1. Affordable & Secure IPPBX Solution
for Startups
ITNET303A Major Project 1 (Group)
Johann Kim – 369484648
Jorge Ramirez Alberto Arauco – 369484648
Joshua Alexander Hasoloan Panggabean – 369546139
Wirawan Harianto – 253771526
Mentor: Dr David Halfpenny BSc, PhD
2. 1Affordable & Secure IPPBX Solution for Small Businesses
Executive Summary
This report provides an analysis and comparison of implementing a self-hosted IPPBX solution
for small business startups with subscription-based IPPBX services. Methods of analysis include
competitor pricing research, hardware and software research, physical deployment of said
solution, and projected cost comparison over a 24-month period.
The report finds that implementing a self-hosted IPPBX for small business startups provides a
negligible return of investment within the 24 months of deployment. However, the result may
differ depending on the growth of number of users. The report also finds that cost saving can be
completely tangible when plotted against a 36-month time period. Lastly, the report also
discusses on possible future works based on the implemented solution.
5. 4Affordable & Secure IPPBX Solution for Small Businesses
1. Introduction
Internet telephony is a growing market and more businesses from multitude of sectors are
finding it beneficial to have this IP-based technology due to its cost effectiveness (as opposed to
traditional PSTN) and rich features (Athwal, Harmantzis, & Tanguturi, 2005).
As the National Broadband Network (NBN) is being phased in (starting on 2011), Telstra had
begun phasing out copper-based mass market services since November 2012 (Lee, 2013). This
push has made the transition from old analog phone system into VoIP-based telephone system
inevitable, and with it the transition from traditional PBX services to IPPBX.
1.1 Motivation
In this Internet era, businesses are not merely looking for mere switching telephonic solutions
(PBX) replacement anymore; they are looking for integrated, complete, and out-of-the box
solutions that allow them be as productive as possible (Puente, 2015). They want to keep
employees connected, reachable, and available at all times. If a call is not answered because the
receiver is away from office, it will be routed to this employee’s mobile’s phone. If this
employee does not answer his/her phone, this call can be forwarded to a voicemail. The
Voicemail System can send the voice message to an e-mail and when this person arrives at the
office, he will have the "message waiting" indicator LED on his phone notifying him that he has a
voice message.
A lot of telecommunication companies are now offering hosted IPPBX solutions to address these
business needs. These solutions have a low upfront cost and are typically charged as a monthly
fee per user. However, these solutions are dependent on internet connectivity and the cost (in
terms of fees) may not be agreeable in the long run (as fees may increase) (VOIP-Info.org LLC,
2015).
An alternative solution for these small businesses is to build their own small-scale IPPBX
infrastructure. Using an on-site server will incur a higher upfront cost, but the business will not
have pay for recurring monthly fee. By having a self-hosted IPPBX infrastructure based on open-
source software and affordable vendor-agnostic hardware, small businesses can further avoid
the increase of IPPBX service cost over time (Sharif, 2010). The cost of initial investment can be
recuperated relatively quickly (depending on the number of users) as the business only needs to
maintain minimal recurring operating costs compared to monthly subscription-based IPPBX
service based on the number of extensions together with additional costs for extra features.
This solution, of course, is not a magic bullet. It needs to be noted that many large businesses
with 100 or more users often choose a cloud phone system due to other advantages, such as
infrastructure scalability. Self-hosted IPPBX service tends to be the most attractive for
6. 5Affordable & Secure IPPBX Solution for Small Businesses
businesses with 5 to 15 employees (Digium, Inc., 2015), which is well within the range of small
business in Australia (Australian Government Department of Industry, Innovation, Science,
Research and Tertiary Education, 2012). Additionally, based on Software Advice’s VoIP Software
Small Business Survey, 59% of their sample consisted of businesses with less than 10 employees
and they’re not ready to invest in highly sophisticated IPPBX system tailor-made for the
enterprise (Harris, 2014).
1.2 Aim and task
This project attempts to explore the design, deployment, and hardening of an IPPBX solution for
small businesses, specifically startups with 5 users and less with the main goal of cost-
effectiveness over time and security. The team aims to recuperate the initial infrastructure
investment costs within 24 months based on the savings in relation to the total operating cost of
other subscription-based competitors.
The task of this project is to describe the design, deployment, and hardening of an IPPBX system
for small business, specifically startups. The design is based on real world scenario where
budget limitation is restrictive.
The end result of this project is an IPPBX infrastructure built using open-source software and
vendor-agnostic hardware. This IPPBX infrastructure will be hardened for security and require
minimal maintenance. This maintenance can be performed by either an in-house IT staff or third
party IT contractors with no specific vendor certifications.
1.3 Outline
Preliminary research on Elastix IPPBX solution will be conducted. This includes comparison
study, hardware/software requirements and costs associated.
The group will simulate complete deployment of IPPBX solution on a single site based on
scenarios that will be presented. This includes building and configuring necessary infrastructure.
For this purpose, the group will be using the same hardware/closest approximation to the
hardware suggested in the documentation. In some cases, virtualisation may be used where it is
deemed necessary (e.g. taking screenshots).
The group will also be doing penetration testing with available open-source tools and document
them as common attack methods. Security analysis will be performed and mitigation strategies
will be implemented and documented.
Lastly, overall estimated cost of infrastructure will be calculated based on the cost of hardware
and labour required. The result will be compared and evaluated.
7. 6Affordable & Secure IPPBX Solution for Small Businesses
1.4 Acknowledgement
The team wants to express their deepest gratitude to Prof. David Halfpenny for his guidance,
patience, and help for the team in determining the angle and approach, together with managing
the scope and focus of this Capstone Project.
2. Competitors Pricing Analysis
The team compares 4 subscription-based IPPBX system and solutions with similar offerings to
the team’s proposed IPPBX solution (self-hosted). The fees are then added up with hardware
costs (if applicable) and calculated for total of 24 months operating cost. In the case where the
IPPBX provider may not provide hardware needed, the same hardware used in the team’s self-
hosted solution will be used and its costs calculated accordingly.
The total operating cost of different subscription-based IPPBX providers in the span of 24
months are as follows:
MyNetFone: $2,678.75
Engin: $2,873.00
FaktorTel: $2,944.25
Maxo Telecommunications: $2,488.75
Based on the figures above, the team needs to create an IPPBX solution that can be
implemented in under $2,488.75 in order to achieve the aim of complete return of investment
within 24 months.
Note: For more details on pricing research, please refer to Appendix A: Competitors Research.
3. Implementation
3.1 Design Goals
Match common features than current commercial IPPBX services provide.
Secure IPPBX system from possible intrusions/attacks.
8. 7Affordable & Secure IPPBX Solution for Small Businesses
Provide cost-saving benefits in comparison to using commercial subscription-based
IPPBX services. The return of Investment of these savings must be able to cover the
initial implementation cost within a maximum of 2 years.
3.2 System Overview
The team will be implementing on a single site where and 5 extensions and 2 mobile extensions
are required. The IPPBX server will be hosted on a HP ProLiant MicroServer Gen8 G1610T with
4GB RAM and 128GB SSD. A Digium TDM410 Telephony Card is installed on the server to
provide FXO feature. For connectivity, the router used in this deployment is Netgear R7000
Nighthawk running on a custom firmware (xWRT-Vortex) to enable PPTP VPN feature. The
switch used to connect IP phones is a 16-port Linksys LGS116 (unmanaged). The IP phones used
in this deployment is used is a Linksys SPA962. As the switch used does not have a PoE feature,
extra power adapters are required (included in the cost estimate. Please refer to Appendix D:
Cost Estimate).
The implementation of this IPPBX solution incorporates a server software called Elastix. Elastix
was chosen because it provides a unified communication solution that fulfils the features
comparable to competitors’ offerings (please refer to Appendix A: Competitors Research). The
Elastix server will be configured to have the necessary features through its admin web-interface
(please refer to Appendix E: Configuration). It is also configured with Fail2ban feature to prevent
brute-force attacks.
Note: For hardware and software selection considerations, please refer to Appendix B: Hardware
and Software Research.
9. 8Affordable & Secure IPPBX Solution for Small Businesses
Normal extensions for internal communications will be deployed with SIP protocol and mobile
extensions will be deployed with IAX2 protocol. The router used will have its firewall feature
turned on and configured. DoS attack protection will also be turned on. QoS feature will be
configured on to prioritise SIP (UDP 5060) and IAX2 (UDP 4569)traffic to the IP addresses of the
phones. To protect connection to outside network (with mobile extensions), PPTP VPN was
chosen to create tunnels for these traffic due to speed and compatibility reasons.
3.2 Limitations
The single biggest limitation in implementing a self-hosted IPPBX solution is the budget
constraints. Small businesses have the tendency to be resistant in replacing existing
infrastructure (routers, switches, etc.), especially when the existing device is deemed to “still
works”. To implement mobile extensions, VPN end-to-end support in the router is needed. If the
customer’s current router does not support the feature and reluctant to change, the team will
not implement the feature due to security reasons.
The maximum number of VPN connections is 10. This is due to the limitation of the router’s
firmware. This number of connections is enough to fulfil the needs of the scenario, but may face
scalability problem in the future. An alternative for this is to acquire a small-business router that
supports more VPN connections. However, this may incur additional cost.
Due to budget-restriction, the team uses a 16-port unmanaged switch. This means that the
quality of voice calls is dependent on the router’s QoS feature. Although it may be adequate for
10 users or less (current scenario), it is questionable that call quality can be maintained for more
than 15 users. Provided with a bigger budget, the team would opt to use a managed switch and
separate data and voice traffic for optimal quality.
CentOS 5 makes the base of Elastix, and so hardware compatibility may be an issue on a lot of
modern hardware. This issue was solved by using virtualisation technology (please refer to
Appendix B: Hardware and Software Research).
3.3 Security Analysis
A penetration test was performed under virtualised condition to check on system vulnerabilities.
Internal scans were performed and common vulnerabilities list relating to the services found
were consulted.
The team concluded that the services run on IPPBX server are reasonably secure from known
vulnerabilities. This is mainly due to the fact that Elastix is based on a mature operating system
10. 9Affordable & Secure IPPBX Solution for Small Businesses
(CentOS 5) and is kept up-to-date. It needs to be noted that for security reasons, IAX2 protocol
MUST be used for communications outside the internal network (i.e mobile extensions).
The team also explored other possible attack vectors and implemented these policies:
IPPBX server and router must be physically secured.
Router Firewall feature must enabled.
DoS attack protection in the Router must be enabled.
Install and configure Fail2Ban to prevent brute-force-attacks.
Recommending the installation of antivirus on host machines connected to the network,
including mobile devices.
Recommending best practices and security policy to prevent malware infection (for both
PCs and mobile devices).
Implementing a regular security audit (e.g. username/password change) policy.
Note: For more details on the security evaluation, please refer to Appendix C: Penetration
Testing.
3.4 Cost-savings Analysis
Based on the team’s cost estimate and compared with the competitors research performed,
there is little cost saving in implementing a self-hosted IPPBX solution within a total of 24
months period.
$0.00
$500.00
$1,000.00
$1,500.00
$2,000.00
$2,500.00
$3,000.00
$3,500.00
Jun-15
Aug-15
Oct-15
Dec-15
Feb-16
Apr-16
Jun-16
Aug-16
Oct-16
Dec-16
Feb-17
Apr-17
MyNetFone
Engin
FaktorTel
Maxo Telecommunications
IPPBX Project
11. 10Affordable & Secure IPPBX Solution for Small Businesses
The cost saving benefit is more tangible when plotted against 36-month period. The self-hosted
IPPBX solution will be able to offer cost saving benefit up to $1101.55 in three years’ time.
However, one needs to keep in mind that these graphs are plotted based on zero user growth.
With addition of extensions, the self-hosted IPPBX will be able to compete more favourably in
total cost over time as the cost saving benefit is multiplied sooner.
4. Conclusion and Future Work
4.1 Conclusion
In conclusion, the team has mixed success in achieving the goal of the self-hosted IPPBX
solution. The margin of success is highly dependable on whether there’s a growth in the number
of users within the 24-month period. With zero growth, the project can be perceived as not
achieving its aim, as it only manages to be comparable with other subscription-based
competitors.
It needs to be noted that the cost-saving benefits is real. However, it may take longer than 24-
months for small businesses to see a return of investment. This may come sooner if the business
grows in the number of users within that period. Ultimately, there are inherent risks in running a
business and it is up to the business to decide if the initial investment required is worth the
savings in the long run.
$0.00
$500.00
$1,000.00
$1,500.00
$2,000.00
$2,500.00
$3,000.00
$3,500.00
$4,000.00
$4,500.00
Jun-15
Sep-15
Dec-15
Mar-16
Jun-16
Sep-16
Dec-16
Mar-17
Jun-17
Sep-17
Dec-17
Mar-18
Jun-18
MyNetFone
Engin
FaktorTel
Maxo Telecommunications
IPPBX Project
12. 11Affordable & Secure IPPBX Solution for Small Businesses
4.2 Future Work
Due to budget restrictions, a lot of hardware implemented in this project may not scale well into
the limits of the number of people classified as small business (19 people). Future works may
want to explore the implementation with more enterprise-grade hardware and its cost
feasibility.
Elastix 2.5.0 will eventually reach its End-of-Life and an upgrade to Elastix 4 will be required
when it reaches a stable release. The system maintainer can then choose to:
1. Run Elastix 4 virtualised under an updated ESXi.
2. Run Elastix 4 server natively.
Further work can be extended to expand on the security aspects of the infrastructure by
developing Security information and event management (SIEM) solution as an add-on for
Elastix. This SIEM system should be able to fetch logs from different devices on the network.
Developed in tandem with security policies, this development may increase response and
recovery time of possible incident(s).
13. 12Affordable & Secure IPPBX Solution for Small Businesses
Bibliography
AGL Sales Pty Limited. (2015, April 05). AGL Business Maximiser - New South Wales small
business electricity market offer - AGD20465MS. Retrieved June 2015, from Energy Price
Fact Sheet:
http://www.agl.com.au/~/media/AGLData/DistributorData/PDFs/PriceFactSheet_AGD2
0465MS.pdf
Almekinders, S. (2014, March 1). Netgear R7000 Nighthawk AC1900 review: the new boss?
Retrieved June 2015, from Hardware.Info:
http://us.hardware.info/reviews/5198/netgear-r7000-nighthawk-ac1900-review-the-
new-boss
Athwal, B., Harmantzis, F. C., & Tanguturi, V. P. (2005). Replacing Centric Voice Services with
Hosted VoIP Services: An Application of Real Options Approach. Hoboken: Stevens
Institute of Technology.
Australian Government Department of Industry, Innovation, Science, Research and Tertiary
Education. (2012). AUSTRALIAN SMALL BUSINESS - KEY STATISTICS AND ANALYSIS.
Brown, K. (2014, March 21). Netgear Nighthawk R7000 AC1900 Wireless Router Review.
Retrieved June 2015, from Legit Reviews: http://www.legitreviews.com/netgear-
nighthawk-r7000-ac1900-wireless-router-review_137796
CVE Details. (n.d.). Apache » Http Server » 2.2.3 : Security Vulnerabilities. Retrieved June 2015,
from CVE Details: http://www.cvedetails.com/vulnerability-list/vendor_id-
45/product_id-66/version_id-40007/Apache-Http-Server-2.2.3.html
CVE Details. (n.d.). Openbsd » Openssh » 4.3p2 : Security Vulnerabilities. Retrieved June 2015,
from CVE Details: http://www.cvedetails.com/vulnerability-list/vendor_id-
97/product_id-585/version_id-43630/Openbsd-Openssh-4.3p2.html
CVE DEtails. (n.d.). Vulnerability Details : CVE-2007-2583 (1 public exploit). Retrieved June 2015,
from CVE DEtails: http://www.cvedetails.com/cve/CVE-2007-2583/
DD-WRT Wiki. (n.d.). DD-WRT On R7000. Retrieved June 2015, from DD-WRT Wiki: http://dd-
wrt.com/wiki/index.php/DD-WRT_on_R7000
Dempster, B., & Garrison, K. (2006). TrixBox Made Easy. Birmingham: Packt Publishing.
Digium, Inc. (2015). Comparing Premises-based and Cloud Phone Systems. Retrieved June 2015,
from Digium: https://www.digium.com/solutions/ip-phone-systems/how-do-i-choose-
hosted-vs-site-voip
14. 13Affordable & Secure IPPBX Solution for Small Businesses
engin. (2015). Critical Information Summary - Hosted Phone PBX 8. Retrieved June 2015, from
CRITICAL INFORMATION SUMMARIES: http://www.engin.com.au/category/22-hosted-
phone-pbx?download=99
FaktorTel. (2015). Critical Information Summary: Managed PBX 4 Lines. Retrieved June 2015,
from Managed PBX Plans: https://faktortel.com.au/cis/CIS-PlanMPBX83.pdf
Galuschka, C. (2015, May 13). CentOS Product Specifications. Retrieved May 2013, from CentOS
Wiki: http://wiki.centos.org/About/Product
Harris, D. (2014, August 18). VoIP Software Small Busines BuyerView | 2014. Retrieved June
2015, from Software Advice: http://www.softwareadvice.com/voip/buyerview/report-
2014/
kernelwho. (2011, June 01). Extracting IAX payloads w/ Wireshark and Decoding G.729 Audio w/
Asterisk. Retrieved June 2015, from kernelwho:
https://kernelwho.wordpress.com/2011/06/01/8/
Kettle, N. (2013, December 04). MySQL 5.0.x - IF Query Handling Remote Denial of Service
Vulnerability. Retrieved June 2015, from Exploit Database: https://www.exploit-
db.com/exploits/30020/
Lee, S. (2013). A Trifecta of Change. CommsDay Summit, (p. 6).
Linksys. (n.d.). Linksys Unmanaged Switches Data Sheet. Retrieved Jun 2015, from LINKSYS
LGS116 16-PORT DESKTOP BUSINESS GIGABIT SWITCH:
http://downloads.linksys.com/downloads/datasheet/en/LGS116_LGS124_English.pdf
Maxo Telecommunications Pty Ltd. (2015). Critical Information Summary: Maxotel 6-Line Plan.
Retrieved from Critical Information Summaries - Maxo Telecommunications:
https://www.maxo.com.au/files/cis/CIS%206-Line.pdf
MyNetFone Limited. (n.d.). About Us: Company Profile. Retrieved June 2015, from MyNetFone:
https://www.mynetfone.com.au/About
MyNetFone Limited. (n.d.). Critical Information Summary: VPBX 2 Service. Retrieved June 2015,
from Virtual PBX hosted business phone system:
https://www.mynetfone.com.au/media/Ts-Cs/Offer-Summaries-CIS/Business-CIS-May-
2015/CIS_MNF_VPBX2-20150430.pdf
NightRang3r. (n.d.). Pentesting VOIP. Retrieved June 2015, from The BackTrack Wiki:
http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
PaloSanto Solutions. (n.d.). Elastix Overview. Retrieved June 2015, from Elastix:
http://www.elastix.org/index.php/en/product-information/elastix-info.html
PSU Technology Group. (2014). Mitel Licensing. Retrieved June 2015, from PSU Technology
Group: http://www.psu.co.uk/Mitel/Mitel-Licensing/
15. 14Affordable & Secure IPPBX Solution for Small Businesses
Puente, G. B. (2015). Elastix Unified Communications Server Cookbook. Birmingham: Packt
Publishing.
Sharif, B. (2010). Elastix without Tears.
staticICE. (2015). staticICE AU. Retrieved June 2015, from staticICE:
http://staticice.com.au/index.html
VMware, Inc. (2015). VMware Lifecycle Product Matrix. Palo Alto, CA, USA.
VOIP-Info.org LLC. (2015, May 19). Hosted PBX Vs On Premise PBX. Retrieved June 2015, from
VOIP-Info.org: http://www.voip-info.org/wiki/view/Hosted+PBX+Vs+On+Premise+PBX
16. 15Affordable & Secure IPPBX Solution for Small Businesses
Appendix A: Competitors Research
MyNetFone
https://www.mynetfone.com.au/
MyNetFone’s wholly owned subsidiary, Symbio Networks, owns and operates Australia’s largest
VoIP network (MyNetFone Limited). Their VPBX 2 Service provides cloud based PBX features and
telephony services over the Internet. It allows 2 concurrent calls inbound or outbound to the
public phone network via numbers hosted on the Virtual PBX platform.
Offer Includes:
concurrent calls
250 included Local / National Calls
Access to Casual Conference plans
Access to Casual SMS services
Virtual PBX Web Portal Access
5 included DIDs (comprised of 5 single DIDs from your nominated area)
Outbound portal based Call Reporting
Automatic IPND updates (public emergency service database)
CLID Over-stamping (Number presented on outbound calls)
Offer Excludes:
CDR Call Reporting (chargeable option)
Inbound Call Reporting (chargeable option)
Priority Assistance Service
Based on the scenario, the plan suitable with MyNetFone is the 2 Line plan. The plan provides:
2 Business Voice lines
Unlimited users
5 phone numbers
250 local / national calls
Cost Breakdown:
Setup Fee = $99 (based on 24-month contract)
Monthly Fee of $60
Total Minimum Price for 24 months (including setup fee based on same contract length)
is $ 1,539 (MyNetFone Limited).
Cisco SPA504G Handset x 5 = $999.75
17. 16Affordable & Secure IPPBX Solution for Small Businesses
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2678.75
Engin
http://www.engin.com.au/
Engine has been offering VoIP technology since 2004 in Australia. Based on the scenario, the
plan suitable with engin is the Hosted Phone PBX 8. This plan provides:
8 included users
10 Number Block = $3.50 (Min. 1 block)
Local Calls = 10c per call
National Calls = 10c per call
Mobile Calls = 17c per minute
engin to engin = UNLIMITED
Month to Month Plans
Cost Breakdown:
Monthly Fee of $79.50
Total Minimum Price for 24 months is $1908 (engin, 2015)
Hardware is purchased separately and is not included as part of the monthly service fee. Hence,
the team includes the same setup as the self-hosted solution.
Linksys LGS116 Switch x 1 = $140
Linksys SPA962 Handset x 5 = $825
Total cost for 24 months subscription: $2873.00
FaktorTel
https://faktortel.com.au/
Located in Queensland, FaktorTel stores and run over 95% of their equipment and servers in
Australia and connect directly to Telstra and Optus lines in each capital city. Based on the
scenario, the plan suitable with engin is the Managed PBX 4 Lines. This plan provides:
18. 17Affordable & Secure IPPBX Solution for Small Businesses
Up to 4 concurrent calls
10 included DIDs
Free calls between FaktorTel users
8 Extensions, 1 IVR, 3 Queues
Virtual PBX web portal access
CLID Over-stamping (Number presented on outbound calls)
Local Calls 9c untimed
Mobile calls 79c/minute
Cost Breakdown (FaktorTel, 2015):
Setup Fee = $139.95
Monthly Fee = $83.95
Yealink T22-P 3 Line IP Phone x 5 = $649.50
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2944.25
Maxo Telecommunications
https://www.maxo.com.au/
Based on the scenario, the plan suitable with engin is the 6-LINE. This plan provides:
6 included DIDs
6 Extensions
6 Lines
10c Local/National Call Rate
13c/min Australian Mobile Rate
Main Number Callback
PBX Live Dashboard
Missed Call Notify SMS/App
Cost breakdown (Maxo Telecommunications Pty Ltd, 2015):
Monthly Fee = $54.95
Yealink T42G SIP Phone x 5 = $1029.95
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
19. 18Affordable & Secure IPPBX Solution for Small Businesses
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2,488.75
Elastix Features
Elastix is an open-source Software to establish Unified Communications. Its goal is to
incorporate all the communication alternatives, available at an enterprise level, into a unique
solution (PaloSanto Solutions).
Elastix has multiple features and functionalities related with the following services:
IP Telephony
Mail Server
Fax Server
Conferences
Instant Messaging Server
PBX features:
Call recording
Conference center with virtual rooms
Voicemail
SIP and IAX support, among others
Voicemail-to-Email functionality
Supported codecs: ADPCM, G.711 (A-Law & μ-Law), G.722, G.723.1 (pass through),
G.726, G.728, G.729, GSM, iLBC (optional) among others.
Flexible and configurable IVR
Support for analog interfaces as FXS/FXO (PSTN/POTS)
Voice synthesis support
Support for digital interfaces (E1/T1/J1) through PRI/BRI/R2 protocols
IP terminal batch configuration tool
Caller ID
Integrated echo canceller by software
Multiple trunk support
End Point Configurator
Incoming and outgoing routes with support for dial pattern matching
Support for video-phones
Support for follow-me
Hardware detection interface
Support for ring groups
20. 19Affordable & Secure IPPBX Solution for Small Businesses
DHCP server for dynamic IP
Support for paging and intercom
Web-based operator panel
Support for time conditions
Call parking
Support for PIN sets
Call detail record (CDR) report
Direct Inward System Access (DISA)
Billing and consumption report
Callback support
Channel usage reports
Support for bluetooth interfaces through cell phones (chan_mobile)
Support for call queues
Elastix Operator Panel (EOP)
Distributed Dial Plan with dundi
Voip Provider configuration
Elastix Operator Panel (EOP)
Distributed Dial Plan with dundi
Voip Provider configuration
Asterisk Real Time
Fax features:
Fax server based on HylaFax
Fax to email customisation
Fax visor with downloaded PDFs
Access control for fax clients
Fax to email application
Can be integrated with Winprint Hylafax
SendFax Module
Fax send through Web Interface
SendFax Module - Fax send through Web Interface
General Features:
Online embedded help
Centralized updates management
System resources monitor
Backup/restore support via Web
Network configurator
Support for skin
Server shutdown from the web
Configurable server date, time and timezone
Access control to the interface based on ACLs
21. 20Affordable & Secure IPPBX Solution for Small Businesses
Update to freePBX 2.8.1-16
Update to CentOS a 5.9.
Update to dahdi a 2.6.1-4
Update to asterisk 1.8.20
Update to wanpipe-util 3.5.10-0
Backups on a FTP server
Heartbeat Module
Elastix Modules at RPMs
DHCP Client List Module
Automatic Backup Restore
Backup Restore Validation
DHCP by MAC
Elastixwave
Elastix News Applet
Hardware detector enhancement
Telephony Hardware Info
Communication activity applet
Process Status Applet
Collaboration features:
PBX-integrated calendar with support for voice notifications
Phone Book with click-to-dial capabilities
Two CRM products integrated to the interface (vTigerCRM and SugarCRM)
Web Conference
New Features in Calender Module
Extras:
Billing support with A2Billing
Integrated CRM: vTigerCRM and SugarCRM
Addons Module
Instant Messaging Features:
Openfire instant messaging server
Report of user sessions
IM client initiated calls
Jabber support
Web based management for IM server
Plugins support
IM groups support
LDAP support
Support for other IM gateways like MSN, Yahoo Messenger, GTalk and ICQ
Server-to-server support
22. 21Affordable & Secure IPPBX Solution for Small Businesses
Email Features:
Mail server with multi-domain support
Support for quotas
Web based management
Antispam support
Support for mail relay
Based in Postfix for high email volume
Web based email client
Email List management
Remote SMTP Module
From the list of features offered, the team concluded that Elastix as a unified communications
can offer the same if not more features than its commercial competitors. Its main advantage is
that the features it offers are not tied to specific contracts.
Appendix B: Hardware and Software Research
To implement the IPPBX solution proposed, the team recommends hardware as specified below:
IPPBX Server: HP ProLiant Microserver G1610T with 2GB ECC RAM and 128GB SSD.
Router: Netgear R7000 Nighthawk.
Internet Telephony Gateway: Digium TDM410.
Switch: Linksys LGS116.
IP Phone: Linksys SPA962.
Cat6 nework cables.
The hardware recommended in the above list should be viewed as guidelines and not as
absolutes. The main concerns with hardware selection are availability and compatibility.
In the hardware selection, the team encountered some limitations in finding the right
consumer-level router. In order to implement mobile extensions for the IPPBX solution, a router
with VPN end-to-end support is required. The large majority of consumer routers available only
support VPN passthrough, which is not adequate for this purpose. The team finally selected
Netgear R7000 as the main VPN router. Some considerations in choosing this router:
The router is widely available and can be purchased for under $200 in Australia.
The router can be flashed with custom firmware that enables more advanced features
(VPN end-to-end).
It is a consistent top performer in reviews with one of the lowest power consumption
(Brown, 2014) (Almekinders, 2014).
23. 22Affordable & Secure IPPBX Solution for Small Businesses
The team also decided to use xWRT-Vortex firmware on the R7000 router. Although other
custom firmwares are available, the team found that they have common major problems:
There are a few proprietary components that are closed source which many of these custom
firmwares won’t include. This may have impact on the performance on the router. For example,
DD-WRT is known to suffer speed penalty (DD-WRT Wiki) in R7000 router. xWRT-Vortex is based
on Asuswrt-Merlin, a custom firmware originally written for Asus brand routers. However, it has
then been ported to run on R7000. One of the main advantages of using this firmware
The implementation of this IPPBX solution incorporates a server software called Elastix. Elastix
was chosen due to its all-in-one approach in providing unified communications solution. Its
functionality is based on open source projects, such as Asterisk, FreePBX, HylaFAX, Openfire and
Postfix.
Despite the fact that the server hardware used in this project is compatible with Elastix 2.5.0,
this may not be true with other hardware. The underlying Linux Operating System distribution of
Elastix 2.5.0 is CentOS 5, which was released on 12th
April 2007 and had stopped receiving full
updates since the first quarter of 2014. This means that no more new features will be added to
the operating system and with it the support for newer hardware.
Although CentOS 5 will still be receiving maintenance updates (i.e. bug fixes, security updates), it
may face major difficulties in running on newer hardware. An updated version, Elastix 4.0.0
based on CentOS 7 (currently under development) will solve this problem. However, as of time
of writing it is only at Beta 1 stage and hence is not yet ready for deployment in production
machine. This poses a dilemma, as using older hardware may compromise on system reliability
and using newer hardware for Elastix server is preferable due to cost saving from their superior
power-efficiency.
A workaround for this problem is to implement a virtualisation solution in this major version
transition stage. A bare-metal hypervisor can be used to run a virtualised instance of Elastix
2.5.0 at slight performance penalty. Another advantage of running
The team recommends using VMware ESXi 5.5 Update2 for this workaround due to following
considerations:
VMware ESXi is commonly used in the industry.
It incurs no additional fee (free license).
ESXi 5.5 Update 2 is a mature product (ESXi 5.0 was released on 2011).
CentOS 5 will be supported with maintenance updates up to 31st
March 2017 (Galuschka, 2015)
and VMware ESXi 5.5 Update 2 will reach its end of general support on 19th
September 2018
(VMware, Inc., 2015). It can be safely assumed that Elastix 4.0.0 stable release will be available
before ESXi reach its EOS.
Another advantage of this workaround is the ability to run other operating system in tandem
within the same device, providing other services for the small business (the hardware still have
24. 23Affordable & Secure IPPBX Solution for Small Businesses
to meet its system requirements). One example is to run Elastix for IPPBX in one Virtual
environment, while running a NAS solution (e.g. FreeNAS, NAS4Free, etc.) on another to cater
for the business’ file archival needs.
Digium TDM410 was selected as telephony card. Although external internet telephony gateways
are available at a cheaper price, the team concludes that the labour time saved from not having
to configure external internet gateway is cost-efficient (Digium internet telephony card are
guaranteed to work with Elastix).
The switch used is a 16-port Linksys desktop business gigabit switch. This switch is selected
mainly due to cost consideration and power efficiency, as it meets EEE (Energy Efficient
Ethernet) 802.3az standard (Linksys).
Appendix C: Penetration Testing
Nmap Scanning
25. 24Affordable & Secure IPPBX Solution for Small Businesses
Metasploit services
The team found the following services :
Two mail services (POP3)
Cyrus pop3d 2.3.7 Invoca-RPM-2.3.7-12.el5_7.2 (port 110) cev-2006-2502
Cyrus pop3d (port 995)
One mail service on smtpd
Postfix smtpd (port 25)
1 Http Webserver
Apache httpd 2.2.3 CentOS (port 80)
1 SSH Service
OpenSSH 4.3 Protocol 2.0 (port 22)
1 Imap Service
Cyrus imapd 2.3.7 (port 110)
1 mysql service
MySQL 5.0.95 (port 3305)
2 Services (one http and one imap) running ssl (secure socket layer)
Apache httpd 2.2.3 (same as the normal http server)
Cyrus imapd (same as the normal imapd service)
The team then checks the vulnerabilities of these services:
Cyrus Imap
26. 25Affordable & Secure IPPBX Solution for Small Businesses
This exploit will not work on the machine since it isonly exploitable on version 2.3.4 and the
Elastix server uses version 2.3.7. The team also consulted http://www.1337day.com for other
exploits.
The team found that they have the same exploit as the exploits-db currently used. It is
concluded that
postfix smtpd
The first and only exploit seen on postfix smtpd is associated with a buffer overflow that works
on a 2005-1099 CVE exploit created by Salim Gasmy. However, the service ran in this machine is
made by different people. Therefore, the team concluded that the service has no known
exploits.
27. 26Affordable & Secure IPPBX Solution for Small Businesses
Apache httpd 2.2.3 CentOS
The team found from CVE details that this version of Apache has 45 Vulnerabilities (CVE Details).
However, the highest and most damaging vulnerability in this (CVE-2010-0425) occurs only
when the webserver is running on a Windows machine. Another vulnerability (CVE-2007-6423)
also applies only to Windows machines. The rest of vulnerabilities are in the form of XSS
Scripting and DoS, the first one is handled by the Web App and the second can be mitigated by
using a firewall that can capture DOS attacks and is only relevant if the organisation’s
infrastructure is specifically targeted.
Denial of Service (DoS) Vulnerabilities:
CVE-2014-0231
CVE-2014-0098
CVE-2013-6438
CVE-2013-1896
CVE-2012-0031
CVE-2011-4415
CVE-2011-3348
CVE-2011-3192
CVE-2011-0419
CVE-2010-1452
CVE-2010-0408
CVE-2009-2699
CVE-2009-1891
CVE-2009-1890
CVE-2007-6750
CVE-2007-6422
Cross-site scripting (XSS) Vulnerabilities:
CVE-2012-4558
CVE-2012-3499
CVE-2012-2687
CVE-2008-2939
CVE-2008-2168
CVE-2008-0455
CVE-2007-6421
CVE-2007-6388
CVE-2007-6203
CVE-2007-5000
CVE-2007-4465
28. 27Affordable & Secure IPPBX Solution for Small Businesses
CVE-2006-5752
OpenSSH 4.3 Protocol 2.0
The scan is based on CVE Details list of vulnerabilities on OpenSSH 4.3 (CVE Details). Firstly, the
team uses the auxliary scanner from msf. However, no users were found through this method.
The team can confirm this, because a user called User1 was created and there is also the user
root, but it doesn’t authenticate any of them. Moreover, when the team searches for a list of
exploits in the exploit-db and 1337day, the team found that they only affect older versions.
MySQL 5.0.95
The team found that there is only one vulnerability (CVE DEtails) and one exploit (Kettle, 2013)
available for said vulnerability applicable for this version of MySQL. However, this vulnerability
can only be exploited if the attacker can get ahold of a username and its password in order to
log in to the webserver.
After analysing the team concludes that all our services are secure as far as to known
vulnerabilities
VoIP Pentesting
The VoIP system that runs in our Elastix Box runs on two different kinds of protocols, SIP and
IAX2. However, it can also use SILK to communicate with Skype users. The main problem faced is
that the SIP protocol is not very secure (NightRang3r). It will only be used in the internal
network, while IAX2 will be implemented for voice traffic that requires communicating to the
outside network (i.e. mobile extensions).
29. 28Affordable & Secure IPPBX Solution for Small Businesses
IAX2 is a strongly encrypted protocol that can provide more security features than SIP. As an
example, if a Man-in-the-Middle attack occurs, attacker can fully capture conversation using SIP
protocol. However, attacker cannot fully capture IA2 packets, as the initialization packet can
only be obtained using tcp_dump command inside the server machine. . The Pentesting Voip
article by NightRang3r (NightRang3r) demonstrated that files can be captured from either parts
of the communication in SIP protocol to be cracked. However, this could not happen if the
communication is performed from 2 users outside the network (i.e. mobile clients), as their
communications is hidden by VPN tunneling. Attacker would need to see the output on the
user’s mobile phone in order to reproduce it.
To examine IAX2 protocol, the team performed this test:
A user2000 (192.168.1.4) performs a call to user 3000 (192.168.1.5):
30. 29Affordable & Secure IPPBX Solution for Small Businesses
By observing Wireshark packet capture, the team found that there is a packet which starts at
192.168.1.6 (Elastix Server) creates a packets to open the connections. This packet however is
not present for either of the users as can seen in the screenshot.
Based on the article written by kernelwho regarding extracting IAX payloads (kernelwho, 2011),
without the first file that arranges the file transfers inside the network, the team cannot
continue to decode the IAX2 packets, as this is the packet that sets the encryptions rules.
Another way to get around this is to use a brute-force attack. However, this attack can be
mitigated relatively easily with proper implementation of Fail2ban.
The team concluded that the inside and outside communications are reasonably secure as long
as the system is kept up-to-date, firewall is implemented and Fail2ban configured. Moreover,
some security policies and guidelines must be implemented to mitigate other possible threats
within the network itself.
Appendix D: Cost Estimate
Initial Costs
The team calculates the estimate based on the equipment needed to deploy IPPBX for 5
extensions and 2 mobile extensions. Hardware cost estimate is based on market price as of June
2015 (staticICE, 2015).
Item Cost ($)
HP MicroServer HP ProLiant MicroServer Gen8 G1610T
ECC RAM Upgrade to 4GB
465
70
Digium TDM410 Telephony Card 165
128GB SSD (SanDisk) 70
Router (Netgear R7000 Nighthawk) 192
Switch (Linksys LGS116) 140
Cabling 220
IP Phones (Linksys SPA962) x 5 (with chargers) 825
Labour (3hr setup with 1 hr training) 500
Total Cost: $2647
31. 30Affordable & Secure IPPBX Solution for Small Businesses
Electricity Cost
Running a separate server as an IPPBX server will not only incur initial infrastructure setup cost,
but also additional ongoing electricity cost. The team then measured the electricity using Power
Mate electric meter by CCI Pty Ltd. This power meter is widely available to borrow from local
libraries as save-power kit.It needs to be noted that electricity consumption of other devices
were not measured, as the purpose of this measurement is to calculate only the extra electricity
usage from hosting IPPBX server on premise.
The team calculates the cost of electricity consumption based on the rate provided in AGL
Business Maximiser - New South Wales small business electricity market offer (2 year energy
plan period using single rate meter) released on 05 April 2015 (AGL Sales Pty Limited, 2015) at
25.685000 cents per kWh.
To simulate electricity usage under load, stress test were performed with stress using the
following switches:
stress -c 2 -m 2 -d 1
The team recorded an average of 35W/h when the server is idle and 52W/h when under stress.
Assuming that the server is under continuous stress for 9 hours and idling for the rest of the day,
the team uses this calculation to estimate electricity cost of running the self-hosted IPPBX
server:
(((0.2569 * 0.052) * 9) + ((0.2569 * 0.035)* 15))*365 = 93.1121205
The team concluded that the ongoing electricity cost to main the deployed Elastix server is
estimated at $93.10 per year.
Based on the calculations above, the team concluded that the total cost of operating a self-
hosted IPPBX system over 24 months is estimated at $2833.20.
32. 31Affordable & Secure IPPBX Solution for Small Businesses
Appendix E: Configuration
Elastix Configuration
37. 36Affordable & Secure IPPBX Solution for Small Businesses
Fail2ban
yum -y install jwhois
cd /usr/src/
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-
0.8.4/fail2ban-0.8.4.tar.bz2/download
tar -jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
cd /etc/fail2ban/filter.d
touch asterisk.conf
vi /etc/fail2ban/filter.d/asterisk.conf
#
#
# $Revision: 251 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
38. 37Affordable & Secure IPPBX Solution for Small Businesses
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>S+)
# Values: TEXT
#
# Asterisk 1.8 uses Host:Port format which is reflected here
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching
peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching
peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Username/auth
name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does
not match ACL
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Peer is not
supposed to register
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - ACL error
(permit/deny)
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does
not match ACL
NOTICE.* .*: Registration from '".*".*' failed for '<HOST>:.*' - No
matching peer found
NOTICE.* .*: Registration from '".*".*' failed for '<HOST>:.*' - Wrong
password
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
NOTICE.* .*: <HOST> failed to authenticate as '.*'
NOTICE.* .*: <HOST> tried to authenticate with nonexistent user '.*'
39. 38Affordable & Secure IPPBX Solution for Small Businesses
VERBOSE.*SIP/<HOST>-.*Received incoming SIP connection from unknown peer
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Modify the [default] ignoreip section and Add the [asterisk-iptables] section to your
/etc/fail2ban/jail.conf file :
#/etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/16
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=you@company.com,
sender=fail2ban@company.com]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 86400
-------
backup the logger.conf file to logger.conf.bak and create a new one
mv /etc/asterisk/logger.conf /etc/asterisk/logger.conf.bak
touch /etc/asterisk/logger.conf
Copy these contents into the new file vi /etc/asterisk/logger.conf
;
; Logging Configuration
;
; In this file, you configure logging to files or to
; the syslog system.
;
; For each file, specify what to log.
;
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See 'asterisk -h' for more information.
;
; Directory for log files is configures in asterisk.conf
; option astlogdir
;
[general]
dateformat=%F %T
40. 39Affordable & Secure IPPBX Solution for Small Businesses
[logfiles]
;
; Format is "filename" and then "levels" of debugging to be included:
; debug
; notice
; warning
; error
; verbose
;
; Special filename "console" represents the system console
;
;debug => debug
; The DTMF log is very handy if you have issues with IVR's
;dtmf => dtmf
;console => notice,warning,error
;console => notice,warning,error,debug
;messages => notice,warning,error
full => notice,warning,error,debug,verbose
;syslog keyword : This special keyword logs to syslog facility
;
;syslog.local0 => notice,warning,error
;
fail2ban => notice
----------------
Reload logger module in Asterisk
asterisk -rx "module reload logger"
Add Fail2ban to the list of startup services
chkconfig fail2ban on
Start fail2ban
/etc/init.d/fail2ban start
Verify
iptables -L -v
You should see "fail2ban-ASTERISK" in your iptables output.