little as possible. If we have remote extensions that cannot use VPNs, then we will be forced to leave SIP ports open, and the next step will be to secure those as well. Stopping unneeded services Since trixbox CE is basically a stock installation of CentOS Linux, very little hardening has been done to the system to secure it. This lack of security is intentional as the first level of defence should always be a good firewall. Since there will be people who still insist on putting the system in a data center with no firewall, some care will need to be taken to ensure that the system is as secure as possible. The first step is to disable any services that are running that could be potential security vulnerabilities. We can see the list of services that are used with the chkconfig –list command. [trixbox1.localdomain rules]# chkconfig --list anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off asterisk 0:off 1:off 2:off 3:off 4:off 5:off 6:off avahi-daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off avahi-dnsconfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off bgpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off dhcpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off dhcrelay 0:off 1:off 2:off 3:off 4:off 5:off 6:off ez-ipupdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off isdn 0:off 1:off 2:off 3:off 4:off 5:off 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off mDNSResponder 0:off 1:off 2:off 3:on 4:on 5:on 6:off mcstrans 0:off 1:off 2:off 3:off 4:off 5:off 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off memcached 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off mysqld 0:off 1:off 2:off 3:on 4:on 5:on 6:off named 0:off 1:off 2:off 3:off 4:off 5:off 6:off netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ospf6d 0:off 1:off 2:off 3:off 4:off 5:off 6:off ospfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off ripd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ripngd 0:off 1:off 2:off 3:off 4:off 5:off 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off zaptel 0:off 1:off 2:on 3:on 4:on 5:on 6:off zebra 0:off 1:off 2:off 3:off 4:off 5:off 6:off The highlighted lines are services that are started automatically on system startup. The following list of services is required by trixbox CE and should not be disabled: Anacron crond haldaemon httpd kudzu lm_sensors lvm2-monitor mDNSResponder mdmonitor memcached messagebus mysqld network ntpd postfix sshd syslog xinetd zaptel To disable a service, we use the command chkconfig <servicename> off. We can now turn off some of the services that are not needed: chkconfig ircd off chkconfig netfs off chkconfig nfslock off chkconfig openibd off chkconfig portmap off chkconfig restorecond off chkconfig rpcgssd off chkconfig rpcidmapd off chkconfig vsftpd off We can also stop the services immediately without having to reboot: service ircd stop service netfs stop service nfslock stop service openibd stop service portmap stop service restorecond stop service rpcgssd stop service rpcidmapd stop service vsftpd stop Securing SSH A very large misconception is that by using SSH to access your system, you are safe from outside attacks. The security of SSH access is only as good as the security you have used to secure SSH access. Far too often, we see systems that have been hacked because their root password is very simple to guess (things like password or trixbox are not safe passwords). Any dictionary word is not safe at all, and substituting numbers for letters is very poor practice as well. So, as long as SSH is exposed to the outside, it is vulnerable. The best thing to do, if you absolutely have to have SSH running on the open Internet, is to change the port number used to access SSH. This section will detail the best methods of securing your SSH connections. Create a remote login account First off, we should create a user on the system and only allow SSH connections from it. The username should be something that only you know and is not easily guessed. Here, we will create a user called trixuser and assign a password to it. The password should be something with letters, numbers, symbols, and not based on a dictionary word. Also, try to string it into a sentence making sure to use the letters, numbers, and symbols. Spaces in passwords work well too, and are hard to add in scripts that might try to break into your server. A nice and simple tool for creating hard-to-guess passwords can be found at http://www.pctools.com/guides/password/. [trixbox1.localdomain init.d]# useradd trixuser [trixbox1.localdomain init.d]# passwd trixuser Now, ensure that the new account works by using SSH to log in to the trixbox CE server with this new account. If it does not let you in, make sure the password is correct or try to reset it. If it works, continue on. Only allowing one account access to the system over SSH is a great way to lock out most brute force attacks. To do this, we need to edit the file in /etc/ssh/sshd_config and add the following to the file. AllowUsers trixuser The PermitRootLogin setting can be edited so that root can't log in over SSH. Remove the # from in front of the setting and change the yes to no. PermitRootLogin no trixbox CE 2.6 Implementing, managing, and maintaining an Asterisk-based telephony system Change the SSH port Finally, it's recommended that the Port setting from the standard 22 is changed, which everyone knows as SSH, to something else. Be careful what you change it to; you don't want the port to conflict with a port in use or that might become in use. You can also attract more attention to the server if you put it on another known port than if you left it at 22. In this example, we will use 2222. Please decide your own port number to use on your system. The setting we edit is Port 22 in /etc/ssh/sshd_config. Remove the # from in front of the setting and change 22 to 2222. Port 2222 We need to restart sshd for the changes to take effect. Please use caution when changing these settings on a remote system that you can't easily get to. If there is an error in the config, it could cause sshd to not restart. To restart the SSH service for the new settings to take effect, use the following command: service sshd restart Now, test to make sure that you can get into the server over SSH. The root user should be denied access and only the user we created should be allowed to get in. Don't forget to change your SSH port to 2222 when connecting. In Putty, it is listed next to the IP address; on the command line, the flag is -p port. Extension security Although, in the examples you've seen throughout this article, the extensions use the same secret as the extension number, in practice this is a very big security hole as several scripts that are available look for exactly this setup when trying to attack Asterisk-based systems. Make sure that you use a very strong password as your secret for each extension. In the next section, we will look at a set of tools that can be used to protect your system against extension attacks. Additional security With the advent of hacking scripts, you really cannot be too careful; if you have any remote extensions or VoIP trunks, it is now recommended that you set up tools to capture illegitimate login requests and block those IP addresses from getting into your system. One popular tool among trixbox CE users is fail2ban, and there is quite a bit of information in the trixbox forums about how to set it up. For the purpose of this article, we are going to look at APF and BFD as a more robust solution. The following information is provided courtesy of Tim Yardley, the trixbox CE Build Engineer. Tim's recommendation is to use R-fx Networks, APF, and BFD for firewalling trixbox CE systems. Links to their software can be found here. APF: http://rfxnetworks.com/apf.php BFD: http://rfxnetworks.com/bfd.php APF stands for Advanced Policy Firewall. This is used to control iptables on the system to allow or disallow ports to be open. APF has additional features that make it stand out above the rest. Reactive Address Blocking (RAB), QoS (TOS), direct integration with BFD, and much more—see its site for full details. BFD stands for Brute Force Detection. This is used to monitor any failed logins and block IP addresses from getting in. This runs as a cron daemon and works perfectly with APF. Installing both of these applications is very simple. You can download both of them from the R-fx Networks links, uncompress them, and then run the install.sh script. Tim has also created an installer script that can be downloaded to your machine and run. This will install the latest and greatest APF/BFD. To get this script, you will need to use wget or another method to pull it off a web server. You will want to be logged into your system as root to use these commands: wget http://engineertim.com/install_apf_bfd.sh chmod 755 install_apf_bfd.sh ./install_apf_bfd.sh This will start the installation process for both APF and BFD. Once the scripts complete, you will be returned to a command prompt. APF Configuring APF is pretty easy, and we will look at few of the config file options in this section. Two of the options are covered in great detail on its web site and well-commented in the conf.apf file. The config file for APF lives in /etc/apf and is called conf.apf. We will need to edit the conf.apf file. If you have multiple network interfaces on your trixbox setup, you will want to set the IFACE_IN and IFACE_OUT to your external interface. This is the untrusted network interface that is connected to the Internet. If you have a second card, eth1, that is used for internal, trusted network, you can set the IFACE_TRUSTED to this interface. To begin editing the file, use the following command: nano /etc/apf/conf.apf Please see the comments in the conf.apf if you are uncertain. The setup script will try to properly determine which interface is used for the untrusted network and place it in the appropriate field. It is recommended to set the value of SET_TRIM to 0. This value sets the total number of rules allowed inside of the deny trust system. It is designed to save memory and start time. With the default value of 50, the system will start to purge old rules once this number is met. With the inclusion of BFD, this number will generally climb past 50. Setting this value to 0 will disable this feature. SET_TRIM="0" APF has the ability to do QoS on packets; this is defined with the TOS values in the conf.apf file. For SIP and IAX, you can set the following: TOS_8="21,20,80,4569,5060,10000_20000" This also requires a small tweak to one of the config files, which we will discuss later in this article, in order to tag UDP packets If you changed the SSH port to a different number, we have to edit the conf.apf file to match this new port. HELPER_SSH_PORT="2222" Make sure to replace 2222 with the correct port number on which you decided to run SSH. Ingress filtering is used to open inbound ports for access; both TCP and UDP have separate settings. For a trixbox setup, the following ports should be open; both TCP and UDP are listed. If you are not using TFTP, then do not have port 69 open. Do not forget to change the SSH port from 22, to the port you choose to run SSH on. Otherwise, you will be locked out; here we are using port 2222 from our last example. We have not included IAX ports in this setup. There is an easy way to ensure that only specific hosts can use IAX, which we will cover later. This is handy if you use IAX to do interoffice trunks, as I do, but don't want IAX ports open for the world to see. IG_TCP_CPORTS="2222,69,80,5060,6600,10000_20000" IG_UDP_CPORTS="69,5060,10000_20000" Egress filtering is used to allow outbound filtering. I don't use egress filtering, and it will not be covered in this article. It is set to EGF="0", or disabled by default. In the section of the conf.apf file called Imported Rules, there are settings for various feeds. Feeds are used so that many people can get information about malicious IP addresses as soon as one system reports them; this way if a script from a certain IP is attacking systems, often before the script gets a chance to get to you, your system has already blocked that IP address. Some of these feeds are very handy and I use them all. You can even set up your own custom feed that would allow you to adjust all of your servers with global deny rules. You can disable or enable this feature with the USE_DS setting—a 1 is enabled, a 0 is disabled. We are now ready to start APF for the first time. If you start APF right now and something is wrong, it will disable itself in 5 minutes. This is called DEVEL_MODE and is the first setting in the conf.apf file. Leave this set to 1 until you are certain you can get in via SSH and things are working. To save the configuration file, hit Ctrl+O to save and Ctrl+X to exit. To see a list of command-line options, run apf without any flags. [trixbox1.localdomain apf]# apf apf(3402): {glob} status log not found, created APF version 9.6 <apf@r-fx.org> Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org> Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org> This program may be freely redistributed under the terms of the GNU GPL usage /usr/local/sbin/apf [OPTION] -s|--start ......................... load all firewall rules -r|--restart ....................... stop (flush) & reload firewall rules -f|--stop........ .................. stop (flush) all firewall rules -l|--list .......................... list all firewall rules -t|--status ........................ output firewall status log -e|--refresh ....................... refresh & resolve dns names in trust rules -a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall -u|--remove HOST ................... remove host from [glob]*_hosts.rules and immediately remove rule from firewall -o|--ovars ......................... output all configuration options To start APF, we issue the following command: [trixbox1.localdomain apf]# apf -s apf(3445): {glob} activating firewall apf(3489): {glob} determined (IFACE_IN) eth0 has address 192.168.1.31 apf(3489): {glob} determined (IFACE_OUT) eth0 has address 192.168.1.31 apf(3489): {glob} loading preroute.rules apf(3489): {resnet} downloading http://r-fx.ca/downloads/reserved. networks apf(3489): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks apf(3489): {glob} loading reserved.networks apf(3489): {glob} SET_REFRESH is set to 10 minutes apf(3489): {glob} loading bt.rules apf(3489): {dshield} downloading http://feeds.dshield.org/top10-2.txt apf(3489): {dshield} parsing top10-2.txt into /etc/apf/ds_hosts.rules apf(3489): {dshield} loading ds_hosts.rules apf(3489): {sdrop} downloading http://www.spamhaus.org/drop/drop.lasso apf(3489): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rules apf(3489): {sdrop} loading sdrop_hosts.rules apf(3489): {glob} loading common drop ports ...........trimmed for this document......... apf(3489): {glob} default (ingress) input drop apf(3445): {glob} firewall initalized apf(3445): {glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes. We can see that APF has started, downloaded some rules from dshield.org and spamhaus.org, and then told us it is in DEVELOPMENT MODE. Now, test connecting to your server over SSH to ensure that you have set up the correct port number ingress. If you can't connect, you will have to wait 5 minutes and then APF will shutdown. Once you are sure you can get in with SSH, we can change the conf.apf file from DEVEL_MODE="1" to DEVEL_MODE="0" and restart/start APF. APF will start and not warn you about being in DEVELOPMENT MODE; your firewall should be good to go. trixbox CE 2.6 Implementing, managing, and maintaining an Asterisk-based telephony system APF additional tweaks This setup might not be ideal for everyone. If you connect to your provider over IAX, then you will definitely want to add the IAX ports to the conf.apf. However, if you have two or more systems that you connect to each other over IAX for interoffice connections, this is the way to go. This will work with static IP addresses and DynDNS setups alike. You can use a fully qualified DNS hostname or IP address. One of the flags for the apf command is -a, which is allow. This will globally allow a host to connect to this system, bypassing the firewall rules. It can't be stressed that how handy this is. Some examples are allowing an SNMP query, IAX connections, or other ports that you do not want open, but need to allow specific hosts to connect to. To do this, just issue the following command and substitute your remote system IP address for the one we have here. apf -a 192.168.1.216 This will allow the system 192.168.1.216 to connect to any port on the firewalled server, thereby bypassing the firewall rules. If you are running APF on both systems, be sure to do the same thing on the other host using the correct IP address. APF also allows a system admin to block a host or a complete subnet. This is handy if you see someone attempting to connect to your machine over FTP, Telnet, SSH, and so on. To block a specific host, use the following; be sure to use the IP address you want to block. apf -d 192.168.1.216 To block a complete subnet (CIDR), the command is very similar: apf -d 202.86.128.0/24 This will block the entire subnet. You can sometimes get the subnet (CIDR) listing using a WHOIS on the IP address. You can also look up a CIDR by IP on Google or ripe.net. Be sure that the subnet that you are blocking is not the one you are using or you could lock yourself out. TOS for UDP packets are not defined for APF. Only TCP packets have the TOS bit set. There is an easy way to fix this. In the /etc/apf/internals folder, there is a file called functions.apf. We need to edit this file manually. It is pretty straightforward as to what we need to change, so don't worry. There are several places where we have to add a single line. Look for the TOS_ section in the functions.apf file. It will look like this: if [ ! "$TOS_0" == "" ]; then for i in `echo $TOS_0 | tr ',' ' '`; do i=`echo $i | tr '_' ':'` $IPT -t mangle -A PREROUTING -p tcp --sport $i -j TOS --set-tos 0 done fi We have to add the settings for UDP. We copy one line and change tcp to udp. A sample is below, highlighted. if [ ! "$TOS_0" == "" ]; then for i in `echo $TOS_0 | tr ',' ' '`; do i=`echo $i | tr '_' ':'` $IPT -t mangle -A PREROUTING -p tcp --sport $i -j TOS --set-tos 0 $IPT -t mangle -A PREROUTING -p udp --sport $i -j TOS --set-tos 0 done fi This additional line has to be done for all the TOS bits you are using. If you are using only TOS_8, then only worry about doing it for those. Make sure you do the tospostroute and tospreroute sections. BFD Brute Force Detection is used to capture illegitimate login attempts for services on the system. We see quite often a large number of SSH attempts into servers that haven't had the SSH port changed. These attempts are often an outside attempt to gain access by running dictionary attacks against common user names. These can now easily be stopped by using BFD. If you ran the install_apf_bfd.sh, then BFD should be installed. The configuration file for BFD is located in /usr/local/bfd and is called conf.bfd. This file, like the one for APF, is heavily commented and covered in great detail on the R-fx Networks web site. This section will just cover some of the settings. First, this must be stated that you can become locked out of your own server if you fail to type your own password correctly. This is another good reason to add a trusted system using the apf -a command. You can also add a host to specifically block by adding the IP address to the /usr/local/bfd/ignore.hosts file. The ban command that BFD uses is tied directly to APF. The command is apf -d, which is the same as we saw to manually ban addresses and subnets. The first configuration variable we will look at is TRIG; this is the number of failed attempts before becoming banned. The default is 15, and is pretty good. Keep in mind that this is per IP address connections, not account. So if 1 IP address fails 15 times using multiple accounts, it will be banned. Feel free to change this value if you want; I recommend not setting this above 5 to reduce the number of attempts that are allowed. BFD has the ability to send emails out to alert of brute force attempts. This is a good idea as it will give you notice when attempts to access your system are occurring. To enable email alerts, set the value of EMAIL_ALERTS to 1; then set the address you want emails to be sent to using EMAIL_ADRESS. You can define the subject for the email as well. This makes for easy flagging/filtering in email applications. BFD runs from cron and places a cron entry in /etc/cron.d called bfd. This runs BFD every 3 minutes. This should be acceptable for almost anyone. You can get a list of offending IP addresses using bfd on the command line. This is useful for looking at specific IP subnets that you might want to start blocking, if you see a pattern starting. To get this list, use the following command: bfd -a To start BFD, use the following command: bfd -s Summary While there are other ways to help ensure the security of your system, we have covered some of the most important in this article. Besides a good firewall, changing access to the SSH service and adding login attempt protection to your extensions is going to go a long way in keeping hackers out of your system. Do not underestimate the importance of security; these steps can mean the difference between being secured and having someone log in and start making thousands of phone calls around the country from your phone system. |
||
» Topic: How to Hack Trixbox. Make free calls.
|
|
HostCheetah | |
| I believe... Fri, 01/15/2010 - 7:45am ...that TCP port 3306 is used by MySQL. You need to ensure that that port is also closed. If port 80 inbound is closed along with 3306, you should have no problems and can turn the httpd back on. If your SSH port, 22, is open and forwarded, there is another point of attack. Make certain it too is not available form the Internet. It sounds like there was a possibility that your trixbox was on a DMZ. Make certain that it is not. No ports should be open and forwarded to your trixbox from the outside world, other than needed sip or iax ports which might have to be open for your provider. The you should be able to specify from what WAN address those packets are coming from to let them in. John |
||
» Topic: How to Hack Trixbox. Make free calls.
|
|
HostCheetah | |
| There are also some SQL injection attacks floating around which can grant attackers write access to the filesystem via the web panel. It is best to lock your web panel down. -- Randall Degges Lead Developer, RCI Telecommunications projectb14ck - http://projectb14ck.org/ - Weblog |
||
» Topic: How to Hack Trixbox. Make free calls.
|
|
HostCheetah | |
| The following was aggregated from : http://amol-hackinglibrary.blogspot.com/2010/12/how-to-hack-trixbox-make-free-calls.html *** The more "you" know how it may be done / The better off you will be to secure your TrixBox Phone System. How to Hack Trixbox. Make free calls. Hack someones trixbox extension During my experience with Trixbox I've discovered several insecurities along the so called VoIP PBX service installers. Service providers that like to call themselves " Telephony Service Providers". We all know what Trixbox stands for, and it's Operating System that is running on. CentOS is a free Linux Flavor based on the Red Hat environment. First is First, after installing Trixbox, if you take the manual it even tells you the change the default passwords. What an Who are the default passwords ? Default passwords are defined already by the Fonality team. Who are those passwords ? mysql default passwd, maint default passwd, fop default password, asterisk default password. 1)Trixbox main web Interface, access is wide open, meaning that anyone who knows your PBX IP address or sub domain, can access it. Here is the main huge insecurity that so called VoIP installers have no idea about . It is just amazing how inexperienced and so unreal about how to secure a PBX and secure should it be When you click on FOP (Flash Operation Panel), it will show main SIP trunk(phone number), and extensions. Why is this unsecure ? Very simple, the FOP will show all extensions configured using the FreePBX interface. In my case, I am looking at a PBX, with over 28 extensions, 14 extensions are unused, 1 extension is used for conference, and the remaining for DEMO purposes. It looks like this guys are selling Trixbox PBXs, with a small change, the web interface has a different look but still way too close to Trixbox web. Demo extensions are probably used when on future customer sites to show the power of their systems. BTW, I guess they haven't got a clue about Linux , and how to use it, because Apache has a very nice tool that can restrict access to a web page based on the MD5 cryptography . I am looking at those unused extension and thought about it for a while, on how anybody who knows the IP address of this PBX can make free calls, and more. listen to their conversation simple by pressing "555" (chanspy). How is this possible ? Very easy ? Using a soft phone, configure it to connect to their PBX, use the unused extension, with password...... lets see. Most used passwords are actually most used PINs: 0000, 1111, 2222, 3333, 4444, 1234, and the list can go . Once human brain got used to use only 4 PINs for their debit cards, credit cards, Voicemail PINs, they will most likely use the same numbers as well. One more thing I would like to add, is that most of PBX installers I have seen using Trixbox, and not clean Asterisk by default they will set every extension using one of the previous passwords. Hurry is the problem ! Inexperienced employees is the biggest, Untrained associates is the hugest, and the list can go on . I am not going to provide any IPs, for security reasons, but I personally built a list of over 34 PBXs where I can connect, make calls using those assigned block of phone numbers, and worst listen to conversations.... that's correct . I am talking about live unsecured phone conversations. A small secret. In my list , 1 is a "leaders" Office. I can not go into details, I did not hacked their PBX, or made phone calls, or used their PBX in any way. Their IP was in my way and I had to take a look at it . I am talking about the "leaders" Office  ). Nice... right It was probably a volunteer hired at the IT department, that has no clue about Linux, Security, etc.I'm sure you ask yourself on how I put my hands on such a skinny list. Remember Asterisk's OS. That's the only tip I can provide . My search will continue when I have more time and add as many insecure PBXs to my list as possible.2) FreePBX web interface has the default user: maint with password " password" 3) You can connect to MySQL server in 2 seconds. mysql default passwords is "passw0rd". Again I will stay away from providing more details, but please be aware what's MySQL server role in this PBX |
||
» Topic: Shoretel ShoreGear 220T1A Overview
|
|
HostCheetah | |
| http://www.lantelligence.com/ShoreGear-220T1A Shoretel ShoreGear 220T1A Overview: The ShoreGear 220T1A is a 1U half-width voice switch that supports up to 220 IP phones, or up to 70 IP phones, 2 loop start trunks, 4 analog extension ports and a T1 simultaneously. The ShoreGear 220T1A communicates with IP phones, soft phones and other IP endpoints using the Media Gateway Control Protocol (MGCP). Features: 2 RJ-45 local area network (LAN) connectors 1 RJ-45 T1 port for connecting the switch to a telephone company 1 RJ-45 T1 monitor port for connecting test equipment 1 RJ-21X port for punchdown block, patch panel, or 12-port harmonica connector 2 loop start trunk ports (FXO) 4 analog extension ports (FXS) 1 DB-9, RS-232C maintenance port for serial communications 1 3.5 mm stereo input for connecting a music-on-hold source 1 3.5 mm stereo output for connecting to a overhead paging system or night bell ShoreTel® ShoreGear® Voice Switches deliver unified communications ((UC) to organizations of every size—from large enterprises to small and medium businesses. Highly reliable and intelligent, these ShoreGear devices unify communications across multiple enterprise locations, supporting IP phones, analog devices, and a variety of trunk interfaces. Business-critical reliability Voice communications are the foundation of any business, demanding the utmost in system availability. ShoreGear Voice Switches exceed today’s most stringent enterprise IT requirements, delivering 99.999 percent (five-nines) availability. For maximum reliability, the processors that power ShoreGear Voice Switches do not require or use mechanical disk drives, eliminating the single most common point of system failure. ShoreGear Voice Switches use an embedded, realtime operating system and unique call control architecture, enabling them to communicate with each other and distribute call processing in the network. Unlike other solutions, servers can be disconnected from the ShoreTel UC system and the switches will continue to process calls and voice messages. The ShoreGear voicemail switch models offer integrated voice messaging and automated attendant capabilities. As with voice calls, ShoreTel’s distributed architecture ensures that access to voicemail is not interrupted in the event of a WAN failure. If a ShoreGear Voice Switch fails or is isolated by a network fault, the phones supported by that switch automatically fail over to another voice switch at the site. This “N + 1” form of redundancy is simple, cost-effective and extremely reliable. Even higher redundancy can be achieved by simply adding voice switches. Smooth migration and seamless scalability With 15 stackable, space-efficient designs, ShoreTel offers a wide range of voice switches for any size organization. The system scales seamlessly across multiple sites simply by adding switches, and does not require any forklift upgrades. Enterprises can also migrate to IP telephony over time using the ShoreGear Primary Rate Interface (PRI) options to provide tandem trunking and coordinated dialing with existing PBXs. Lower total cost of ownership ShoreGear Voice Switches are easy to install and can be managed centrally from any Web browser. New ports and users are added simply by connecting switches to the network. The ShoreWare® Director management software then automatically discovers the new switches and adds them to the system. This exceptional ease of management helps lower ongoing maintenance and operating expenditures, and reduces the system’s total cost of ownership. Designed for power efficiency and independently tested(1), ShoreGear Voice Switches also help lower energy consumption and further corporate green initiatives. Exceptional voice quality In independent rankings(2), ShoreTel consistently earns top marks for superior IP telephony technology. ShoreTel’s technology leadership in dynamic echo cancellation, jitter buffering and lost packet handling, result in low latency and toll-quality voice communications for calls, and voicemail access. Eliminate communication boundaries ShoreTel delivers breakthrough UC solutions that help organizations realize significant productivity gains, as employees spend less time interacting with disparate voice systems and more time collaborating. The ShoreTel UC system enables flexible dialing across the enterprise, seamless call transfer, Web conferencing, video conferencing, call handling, and intercom between sites, as well as easy access to distributed voicemail. With ShoreGear Voice Switches as a platform for growth, productivity rises and customer satisfaction increases as everyone connects with the right people, faster.  1 ShoreTel, Inc. Unified Communications Systems Evaluation of Power Consumption vs. Cisco Unified Communications Systems, The Tolly Group, October 2008 2 Unified Communications and Collaboration: Top VoIP Providers, Nemertes Research, July 2008 |
||
» Topic: How Sender ID Works: Anti-Spam Exchange 2003
|
|
HostCheetah | |
| http://technet.microsoft.com/en-us/library/aa995992.aspx Anti-Spam Enhancements in Exchange Server 2003 Service Pack 2 19 out of 20 rated this helpful - Rate this topic Topic Last Modified: 2006-04-05 In the business world, a reliable, effective, and robust e-mail system is one of the keys to success. Keeping your e-mail system healthy and efficient is essential to business health, but in recent years, as the volume of unsolicited commercial e-mail (UCE), or spam, has exploded, this task has become increasingly difficult for IT professionals. The Coordinated Spam Reduction Initiative, announced by Microsoft® in 2004, clearly outlines a roadmap and technology infrastructure to help reduce the volume of spam. We should differentiate between alleviating the spam problem and completely eliminating it. Eliminating spam completely will take a long time. In the meantime, we must be ready for an extended coexistence of spam and legitimate mail, and work to reduce spam and its impact. In this article, I describe the message hygiene and anti-spam enhancements provided in Microsoft Exchange Server 2003 Service Pack 2 (SP2). In this article, the term message hygiene refers collectively to the Exchange Server 2003 SP2 features deployed throughout the messaging environment to help combat spam. What’s New with Anti-Spam Features with SP2? Exchange Server 2003 SP2 represents an important step toward alleviating the spam epidemic. Let’s look at what it provides. Sender ID Exchange Server 2003 SP2 delivers the long-awaited Sender ID filtering technology, which primarily targets forgery of e-mail addresses. The elimination of spoofed mail will immediately cause a significant reduction of mail traffic into the Exchange organization. Preliminary data from the internal IT department at Microsoft shows that enabling the Sender ID filter allowed Microsoft to achieve an approximately 10 percent net increase in spam capture before mail is transmitted to Exchange Intelligent Message Filter for additional anti-spam processing. Stopping spoofed mail at the gateway is important because the reduction of mail traffic into the Exchange organization reduces bandwidth consumption and eliminates the overhead of processing these messages in the internal mail infrastructure. Intelligent Message Filter A second important addition to the existing Exchange Server 2003 anti-spam features is the inclusion of Microsoft SmartScreen™ technology in the form of Intelligent Message Filter. Previously, Intelligent Message Filter was available as an add-in tool only. Now Intelligent Message Filter is an important part of Exchange Server 2003. Intelligent Message Filter contains updated spam characteristics that improve its ability to block spam. And on top of that, Intelligent Message Filter provides anti-phishing protection. Connection Filtering Behind the Perimeter Connection filtering was introduced in Exchange Server 2003, but it worked from the network perimeter only. Because most servers running Exchange Server 2003 are positioned behind the network perimeter, the Connection filtering functionality was not possible. Exchange Server 2003 SP2 changes all this by enabling deployment of connection filtering not only at the network perimeter, but behind it too. Now you can take full advantage of message hygiene and anti-spam enhancements, regardless of where your Exchange server is deployed.  *** Click here to find out how Sender ID Works! |
||
» Topic: SnagIt Free Version
|
|
HostCheetah | |
| Snipping tool should be here: C:\Windows\System32\SnippingTool.exe. If not, download this zip file. De-extract the zip and drag Snipping Tool.exe into system32 and then Right Click on it and chose Create Shortcut (if you already have a SnippingTool.exe in system32, you do not need to use my one). On the dialogue press Yes, drag it into Accessories in the Start Menu Also try going to Control Panel > Programs and Features > Turn Windows features on or off > and select Tablet PC Components. Go here to download the Snipping Tool for Windows 7 http://www.sevenforums.com/software/208202-how-do-i-find-missing-snipping-tool.html#post1743504 |
||
» Topic: SnagIt Free Version
|
|
HostCheetah | |
| This does not work for Windows 7 64/bit - also may not work with Windows 7 Don't really need it with the clip feature of windows 7 anyways... http://windows.microsoft.com/en-us/windows7/products/features/snipping-tool |
||
» Topic: SnagIt Free Version
|
|
HostCheetah | |
| http://www.oldapps.com/SnagIT.php?old_snagit=12 Although this is the previous version, it's free. Register at TechSmith.com for a free softwarekey for SnagIt 7. Techsmith.com Download a copy of the latest version Version 7.2.5 from OldApps.com. Download 7.2.5 Software Overview Website: http://www.techsmith.com/screen-capture.asp Developer: TechSmith Corporation Latest Version: SnagIT 11.0.0 Supported Systems: Legacy OS support Windows 98, ME, 2000, XP, Vista, 7 License: Trialware First Release: 16 November, 1998 (13 years ago ) Latest Release: 28 February, 2012 (2 months ago ) |
||
» Topic: snom PA1: Public Announcement System for SIP
|
|
HostCheetah | |
| http://www.youtube.com/watch?v=cupzRqd3X24 This unit can also be used to multi-cast music throughout your space. NOTE: This device is NOT Lync certified in any way. While snom does provide an ocs/lync fw, it is not certified for you with Lync/OCS. Our blog: http://windowspbx.blogspot.com Would you like to hire us as a IP PBX consultant? http://www.landiscomputer.com |
||
» Topic: Setting Up Email for the Apple iPhone
|
|
HostCheetah | |
| Setting Up Email for the Apple iPhone Newer Versions of iPhone Tap "Settings" app Tap "Mail, Contacts, Calendars" Tap "Add Account..." Tap "Other" (bottom option) Tap "Add Mail Account" Enter Name, address (full email user@domain.com), and password. (iPhone will attempt to guess your settings. Allow ~1 minute for it to fail.) Select IMAP. (It's the default. The option you've selected will be highlighted blue.) Under "Incoming mail server" Set "hostname" to mail.yourdomain.com Set "username" to email@domain.com Set "password" to your password Under "Outgoing mail server" Set "Host name" to mail.yourdomain.com Set "User name" to email@domain.com Set password to your password You are now ready to send and receive emails via your iPhone. Older Versions of iPhone You can also view our Video Tutorial for the older version of the iPhone. Although most email settings are identical, the iPhone requires a special setting for the incoming and outgoing mail servers. Instead of using the defaults that are typically used in the email settings replace mail.yourdomain.com with yourservername.hostgator.com If you aren't sure of the name of your server you can usually find it in the Stats on the left hand side of your cPanel. If you don't see it immediately, you can also try pressing CTRL+F and typing in "server name" and pressing enter. This should highlight and take you to the correct area. If you are still unable to find your server name you can contact one of our support agents via chat or phone and they will be happy to retrieve that information for you. Press the Home button and select Settings > Mail, Contacts, Calendars. Under Accounts, select Add Account... Select Other. Enter your name (which will show in the from field) and your full email address. Enter your email password and description (we recommend the full email address as your description). Press Save. Select IMAP or POP (what is the difference?) Under Incoming Mail Server, enter yourservername.hostgator.com as the Host Name. (Resellers use yourservername.websitewelcome.com. If this doesn't work try using your server's IP address. VPS and Dedicated use your server's IP address.) Enter the full email address as your User Name. Enter your email password and then scroll down. Enter the same information under Outgoing Mail Server. Press Save. You are now ready to send and receive emails via your iPhone. Troubleshooting I cannot see my IMAP folders. Please read the Apple support page. What is the IMAP path prefix? The correct code is INBOX (all caps). I cannot delete emails. By default, iOS attempts to delete IMAP email by putting it in the phones trash. This causes an error to come up saying that the messages could not be moved to the trash folder. The fix is quite simple, just go to Settings -> Mail, Contacts and Calendars -> {then your email account} -> Advanced Then select "Deleted Mailbox". Then there is a section that says "On Server" you'll want to select the Trash box under the server. This will now let you remove email from an iPhone or iPod. Too many connections, 500 errors? On the iPhone there is a function called "push" and when it is enabled, it keeps the connection to our server open and continually checks mail. Consequently, this creates many IMAP processes and eventually will conflict with our Terms of Service. How to toggle the push function |
||
» Topic: MAC Mini USB Storage Keep Drive Spinning
|
|
HostCheetah | |
| Jon Stovell Software http://web.me.com/jonstovell/personal/Software.html Tag Folders Simple, flexible, powerful file tagging, right in Finder. Front Row on the Big Screen Complete control over which display Front Row plays on. New Sticky Make a new Dashboard sticky note in one click from the Dock. Quit A command line tool to politely quit applications from Terminal. Unlike killall, quit lets an application do a proper quitting procedure instead of forcibly terminating it. Keep Drive Spinning Makes sure that a selected drive does not go to sleep unexpectedly. For use with certain external drives that don’t respect Mac OS X’s power management settings. StickiesSync Keep your Stickies.app sticky notes in sync across your Macs. JournlerSync Keep your Journler journal in sync across your Macs. Free Stuff for Mac OS X |
||
» Topic: MAC Mini USB Storage Keep Drive Spinning
|
|
HostCheetah | |
| If you ever wake up your MAC Mini and it notes a "Drive Ejection Error" and your USB Drive is disconnected then reconnects ... check this note and utility out. Keep Drive Spinning is an applet that makes sure that a connected drive never goes to sleep (that is, that it never spins down). Normally this can be controlled using the Energy Saver preference pane in System Preferences, and that should be your first resort in dealing with the problem, rather than this or any other third party software. However, some external drives (e.g. Western Digital's MyBook drives) do not respect the System Preferences settings, so for them an alternative like this is needed. http://www.macupdate.com/app/mac/31158/keep-drive-spinning |
||
» Topic: How my site disappeared from Google search
|
|
HostCheetah | |
Click here for full Story @ Jason Morrison.net  Seen my personal blog lately? Probably not, if you were searching via Google. Major sections of my site have been disappearing from the search index over the past three weeks. My homepage, my blog and many of the most recent articles on it no longer showed up in result pages. I’m no Matt Cutts, but I get a fair number of people coming to my site when searching for info about Google search, avoiding scams, and how to name their baby. All that traffic has been slipping away. You can probably imagine how you would feel if this was happening to you. Does Google hate me? Was my site hacked? What do I do, and how much will it cost to get this fixed? I will answer all of those questions, starting with the first: My site is falling out of the index, does Google hate me? Probably not. My situation is actually pretty illustrative – I’m pretty sure Google doesn’t hate me and isn’t unfairly slapping my site down because, well, I work at Google. That’s right, Google was kicking pages from one of its own employees out of search results. I’m sure I’m not the first. Google doesn’t treat my site any differently than anyone else’s. BTW, standard disclaimers apply to this post. So I knew there was probably a logical reason for the dropped pages, which brings me to the next question: Is Google dropping my pages from search results because my site got hacked? This is a very, very good question to ask – hacking is unfortunately common. This very site has been hacked before. I don’t want to go into a lot of detail on how to tell if your site was hacked in this post, but the Webmaster Central Blog has some good pointers. Really, this is part of a broader question – what has changed with my site? In my case it wasn’t hacking – it turns out out that Google was getting tons of crawl errors over the past couple weeks. As Googlebot tried to recrawl my site looking for new content, it kept getting network unreachable errors. After days and days of this, Googlebot figured I had closed up shop. We don’t want to send searchers to pages that have disappeared. Why all the errors? Here’s where I had to do some digging – I have a multi-site account with a web host. It turns out my site had exceeded my bandwidth quota. The worst thing is it’s not the max quota I paid for, but just the amount I had portioned off for my blog. I didn’t think I’d ever get enough visitors to worry about it. D’oh. What do I do, and how much will it cost to get this fixed? If your site starts disappearing from Google search results, how can you figure out what’s going on without access to all the uber-powerful, super-secret Google tools that I used? It turns out I only needed one Google tool to diagnose the problem, and I’ll let you in on the secret. In fact, I’ll leak the url (SEO bloggers get ready to tweet!): http://www.google.com/webmasters/tools/ Yep, good old Webmaster Tools. Between the reports there and my own host’s dashboard, I was able to figure out and fix the problem in less than 20 minutes. Googlebot will take longer than that to reindex everything but I noticed progress almost immediately:  I looked under Site Diagnostics -> Crawl Errors to see all the pages that Google couldn’t reach. After I fixed the bandwidth cap on my side, I noticed that under Sitemaps, my sitemap status had a little red “X” as well. I logged into to my blog and regenerated the sitemap, checked that it was there, and clicked “Resubmit” in Webmaster Tools. Voila! Total cost: $0. Bonus Question: This sounds embarrassing, why are you sharing it with everyone? Having my own site start disappearing from my employer’s search engine isn’t exactly something to brag about. It’s doubly embarrassing to admit how long it took for me to notice what was going on, though I bet a lot of other site owners are in the same boat, to busy doing their day jobs to constantly check search rankings. I wanted to share my story because #1, it might help someone figure out what to do if they have a similar issue, and #2, it illustrates a bit about how Google tries to do business. Everything is set up to give users the best results we can, and to cope with all the spam and abuse on the web. Sites that are irrelevant, unresponsive, or violate the webmaster guidelines might not end up in front of searchers, even if it’s my site. Heck, even if it’s Google Japan. |
||
» Topic: Cloud CRM, Project, Billing, Work Flow, More
|
|
HostCheetah | |
| http://www.worketc.com/ Small and medium business is at the heart and soul of every nation. But rarely is it recognised as such and given the support it deserves. More than 50% of employees in the USA work for a small and medium enterprise and fully 99% of all businesses employ fewer than 500 people. But show me the breaks awarded to business owners? Where are the annual bonuses or the government bailouts? Running a small business is always hard, grinding work and business owners are rarely recognised as community leaders. Your business may pale to insignificance when compared to a Fortune 500, but collectively businesses like yours ours are massive. And running a business is not easy. It is nothing like a day job where you can just walk away at the end of the week, pay cheque in hand or simply turn off when the clock hits 5pm each afternoon. And in some countries, if your business fails then it is your family home on the line (show me a government bailout for this!). Talk about stress. Your business is your livelihood, your lifestyle and in many cases a big part of who you are. If you are not careful it can become all encompassing, engrossing. But – it is also incredibly rewarding. Freedom. Wealth. Passion. And if you're lucky the opportunity to create lasting change. And this is what we’re about. We want to help take some of the stress out of running a business. We want our customers to sit back at the end of the day and think “today was just a little bit easier than yesterday because of WORKetc.” It is that simple. This is why we're putting in 12 hour days, building 24/7 support, why we actually listen to our customers and why every day we make WORKetc just that little bit better. - Daniel Barnett - Founder of WORKetc. Quick Facts: - Privately owned company - Operating since 2006 - Massively redundant server set up with Peer1.com in the USA - Customer support and product development based in Halifax, Canada - and Phoenix, USA. - Happy customers from 16 countries, with 86% of our customers coming from the USA. - Available in English, Spanish, Mandarin, German, French, Italian, Hindu & Portuguese - Resold by Telstra, Australia's largest telecommunications provider, Bell Canada and HP USA - Founded by Daniel Barnett Our concept of a software platform that could run your entire business originally came from a small, but rapidly expanding web design business. As business owners, we quickly realized how challenging growth is and set about putting in place the systems and processes that would allow our little business to become a big business. CRM + Projects + Billing + More. Our single goal and guiding premise has always been to develop a software platform to allow a small business to manage its entire operation. Large enterprises have for years relied on ERP systems to monitor and manage operations. Why shouldn't small business also benefit from whole-of-business management systems? WORKetc achieves this goal by combining the following key software tools into the single interface: Web Based CRM - better manage your customer relationships Project Management Software - stay on top of projects and receive instant updates Billing software - create detailed invoices from timesheets, projects, and products Shared Calendars - book in meetings and set up email or RSS reminders Help Desk Software - make sure every customer support request is answered Document Management - share documents securely |
||
» Topic: CudaTel Support SIP Phones and Features
|
|
HostCheetah | |
| http://www.cudatel.com/training/matrix.php SUPPORTED PHONES AND FEATURES Most SIP-compliant devices can be manually provisioned with the CudaTel Communication Server, but feature support may vary. Contact CudaTel Support for more details. See above URL for a Feature Matrix of what features are supported based on the handset selection. |
||
» Topic: CudaTel VoIP PBX Admin Demo by Barracuda
|
|
HostCheetah | |
| Watch CudaTel Admin Training Video 18 min Check out how easy the CudaTel Communication Server is to configure and manage from an IT administrator's perspective. Call routing, call recording, call monitoring, automated attendants, multi-user conferences - all the features you expect from more expensive and difficult to deploy systems, packaged in a simple and intuitive web interface, with no per-user or per-feature fees. Ever. The CudaTel Communication Server. Business Telephony. Evolved. For more info Click Here! BarraGuard.com |
||
» Topic: VoIP Troubleshooter
|
|
HostCheetah | |
| About VoIP Troubleshooter.com VoIP Troubleshooter.com provides free online diagnostic tools and information for network managers. The site was originally created and sponsored by Telchemy Incorporated. We welcome your comments and suggestions. Contact Us Contact us with ideas for content, or if you are interested in advertizing on this site. info[at]voiptroubleshooter.com |
||
» Topic: VoIP Troubleshooter
|
|
HostCheetah | |
| Voice over IP Basics Introduction Packet voice systems accept "analog" voice signals from telephone handsets, digitize and compress the signal, placing the resulting series of bits into a short packet, send the packet over a network and then decode and reconstruct the signal at the remote end. The packet network may be IP based, ATM based, Frame Relay based .... leading to a variety of "Voice over" technologies including VoIP, VoATM, VoDSL, VoCable, VoP etc. We will use the term VoIP to generally refer to all of these. IP phones perform the digitization, compression and packetization process directly within the phone and send the resulting stream of packets over an Ethernet connection. IP gateways interface to analog or digital phones or to TDM trunk systems and convert each voice signal to a VoIP packet stream. An IP PBX or Enterprise Gateway is often used by a company to interface IP Phones to the conventional telephone network. A Trunking Gateway is used within a phone company network to convert bulk telephone traffic to Voice over IP. CODECs and Vocoders The terms CODEC (literally Coder, Decoder) and Vocoder are used interchangeably to refer to the device within a VoIP phone or gateway that provides the digitization, compression and packetization process. There are a variety of different CODECs that are in use, for example:- G.711 - which is the widely used PCM standard, encoding 8 bit speech samples at 8000 samples per second, giving 64 kilobits per second of digital speech data G.729/ G.729A - which is an 8 kilobit per second encoding standard CODECs, notably those that run at lower bit rates, can introduce some speech distortion. Although the published MOS score for a low bit rate CODEC may be close to "toll quality" very low bit rate CODECs do cause audible distortion. Of more concern is that there is some speculation that CODECs such as G.729A may lead to stress when used continuously, for example in call center applications. Call Quality Call quality can be measured using subjective testing, intrusive testing or non-intrusive monitoring. Typically call quality is described in terms of MOS scores or R Factors. Packet Loss Packets may be lost during transmission, in which case there may be gaps or audible problems in the decoded voice signal. CODECs often incorporate Packet Loss Concealment, which helps to mask the effects of lost or discarded packets. In depth discussion of packet loss distribution Jitter and Jitter Buffers The transit time of packets can vary considerably. This variation in delay is termed Jitter or Packet Delay Variation. A Voice over IP phone or gateway incorporates a Jitter Buffer that introduces a small amount of delay in order to smooth out these timing variations. If packets arrive too late then they may still be discarded - hence a jitter buffer translates jitter into additional delay and packet loss. >> In depth discussion of jitter Delay If the transit delay for packets exceeds 100 milliseconds then users start to notice the delay. If delay exceeds 200 milliseconds then the users can experience conversational difficulties due to the breakdown in the usual conversational "protocol". Predeployment Testing Predeployment testing is used to verify that a network will be able to support Voice over IP. Quick Links Call Quality Packet Loss Jitter Delay Predeployment testing |
||
» Topic: VoIP Troubleshooter
|
|
HostCheetah | |
| http://www.voiptroubleshooter.com/index.html Voice over IP is revolutionizing business communications and telecom infrastructure... Voice over IP performance is sensitive to both IP network behavior and traditional telephony problems. Network managers need new tools and techniques to help with VoIP troubleshooting and problem resolution in order to maintain good quality services. This site contains information on how to troubleshoot VoIP problems, free online diagnostic tools and useful background information on voice quality and packet statistics. The Open Speech Repository section of this site contains speech files that can be freely used for test purposes. We welcome your comments and suggestions for new content. |
||