This document analyzes and compares the costs of implementing a self-hosted IPPBX solution versus subscription-based IPPBX services for small businesses over 24 months. The analysis finds that the self-hosted solution provides negligible cost savings within 24 months but meaningful savings over 36 months. Security testing found the self-hosted solution to be reasonably secure from known vulnerabilities with proper configuration. Future work may explore solutions to address limitations in scalability and call quality.
Software-Defined Supply Chain: The Next Industrial RevolutionLeonard Lee
Presentation of the Software-Defined Supply Chain that provides a point of view on the transformative potential of 3D printing, advanced robotics, and open source electronics hardware on manufacturing and supply chain as we know it today. This presentation was delivered to the CSCMP (Council of Supply Chain Management Professionals) on September 17, 2013.
Forrester Research and LifeSize Webinar: 5 Easy Ways to Accelerate Your Vide...Lifesize
Phil Karcher, Forrester Research & Simon Dudley, Video Evangelist for LifeSize share 5 Easy Ways to Accelerate Your Videoconferencing Strategy with Virtualization. Trends, research, insights and more
The advantage of Red Hat Enterprise Linux over community projectselladeon
The temptation with open source software is to focus on the free alternatives - because it has all the benefits of emerging technologies and dynamic development communities plus it’s free!
And that’s where the costs really begin. Many I.T. departments fall into the trap of looking at the initial price, but fail to account for the complete lifecycle of their infrastructure. That misses the underlying costs of free software (and the critical business advantage of RHEL): maintenance, stability, support, security, automation, and training.
Your I.T. infrastructure is a business-critical system. As you’re planning I.T. projects, from routine maintenance and upgrades to digital transformation initiatives, you need an infrastructure that is both flexible and stable. It has to be reliable for you to be able to plan and execute effective transformation initiatives and to best manage your I.T. resources (and people).
That’s where the advantage of Red Hat Enterprise Linux lies: a RHEL subscription provides the Linux software that is the foundation of datacenter (and cloud) infrastructure, but it also includes the lifecycle maintenance, automation and management tools like Red Hat Insights, and security features and fixes that are required for an infrastructure that is both resilient and adaptive.
Software-Defined Supply Chain: The Next Industrial RevolutionLeonard Lee
Presentation of the Software-Defined Supply Chain that provides a point of view on the transformative potential of 3D printing, advanced robotics, and open source electronics hardware on manufacturing and supply chain as we know it today. This presentation was delivered to the CSCMP (Council of Supply Chain Management Professionals) on September 17, 2013.
Forrester Research and LifeSize Webinar: 5 Easy Ways to Accelerate Your Vide...Lifesize
Phil Karcher, Forrester Research & Simon Dudley, Video Evangelist for LifeSize share 5 Easy Ways to Accelerate Your Videoconferencing Strategy with Virtualization. Trends, research, insights and more
The advantage of Red Hat Enterprise Linux over community projectselladeon
The temptation with open source software is to focus on the free alternatives - because it has all the benefits of emerging technologies and dynamic development communities plus it’s free!
And that’s where the costs really begin. Many I.T. departments fall into the trap of looking at the initial price, but fail to account for the complete lifecycle of their infrastructure. That misses the underlying costs of free software (and the critical business advantage of RHEL): maintenance, stability, support, security, automation, and training.
Your I.T. infrastructure is a business-critical system. As you’re planning I.T. projects, from routine maintenance and upgrades to digital transformation initiatives, you need an infrastructure that is both flexible and stable. It has to be reliable for you to be able to plan and execute effective transformation initiatives and to best manage your I.T. resources (and people).
That’s where the advantage of Red Hat Enterprise Linux lies: a RHEL subscription provides the Linux software that is the foundation of datacenter (and cloud) infrastructure, but it also includes the lifecycle maintenance, automation and management tools like Red Hat Insights, and security features and fixes that are required for an infrastructure that is both resilient and adaptive.
8 Steps for Selecting Oil and Gas SoftwareJeff Dyk
The process of selecting an oil and gas software solution is a critical one. It's also expensive. In order to evaluate which solution will best meet your needs, we've create a guide to help navigate the process.
Thought Leader Interview: Dr. William Turner on the Software-Defined Future ...Iver Band
As the Vice President, Datacenter Architecture at Presidio,
William Turner, PhD has more than 20 years of hand-son,
full-project-cycle experience in strategizing, designing and
deploying large-scale Fortune 500 networks and security
solutions. His extensive background in banking, security,
and government has yielded several well regarded industry
standards and noted reference models.
Dr. Turner envisions and drives a future in which sophisticated software provisions and de-provisions IT infrastructure automatically in response to business needs. The specialized appliances enterprises traditionally rely upon will be replaced by industry-standard hardware playing necessary roles on demand.
EAPJ conducted this interview from the perspective of an infrastructure architect considering a software-defined future for the networking, hosting and storage underlying a
major upcoming application investment.
Economic Value Validation: Aerohive Controller-less Wireless Architecture, by...Aerohive Networks
Mobility has not only changed how we live, it is also dramatically changing the network infrastructures that we rely on. As organizations cope with a tidal wave of mobile users, mobile applications, and demand for pervasive access, it’s becoming clearer that prior-generation approaches to providing mobility (controller-based) are breaking. Beyond providing the requisite performance and scale that mobility demands, the scenarios illustrated in this paper give a comprehensive overview of the clear economic justification for controller-less architectures and Aerohive in particular have over legacy controller environments.
These slides based on the webinar provide key results from the EMA “Advanced Network Analytics: Applying Machine Learning and More to Network Engineering and Operations” research report.
Topics covered include technology strategies, data collection priorities, organizational benefits, and challenges of cutting edge network analytics strategies.
Advantages and disadvantages of cloud based manufacturing softwareMRPeasy
Manufacturers are inclining more toward becoming positioned technologically. As implementing these advancements, they face aspects that must be considered.
#mrp #disadvantage #advantages #cloudbasederpsoftware #manufacturing #manufacturingsoftware #mrpeasy #erp #erpsystem #mrpsystem
Are you paying too much to monitor your company’s network infrastructure? Not sure what you’re paying for? What you don’t know is costing you!
Gain insights into the hidden cost of infrastructure monitoring with our ebook
Wolters Kluwer and Risk.Net present the current challenges, priorities and trends influencing banks’ investment in risktech and assesses how they can drive better value in the future. Survey report.
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
CAST Highlight is the SaaS platform to track software health, cloud readiness, complexity and cost of your software portfolio using predictive pattern analysis.
It will analyze the frequency of bad code pattern in application.By combining code quality metrics and indicators with information gathered from your development experts, CAST HIGHLIGHT identifies the critical systems that have high probability of failure or maintenance risk. This rapid discovery and classification of your systems and potential vulnerabilities allows you to divert resources for further investigation, root cause analysis, or reallocation to prevent failures.
8 Steps for Selecting Oil and Gas SoftwareJeff Dyk
The process of selecting an oil and gas software solution is a critical one. It's also expensive. In order to evaluate which solution will best meet your needs, we've create a guide to help navigate the process.
Thought Leader Interview: Dr. William Turner on the Software-Defined Future ...Iver Band
As the Vice President, Datacenter Architecture at Presidio,
William Turner, PhD has more than 20 years of hand-son,
full-project-cycle experience in strategizing, designing and
deploying large-scale Fortune 500 networks and security
solutions. His extensive background in banking, security,
and government has yielded several well regarded industry
standards and noted reference models.
Dr. Turner envisions and drives a future in which sophisticated software provisions and de-provisions IT infrastructure automatically in response to business needs. The specialized appliances enterprises traditionally rely upon will be replaced by industry-standard hardware playing necessary roles on demand.
EAPJ conducted this interview from the perspective of an infrastructure architect considering a software-defined future for the networking, hosting and storage underlying a
major upcoming application investment.
Economic Value Validation: Aerohive Controller-less Wireless Architecture, by...Aerohive Networks
Mobility has not only changed how we live, it is also dramatically changing the network infrastructures that we rely on. As organizations cope with a tidal wave of mobile users, mobile applications, and demand for pervasive access, it’s becoming clearer that prior-generation approaches to providing mobility (controller-based) are breaking. Beyond providing the requisite performance and scale that mobility demands, the scenarios illustrated in this paper give a comprehensive overview of the clear economic justification for controller-less architectures and Aerohive in particular have over legacy controller environments.
These slides based on the webinar provide key results from the EMA “Advanced Network Analytics: Applying Machine Learning and More to Network Engineering and Operations” research report.
Topics covered include technology strategies, data collection priorities, organizational benefits, and challenges of cutting edge network analytics strategies.
Advantages and disadvantages of cloud based manufacturing softwareMRPeasy
Manufacturers are inclining more toward becoming positioned technologically. As implementing these advancements, they face aspects that must be considered.
#mrp #disadvantage #advantages #cloudbasederpsoftware #manufacturing #manufacturingsoftware #mrpeasy #erp #erpsystem #mrpsystem
Are you paying too much to monitor your company’s network infrastructure? Not sure what you’re paying for? What you don’t know is costing you!
Gain insights into the hidden cost of infrastructure monitoring with our ebook
Wolters Kluwer and Risk.Net present the current challenges, priorities and trends influencing banks’ investment in risktech and assesses how they can drive better value in the future. Survey report.
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
CAST Highlight is the SaaS platform to track software health, cloud readiness, complexity and cost of your software portfolio using predictive pattern analysis.
It will analyze the frequency of bad code pattern in application.By combining code quality metrics and indicators with information gathered from your development experts, CAST HIGHLIGHT identifies the critical systems that have high probability of failure or maintenance risk. This rapid discovery and classification of your systems and potential vulnerabilities allows you to divert resources for further investigation, root cause analysis, or reallocation to prevent failures.
Complete VoIP Software Solution to fulfill Your VoIP Business needsAdore Infotech
VoIP Phone System has been extremely used for the advantage of communication by its unique and creative components. They have without a doubt changed the pace and face of business, enhancing each aspect of correspondence. With the utilization of VoIP telephones, organizations have possessed the capacity to put and deal with different calls and viably render answers to each with the minimum conceivable measure of deferral. Thus, they can inspire their notoriety and effectively reinforce purchaser maker and inward connections in the organization.
Our greatly famous and impactful products Softswitch, VoIP Billing , IPPBX, Wholesale VoIP,Calling Card System, Customized Mobile Dialer and Branded Softphone have set a standard in telecom market with reasonable price and deserving features. Recently, we have changed the genre of VoIP Service Providersby reforming the quality and productivity of service with our latest Adore Wholesale VoIP product.
IT Cost Optimization POC Highlights: Creating Business Value from Software Us...Scalable Software
You probably know that some software at your organization is underused or unused. But did you know that the full extent of the waste can be almost invisible when usage is tracked conventionally?
Without an unconventionally rigorous, almost forensic level of real usage tracking, you are spending more than you should on software. Read how one company discovered that almost 30% of their applications were under-used or not used at all, using this unconventional approach.
Reducing Total Cost of Ownership: Leveraging FIS' Private Cloud ServicesFIS
More than 75 percent of the IT budget is spent on maintaining and running software applications, and hidden personnel costs can be as high as 70 percent of the total cost of software. In addition, indirect costs – such as system downtime and interface failures – can amount to more than 50 percent of a system’s total cost of ownership (TCO).
With the increased margin pressures energy companies face today, managing your own systems and infrastructures for trading, risk and operations can overburden your already strained resources. Learn how FIS’ private cloud services can help your firm reduce the TCO of your enterprise systems, scale to growth and optimize performance.
Are you ready?
PwC’s Software Robotics Solution uses smart software
to replicate tasks and processes that are performed by
humans.
This has become popular for transformational
programmes because of the following reasons:
• Non-Invasive: The software is deployed on the
existing technology architecture so underlying
systems/applications remain unchanged
• Rapid deployment: time to implement is
“weeks” and not “months”
• Early payback: Return on investment is
typically 1 to 2 years (sometimes sooner)
depending on type of process and volumes –
which is fast when compared t
Becoming a Software-Centric Business - Best Path Forward in an Uncertain Post...Cognizant
Innovating in a post-pandemic world will pose new challenges — from unpredictable shifts in customer behavior to development teams that work from home by necessity or choice. Adapting quickly to new risks and opportunities requires a modern infrastructure and application architecture, new processes and a culture that rewards experimentation.
A model demonstrating why SaaS is the best option for banks when accessing technology. Credit Risk systems are key interface points for bankers and an ideal case study. Banks have long ago realised owning property is not a good use of capital, and the logic is more compelling for a fast depreciating asset like software.
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
Businesses involved in mergers and acquisitions must exercise due diligence in ensuring that the technology environment of the future organization is robust and adequately protects their information assets and intellectual property.. Such an effort requires time and open sharing to understand the physical locations, computing environment, and any gaps to address. Lack of information sharing can lead to a problematic systems integration and hamper the building of a cohesive enterprise security posture for the merged organization.
Often the urgency of companies undergoing a merger and acquisition (M&A) impedes comprehensive due diligence, especially in cybersecurity. This creates greater challenges for the cybersecurity engineering architect, who typically leads the cybersecurity assessment effort and creates the roadmap for the new enterprise security solution for the future organization. However, the business interest and urgency in completing the merger can also represent an opportunity for CISOs to leverage additional resources and executive attention on strategic security matters.
In this project, you will create a report on system security issues during an M&A. The details of your report, which will also include an executive briefing and summary, can be found in the final step of the project.
There are nine steps to the project. The project as a whole should take two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverable
Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would .
White paper achieving the most economically advantageous applications solutio...Newton Day Uploads
This is a White Paper that I produced in 2010 on the subject of how organizations have the potential to always achieve the most economically advantageous application solution for their business by insourcing IT thanks to the evolution of near-real-time applications authoring.
Appendix AOperating ScenarioGPSCDU Project for Wild B.docxlisandrai1k
Appendix A
Operating Scenario
GPS/CDU Project for Wild Blue Yonder Technologies
Wild Blue Yonder Technologies Inc (WYBT) is a general holding company whose line of business is tailored to high-tech holdings. Wild Blue Yonder Technologies various subsidiary companies are maintained as one coordinated business from offices in New York City. The centralization of policy and planning direction at one location has historically produced higher revenues, profit margins, and customer satisfaction. The necessary degree of coordination is enabled by a global, enterprise network that is managed from the New York location.
That network provides secure telecommunications capability with embedded firewall protection, multi-carrier cellular access options and automatic access point database updates for all connection types. It enables access to the enterprise’s applications from any location on an as-needed basis. The network also provides integrated, any distance, seamless connectivity to WBYT’s centralized information resources.
WBYT’s holdings are concentrated in
advanced technology products
and services. Two closely held subsidiaries deal exclusively with the Federal government. The line of business of one, which is based in Gaithersburg, Maryland, is R&D and manufacture for advanced capability components for the F 16 Fighting Falcon and F 18 Super Hornet. The other, based in Jacksonville deals in R&D in target acquisition and fire control systems for Army helicopters. There is also a manufacturing facility in Detroit. That facility builds Leopard tanks for the Canadian Army under license from the German government. Other close holdings in WBYT’s empire include a commercial electronics R&D facility in Corvallis. The Corvallis facility also does contract work for the Idaho National Laboratory. In addition to the closely held corporations, there are loosely held electronics manufacturing, or service holdings in Pittsburgh, Houston, Des Moines, Sioux Falls, Denver and Bozeman. These facilities serve the consumer high-tech industry.
Finally, there are a number of loosely held international corporations in India, Australia and across the Pacific Rim, all concentrated in advanced technology. All computer services for that region are provided over
a public/private VPN
, which is maintained for that area in Singapore. The Singapore data center is actually owned and operated by WBYT, as part of the company’s global VPN. The VPN itself is maintained out of the New York office.
According to WBYT’s charter, the primary business goal of the Company is to utilize the global marketplace to provide high quality technology components at the lowest price possible price.
Wild Blue Yonder Technologies entered the market knowing that the ability to closely monitor its operation and deliver competitive business information quickly was going to be a prerequisite to its success, particularly in the integration and reuse of COTS products. In essence, its entire.
IBM Relay 2015: Cloud is All About the Customer IBM
Debuting new research data, Forrester's John Rymer discusses the rapid growth of "customer-centric" workloads in the cloud and the challenges many organizations have faced with private cloud.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: John Rymer (Analyst, Forrester)
In today’s globalized, competitive marketplace, being able to leverage technology to deliver faster turnaround times, meet lower pricing goals and provide customizable options can mean the difference between sustainability and irrelevancy. In this ebook, we’ll explore some of the leading solutions transforming the manufacturing industry:
- Automation for cost savings
- 3D printing for improved productivity
- Smart data for quality assurance
- Connectivity for safety and communication
- Security solutions to protect it all
Learn more: http://ms.spr.ly/6006Twegg
Continuous Delivery Operating Model for Insurers: Building a Software “Value-...Cognizant
To compete with digital start-ups, established insurers need to build a streamlined, waste-free pipeline for rapid software delivery. We recommend an integrated approach to the four types of change needed: culture, process, engineering practices and platforms.
FORFIRM is a FINTECH consulting company with clients in European market answering real business challenges for our clients through innovation and deep industry knowledge.
In 2018 "European Innovation Management Academy", based on "House of Innovation" framework by A.T. Kearney " analyzed over 3000 digital companies around Europe scoring FORFIRM at the TOP in terms of Innovation strategy, Organization and culture of innovation, life cycle and Enabler factor.
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"How Haleon have established a software-defined lifecycle that decreases the effort required for build and integration. Making new features, bug fixes, experiments, configuration changes always ready for deployment to a production environment."
Accounting for Software Implementation and Physician GuaranteesPYA, P.C.
PYA Managing Principal of Audit & Assurance Services Mike Shamblin presented “Accounting for Software Implementation and Physician Guarantees.” The presentation covers:
Unique accounting rules and industry best practices healthcare providers should know about accounting and financial reporting for software development.
Accounting treatment for physician guarantees.
There is currently a 30percent/ 70percent split between public and private cloud engagements; however, over the next two years, respondents see the use of data and information produced by cloud customers more than doubling, with a corresponding decrease in exclusive internal use.
1. Affordable & Secure IPPBX Solution
for Startups
ITNET303A Major Project 1 (Group)
Johann Kim – 369484648
Jorge Ramirez Alberto Arauco – 369484648
Joshua Alexander Hasoloan Panggabean – 369546139
Wirawan Harianto – 253771526
Mentor: Dr David Halfpenny BSc, PhD
2. 1Affordable & Secure IPPBX Solution for Small Businesses
Executive Summary
This report provides an analysis and comparison of implementing a self-hosted IPPBX solution
for small business startups with subscription-based IPPBX services. Methods of analysis include
competitor pricing research, hardware and software research, physical deployment of said
solution, and projected cost comparison over a 24-month period.
The report finds that implementing a self-hosted IPPBX for small business startups provides a
negligible return of investment within the 24 months of deployment. However, the result may
differ depending on the growth of number of users. The report also finds that cost saving can be
completely tangible when plotted against a 36-month time period. Lastly, the report also
discusses on possible future works based on the implemented solution.
5. 4Affordable & Secure IPPBX Solution for Small Businesses
1. Introduction
Internet telephony is a growing market and more businesses from multitude of sectors are
finding it beneficial to have this IP-based technology due to its cost effectiveness (as opposed to
traditional PSTN) and rich features (Athwal, Harmantzis, & Tanguturi, 2005).
As the National Broadband Network (NBN) is being phased in (starting on 2011), Telstra had
begun phasing out copper-based mass market services since November 2012 (Lee, 2013). This
push has made the transition from old analog phone system into VoIP-based telephone system
inevitable, and with it the transition from traditional PBX services to IPPBX.
1.1 Motivation
In this Internet era, businesses are not merely looking for mere switching telephonic solutions
(PBX) replacement anymore; they are looking for integrated, complete, and out-of-the box
solutions that allow them be as productive as possible (Puente, 2015). They want to keep
employees connected, reachable, and available at all times. If a call is not answered because the
receiver is away from office, it will be routed to this employee’s mobile’s phone. If this
employee does not answer his/her phone, this call can be forwarded to a voicemail. The
Voicemail System can send the voice message to an e-mail and when this person arrives at the
office, he will have the "message waiting" indicator LED on his phone notifying him that he has a
voice message.
A lot of telecommunication companies are now offering hosted IPPBX solutions to address these
business needs. These solutions have a low upfront cost and are typically charged as a monthly
fee per user. However, these solutions are dependent on internet connectivity and the cost (in
terms of fees) may not be agreeable in the long run (as fees may increase) (VOIP-Info.org LLC,
2015).
An alternative solution for these small businesses is to build their own small-scale IPPBX
infrastructure. Using an on-site server will incur a higher upfront cost, but the business will not
have pay for recurring monthly fee. By having a self-hosted IPPBX infrastructure based on open-
source software and affordable vendor-agnostic hardware, small businesses can further avoid
the increase of IPPBX service cost over time (Sharif, 2010). The cost of initial investment can be
recuperated relatively quickly (depending on the number of users) as the business only needs to
maintain minimal recurring operating costs compared to monthly subscription-based IPPBX
service based on the number of extensions together with additional costs for extra features.
This solution, of course, is not a magic bullet. It needs to be noted that many large businesses
with 100 or more users often choose a cloud phone system due to other advantages, such as
infrastructure scalability. Self-hosted IPPBX service tends to be the most attractive for
6. 5Affordable & Secure IPPBX Solution for Small Businesses
businesses with 5 to 15 employees (Digium, Inc., 2015), which is well within the range of small
business in Australia (Australian Government Department of Industry, Innovation, Science,
Research and Tertiary Education, 2012). Additionally, based on Software Advice’s VoIP Software
Small Business Survey, 59% of their sample consisted of businesses with less than 10 employees
and they’re not ready to invest in highly sophisticated IPPBX system tailor-made for the
enterprise (Harris, 2014).
1.2 Aim and task
This project attempts to explore the design, deployment, and hardening of an IPPBX solution for
small businesses, specifically startups with 5 users and less with the main goal of cost-
effectiveness over time and security. The team aims to recuperate the initial infrastructure
investment costs within 24 months based on the savings in relation to the total operating cost of
other subscription-based competitors.
The task of this project is to describe the design, deployment, and hardening of an IPPBX system
for small business, specifically startups. The design is based on real world scenario where
budget limitation is restrictive.
The end result of this project is an IPPBX infrastructure built using open-source software and
vendor-agnostic hardware. This IPPBX infrastructure will be hardened for security and require
minimal maintenance. This maintenance can be performed by either an in-house IT staff or third
party IT contractors with no specific vendor certifications.
1.3 Outline
Preliminary research on Elastix IPPBX solution will be conducted. This includes comparison
study, hardware/software requirements and costs associated.
The group will simulate complete deployment of IPPBX solution on a single site based on
scenarios that will be presented. This includes building and configuring necessary infrastructure.
For this purpose, the group will be using the same hardware/closest approximation to the
hardware suggested in the documentation. In some cases, virtualisation may be used where it is
deemed necessary (e.g. taking screenshots).
The group will also be doing penetration testing with available open-source tools and document
them as common attack methods. Security analysis will be performed and mitigation strategies
will be implemented and documented.
Lastly, overall estimated cost of infrastructure will be calculated based on the cost of hardware
and labour required. The result will be compared and evaluated.
7. 6Affordable & Secure IPPBX Solution for Small Businesses
1.4 Acknowledgement
The team wants to express their deepest gratitude to Prof. David Halfpenny for his guidance,
patience, and help for the team in determining the angle and approach, together with managing
the scope and focus of this Capstone Project.
2. Competitors Pricing Analysis
The team compares 4 subscription-based IPPBX system and solutions with similar offerings to
the team’s proposed IPPBX solution (self-hosted). The fees are then added up with hardware
costs (if applicable) and calculated for total of 24 months operating cost. In the case where the
IPPBX provider may not provide hardware needed, the same hardware used in the team’s self-
hosted solution will be used and its costs calculated accordingly.
The total operating cost of different subscription-based IPPBX providers in the span of 24
months are as follows:
MyNetFone: $2,678.75
Engin: $2,873.00
FaktorTel: $2,944.25
Maxo Telecommunications: $2,488.75
Based on the figures above, the team needs to create an IPPBX solution that can be
implemented in under $2,488.75 in order to achieve the aim of complete return of investment
within 24 months.
Note: For more details on pricing research, please refer to Appendix A: Competitors Research.
3. Implementation
3.1 Design Goals
Match common features than current commercial IPPBX services provide.
Secure IPPBX system from possible intrusions/attacks.
8. 7Affordable & Secure IPPBX Solution for Small Businesses
Provide cost-saving benefits in comparison to using commercial subscription-based
IPPBX services. The return of Investment of these savings must be able to cover the
initial implementation cost within a maximum of 2 years.
3.2 System Overview
The team will be implementing on a single site where and 5 extensions and 2 mobile extensions
are required. The IPPBX server will be hosted on a HP ProLiant MicroServer Gen8 G1610T with
4GB RAM and 128GB SSD. A Digium TDM410 Telephony Card is installed on the server to
provide FXO feature. For connectivity, the router used in this deployment is Netgear R7000
Nighthawk running on a custom firmware (xWRT-Vortex) to enable PPTP VPN feature. The
switch used to connect IP phones is a 16-port Linksys LGS116 (unmanaged). The IP phones used
in this deployment is used is a Linksys SPA962. As the switch used does not have a PoE feature,
extra power adapters are required (included in the cost estimate. Please refer to Appendix D:
Cost Estimate).
The implementation of this IPPBX solution incorporates a server software called Elastix. Elastix
was chosen because it provides a unified communication solution that fulfils the features
comparable to competitors’ offerings (please refer to Appendix A: Competitors Research). The
Elastix server will be configured to have the necessary features through its admin web-interface
(please refer to Appendix E: Configuration). It is also configured with Fail2ban feature to prevent
brute-force attacks.
Note: For hardware and software selection considerations, please refer to Appendix B: Hardware
and Software Research.
9. 8Affordable & Secure IPPBX Solution for Small Businesses
Normal extensions for internal communications will be deployed with SIP protocol and mobile
extensions will be deployed with IAX2 protocol. The router used will have its firewall feature
turned on and configured. DoS attack protection will also be turned on. QoS feature will be
configured on to prioritise SIP (UDP 5060) and IAX2 (UDP 4569)traffic to the IP addresses of the
phones. To protect connection to outside network (with mobile extensions), PPTP VPN was
chosen to create tunnels for these traffic due to speed and compatibility reasons.
3.2 Limitations
The single biggest limitation in implementing a self-hosted IPPBX solution is the budget
constraints. Small businesses have the tendency to be resistant in replacing existing
infrastructure (routers, switches, etc.), especially when the existing device is deemed to “still
works”. To implement mobile extensions, VPN end-to-end support in the router is needed. If the
customer’s current router does not support the feature and reluctant to change, the team will
not implement the feature due to security reasons.
The maximum number of VPN connections is 10. This is due to the limitation of the router’s
firmware. This number of connections is enough to fulfil the needs of the scenario, but may face
scalability problem in the future. An alternative for this is to acquire a small-business router that
supports more VPN connections. However, this may incur additional cost.
Due to budget-restriction, the team uses a 16-port unmanaged switch. This means that the
quality of voice calls is dependent on the router’s QoS feature. Although it may be adequate for
10 users or less (current scenario), it is questionable that call quality can be maintained for more
than 15 users. Provided with a bigger budget, the team would opt to use a managed switch and
separate data and voice traffic for optimal quality.
CentOS 5 makes the base of Elastix, and so hardware compatibility may be an issue on a lot of
modern hardware. This issue was solved by using virtualisation technology (please refer to
Appendix B: Hardware and Software Research).
3.3 Security Analysis
A penetration test was performed under virtualised condition to check on system vulnerabilities.
Internal scans were performed and common vulnerabilities list relating to the services found
were consulted.
The team concluded that the services run on IPPBX server are reasonably secure from known
vulnerabilities. This is mainly due to the fact that Elastix is based on a mature operating system
10. 9Affordable & Secure IPPBX Solution for Small Businesses
(CentOS 5) and is kept up-to-date. It needs to be noted that for security reasons, IAX2 protocol
MUST be used for communications outside the internal network (i.e mobile extensions).
The team also explored other possible attack vectors and implemented these policies:
IPPBX server and router must be physically secured.
Router Firewall feature must enabled.
DoS attack protection in the Router must be enabled.
Install and configure Fail2Ban to prevent brute-force-attacks.
Recommending the installation of antivirus on host machines connected to the network,
including mobile devices.
Recommending best practices and security policy to prevent malware infection (for both
PCs and mobile devices).
Implementing a regular security audit (e.g. username/password change) policy.
Note: For more details on the security evaluation, please refer to Appendix C: Penetration
Testing.
3.4 Cost-savings Analysis
Based on the team’s cost estimate and compared with the competitors research performed,
there is little cost saving in implementing a self-hosted IPPBX solution within a total of 24
months period.
$0.00
$500.00
$1,000.00
$1,500.00
$2,000.00
$2,500.00
$3,000.00
$3,500.00
Jun-15
Aug-15
Oct-15
Dec-15
Feb-16
Apr-16
Jun-16
Aug-16
Oct-16
Dec-16
Feb-17
Apr-17
MyNetFone
Engin
FaktorTel
Maxo Telecommunications
IPPBX Project
11. 10Affordable & Secure IPPBX Solution for Small Businesses
The cost saving benefit is more tangible when plotted against 36-month period. The self-hosted
IPPBX solution will be able to offer cost saving benefit up to $1101.55 in three years’ time.
However, one needs to keep in mind that these graphs are plotted based on zero user growth.
With addition of extensions, the self-hosted IPPBX will be able to compete more favourably in
total cost over time as the cost saving benefit is multiplied sooner.
4. Conclusion and Future Work
4.1 Conclusion
In conclusion, the team has mixed success in achieving the goal of the self-hosted IPPBX
solution. The margin of success is highly dependable on whether there’s a growth in the number
of users within the 24-month period. With zero growth, the project can be perceived as not
achieving its aim, as it only manages to be comparable with other subscription-based
competitors.
It needs to be noted that the cost-saving benefits is real. However, it may take longer than 24-
months for small businesses to see a return of investment. This may come sooner if the business
grows in the number of users within that period. Ultimately, there are inherent risks in running a
business and it is up to the business to decide if the initial investment required is worth the
savings in the long run.
$0.00
$500.00
$1,000.00
$1,500.00
$2,000.00
$2,500.00
$3,000.00
$3,500.00
$4,000.00
$4,500.00
Jun-15
Sep-15
Dec-15
Mar-16
Jun-16
Sep-16
Dec-16
Mar-17
Jun-17
Sep-17
Dec-17
Mar-18
Jun-18
MyNetFone
Engin
FaktorTel
Maxo Telecommunications
IPPBX Project
12. 11Affordable & Secure IPPBX Solution for Small Businesses
4.2 Future Work
Due to budget restrictions, a lot of hardware implemented in this project may not scale well into
the limits of the number of people classified as small business (19 people). Future works may
want to explore the implementation with more enterprise-grade hardware and its cost
feasibility.
Elastix 2.5.0 will eventually reach its End-of-Life and an upgrade to Elastix 4 will be required
when it reaches a stable release. The system maintainer can then choose to:
1. Run Elastix 4 virtualised under an updated ESXi.
2. Run Elastix 4 server natively.
Further work can be extended to expand on the security aspects of the infrastructure by
developing Security information and event management (SIEM) solution as an add-on for
Elastix. This SIEM system should be able to fetch logs from different devices on the network.
Developed in tandem with security policies, this development may increase response and
recovery time of possible incident(s).
13. 12Affordable & Secure IPPBX Solution for Small Businesses
Bibliography
AGL Sales Pty Limited. (2015, April 05). AGL Business Maximiser - New South Wales small
business electricity market offer - AGD20465MS. Retrieved June 2015, from Energy Price
Fact Sheet:
http://www.agl.com.au/~/media/AGLData/DistributorData/PDFs/PriceFactSheet_AGD2
0465MS.pdf
Almekinders, S. (2014, March 1). Netgear R7000 Nighthawk AC1900 review: the new boss?
Retrieved June 2015, from Hardware.Info:
http://us.hardware.info/reviews/5198/netgear-r7000-nighthawk-ac1900-review-the-
new-boss
Athwal, B., Harmantzis, F. C., & Tanguturi, V. P. (2005). Replacing Centric Voice Services with
Hosted VoIP Services: An Application of Real Options Approach. Hoboken: Stevens
Institute of Technology.
Australian Government Department of Industry, Innovation, Science, Research and Tertiary
Education. (2012). AUSTRALIAN SMALL BUSINESS - KEY STATISTICS AND ANALYSIS.
Brown, K. (2014, March 21). Netgear Nighthawk R7000 AC1900 Wireless Router Review.
Retrieved June 2015, from Legit Reviews: http://www.legitreviews.com/netgear-
nighthawk-r7000-ac1900-wireless-router-review_137796
CVE Details. (n.d.). Apache » Http Server » 2.2.3 : Security Vulnerabilities. Retrieved June 2015,
from CVE Details: http://www.cvedetails.com/vulnerability-list/vendor_id-
45/product_id-66/version_id-40007/Apache-Http-Server-2.2.3.html
CVE Details. (n.d.). Openbsd » Openssh » 4.3p2 : Security Vulnerabilities. Retrieved June 2015,
from CVE Details: http://www.cvedetails.com/vulnerability-list/vendor_id-
97/product_id-585/version_id-43630/Openbsd-Openssh-4.3p2.html
CVE DEtails. (n.d.). Vulnerability Details : CVE-2007-2583 (1 public exploit). Retrieved June 2015,
from CVE DEtails: http://www.cvedetails.com/cve/CVE-2007-2583/
DD-WRT Wiki. (n.d.). DD-WRT On R7000. Retrieved June 2015, from DD-WRT Wiki: http://dd-
wrt.com/wiki/index.php/DD-WRT_on_R7000
Dempster, B., & Garrison, K. (2006). TrixBox Made Easy. Birmingham: Packt Publishing.
Digium, Inc. (2015). Comparing Premises-based and Cloud Phone Systems. Retrieved June 2015,
from Digium: https://www.digium.com/solutions/ip-phone-systems/how-do-i-choose-
hosted-vs-site-voip
14. 13Affordable & Secure IPPBX Solution for Small Businesses
engin. (2015). Critical Information Summary - Hosted Phone PBX 8. Retrieved June 2015, from
CRITICAL INFORMATION SUMMARIES: http://www.engin.com.au/category/22-hosted-
phone-pbx?download=99
FaktorTel. (2015). Critical Information Summary: Managed PBX 4 Lines. Retrieved June 2015,
from Managed PBX Plans: https://faktortel.com.au/cis/CIS-PlanMPBX83.pdf
Galuschka, C. (2015, May 13). CentOS Product Specifications. Retrieved May 2013, from CentOS
Wiki: http://wiki.centos.org/About/Product
Harris, D. (2014, August 18). VoIP Software Small Busines BuyerView | 2014. Retrieved June
2015, from Software Advice: http://www.softwareadvice.com/voip/buyerview/report-
2014/
kernelwho. (2011, June 01). Extracting IAX payloads w/ Wireshark and Decoding G.729 Audio w/
Asterisk. Retrieved June 2015, from kernelwho:
https://kernelwho.wordpress.com/2011/06/01/8/
Kettle, N. (2013, December 04). MySQL 5.0.x - IF Query Handling Remote Denial of Service
Vulnerability. Retrieved June 2015, from Exploit Database: https://www.exploit-
db.com/exploits/30020/
Lee, S. (2013). A Trifecta of Change. CommsDay Summit, (p. 6).
Linksys. (n.d.). Linksys Unmanaged Switches Data Sheet. Retrieved Jun 2015, from LINKSYS
LGS116 16-PORT DESKTOP BUSINESS GIGABIT SWITCH:
http://downloads.linksys.com/downloads/datasheet/en/LGS116_LGS124_English.pdf
Maxo Telecommunications Pty Ltd. (2015). Critical Information Summary: Maxotel 6-Line Plan.
Retrieved from Critical Information Summaries - Maxo Telecommunications:
https://www.maxo.com.au/files/cis/CIS%206-Line.pdf
MyNetFone Limited. (n.d.). About Us: Company Profile. Retrieved June 2015, from MyNetFone:
https://www.mynetfone.com.au/About
MyNetFone Limited. (n.d.). Critical Information Summary: VPBX 2 Service. Retrieved June 2015,
from Virtual PBX hosted business phone system:
https://www.mynetfone.com.au/media/Ts-Cs/Offer-Summaries-CIS/Business-CIS-May-
2015/CIS_MNF_VPBX2-20150430.pdf
NightRang3r. (n.d.). Pentesting VOIP. Retrieved June 2015, from The BackTrack Wiki:
http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
PaloSanto Solutions. (n.d.). Elastix Overview. Retrieved June 2015, from Elastix:
http://www.elastix.org/index.php/en/product-information/elastix-info.html
PSU Technology Group. (2014). Mitel Licensing. Retrieved June 2015, from PSU Technology
Group: http://www.psu.co.uk/Mitel/Mitel-Licensing/
15. 14Affordable & Secure IPPBX Solution for Small Businesses
Puente, G. B. (2015). Elastix Unified Communications Server Cookbook. Birmingham: Packt
Publishing.
Sharif, B. (2010). Elastix without Tears.
staticICE. (2015). staticICE AU. Retrieved June 2015, from staticICE:
http://staticice.com.au/index.html
VMware, Inc. (2015). VMware Lifecycle Product Matrix. Palo Alto, CA, USA.
VOIP-Info.org LLC. (2015, May 19). Hosted PBX Vs On Premise PBX. Retrieved June 2015, from
VOIP-Info.org: http://www.voip-info.org/wiki/view/Hosted+PBX+Vs+On+Premise+PBX
16. 15Affordable & Secure IPPBX Solution for Small Businesses
Appendix A: Competitors Research
MyNetFone
https://www.mynetfone.com.au/
MyNetFone’s wholly owned subsidiary, Symbio Networks, owns and operates Australia’s largest
VoIP network (MyNetFone Limited). Their VPBX 2 Service provides cloud based PBX features and
telephony services over the Internet. It allows 2 concurrent calls inbound or outbound to the
public phone network via numbers hosted on the Virtual PBX platform.
Offer Includes:
concurrent calls
250 included Local / National Calls
Access to Casual Conference plans
Access to Casual SMS services
Virtual PBX Web Portal Access
5 included DIDs (comprised of 5 single DIDs from your nominated area)
Outbound portal based Call Reporting
Automatic IPND updates (public emergency service database)
CLID Over-stamping (Number presented on outbound calls)
Offer Excludes:
CDR Call Reporting (chargeable option)
Inbound Call Reporting (chargeable option)
Priority Assistance Service
Based on the scenario, the plan suitable with MyNetFone is the 2 Line plan. The plan provides:
2 Business Voice lines
Unlimited users
5 phone numbers
250 local / national calls
Cost Breakdown:
Setup Fee = $99 (based on 24-month contract)
Monthly Fee of $60
Total Minimum Price for 24 months (including setup fee based on same contract length)
is $ 1,539 (MyNetFone Limited).
Cisco SPA504G Handset x 5 = $999.75
17. 16Affordable & Secure IPPBX Solution for Small Businesses
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2678.75
Engin
http://www.engin.com.au/
Engine has been offering VoIP technology since 2004 in Australia. Based on the scenario, the
plan suitable with engin is the Hosted Phone PBX 8. This plan provides:
8 included users
10 Number Block = $3.50 (Min. 1 block)
Local Calls = 10c per call
National Calls = 10c per call
Mobile Calls = 17c per minute
engin to engin = UNLIMITED
Month to Month Plans
Cost Breakdown:
Monthly Fee of $79.50
Total Minimum Price for 24 months is $1908 (engin, 2015)
Hardware is purchased separately and is not included as part of the monthly service fee. Hence,
the team includes the same setup as the self-hosted solution.
Linksys LGS116 Switch x 1 = $140
Linksys SPA962 Handset x 5 = $825
Total cost for 24 months subscription: $2873.00
FaktorTel
https://faktortel.com.au/
Located in Queensland, FaktorTel stores and run over 95% of their equipment and servers in
Australia and connect directly to Telstra and Optus lines in each capital city. Based on the
scenario, the plan suitable with engin is the Managed PBX 4 Lines. This plan provides:
18. 17Affordable & Secure IPPBX Solution for Small Businesses
Up to 4 concurrent calls
10 included DIDs
Free calls between FaktorTel users
8 Extensions, 1 IVR, 3 Queues
Virtual PBX web portal access
CLID Over-stamping (Number presented on outbound calls)
Local Calls 9c untimed
Mobile calls 79c/minute
Cost Breakdown (FaktorTel, 2015):
Setup Fee = $139.95
Monthly Fee = $83.95
Yealink T22-P 3 Line IP Phone x 5 = $649.50
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2944.25
Maxo Telecommunications
https://www.maxo.com.au/
Based on the scenario, the plan suitable with engin is the 6-LINE. This plan provides:
6 included DIDs
6 Extensions
6 Lines
10c Local/National Call Rate
13c/min Australian Mobile Rate
Main Number Callback
PBX Live Dashboard
Missed Call Notify SMS/App
Cost breakdown (Maxo Telecommunications Pty Ltd, 2015):
Monthly Fee = $54.95
Yealink T42G SIP Phone x 5 = $1029.95
Additionally, a switch may be required for the all the handsets to be connected. For this
purpose, the team includes the same switch used in the self-hosted IPPBX solution.
19. 18Affordable & Secure IPPBX Solution for Small Businesses
Linksys LGS116 Switch x 1 = $140
Total cost for 24 months subscription: $2,488.75
Elastix Features
Elastix is an open-source Software to establish Unified Communications. Its goal is to
incorporate all the communication alternatives, available at an enterprise level, into a unique
solution (PaloSanto Solutions).
Elastix has multiple features and functionalities related with the following services:
IP Telephony
Mail Server
Fax Server
Conferences
Instant Messaging Server
PBX features:
Call recording
Conference center with virtual rooms
Voicemail
SIP and IAX support, among others
Voicemail-to-Email functionality
Supported codecs: ADPCM, G.711 (A-Law & μ-Law), G.722, G.723.1 (pass through),
G.726, G.728, G.729, GSM, iLBC (optional) among others.
Flexible and configurable IVR
Support for analog interfaces as FXS/FXO (PSTN/POTS)
Voice synthesis support
Support for digital interfaces (E1/T1/J1) through PRI/BRI/R2 protocols
IP terminal batch configuration tool
Caller ID
Integrated echo canceller by software
Multiple trunk support
End Point Configurator
Incoming and outgoing routes with support for dial pattern matching
Support for video-phones
Support for follow-me
Hardware detection interface
Support for ring groups
20. 19Affordable & Secure IPPBX Solution for Small Businesses
DHCP server for dynamic IP
Support for paging and intercom
Web-based operator panel
Support for time conditions
Call parking
Support for PIN sets
Call detail record (CDR) report
Direct Inward System Access (DISA)
Billing and consumption report
Callback support
Channel usage reports
Support for bluetooth interfaces through cell phones (chan_mobile)
Support for call queues
Elastix Operator Panel (EOP)
Distributed Dial Plan with dundi
Voip Provider configuration
Elastix Operator Panel (EOP)
Distributed Dial Plan with dundi
Voip Provider configuration
Asterisk Real Time
Fax features:
Fax server based on HylaFax
Fax to email customisation
Fax visor with downloaded PDFs
Access control for fax clients
Fax to email application
Can be integrated with Winprint Hylafax
SendFax Module
Fax send through Web Interface
SendFax Module - Fax send through Web Interface
General Features:
Online embedded help
Centralized updates management
System resources monitor
Backup/restore support via Web
Network configurator
Support for skin
Server shutdown from the web
Configurable server date, time and timezone
Access control to the interface based on ACLs
21. 20Affordable & Secure IPPBX Solution for Small Businesses
Update to freePBX 2.8.1-16
Update to CentOS a 5.9.
Update to dahdi a 2.6.1-4
Update to asterisk 1.8.20
Update to wanpipe-util 3.5.10-0
Backups on a FTP server
Heartbeat Module
Elastix Modules at RPMs
DHCP Client List Module
Automatic Backup Restore
Backup Restore Validation
DHCP by MAC
Elastixwave
Elastix News Applet
Hardware detector enhancement
Telephony Hardware Info
Communication activity applet
Process Status Applet
Collaboration features:
PBX-integrated calendar with support for voice notifications
Phone Book with click-to-dial capabilities
Two CRM products integrated to the interface (vTigerCRM and SugarCRM)
Web Conference
New Features in Calender Module
Extras:
Billing support with A2Billing
Integrated CRM: vTigerCRM and SugarCRM
Addons Module
Instant Messaging Features:
Openfire instant messaging server
Report of user sessions
IM client initiated calls
Jabber support
Web based management for IM server
Plugins support
IM groups support
LDAP support
Support for other IM gateways like MSN, Yahoo Messenger, GTalk and ICQ
Server-to-server support
22. 21Affordable & Secure IPPBX Solution for Small Businesses
Email Features:
Mail server with multi-domain support
Support for quotas
Web based management
Antispam support
Support for mail relay
Based in Postfix for high email volume
Web based email client
Email List management
Remote SMTP Module
From the list of features offered, the team concluded that Elastix as a unified communications
can offer the same if not more features than its commercial competitors. Its main advantage is
that the features it offers are not tied to specific contracts.
Appendix B: Hardware and Software Research
To implement the IPPBX solution proposed, the team recommends hardware as specified below:
IPPBX Server: HP ProLiant Microserver G1610T with 2GB ECC RAM and 128GB SSD.
Router: Netgear R7000 Nighthawk.
Internet Telephony Gateway: Digium TDM410.
Switch: Linksys LGS116.
IP Phone: Linksys SPA962.
Cat6 nework cables.
The hardware recommended in the above list should be viewed as guidelines and not as
absolutes. The main concerns with hardware selection are availability and compatibility.
In the hardware selection, the team encountered some limitations in finding the right
consumer-level router. In order to implement mobile extensions for the IPPBX solution, a router
with VPN end-to-end support is required. The large majority of consumer routers available only
support VPN passthrough, which is not adequate for this purpose. The team finally selected
Netgear R7000 as the main VPN router. Some considerations in choosing this router:
The router is widely available and can be purchased for under $200 in Australia.
The router can be flashed with custom firmware that enables more advanced features
(VPN end-to-end).
It is a consistent top performer in reviews with one of the lowest power consumption
(Brown, 2014) (Almekinders, 2014).
23. 22Affordable & Secure IPPBX Solution for Small Businesses
The team also decided to use xWRT-Vortex firmware on the R7000 router. Although other
custom firmwares are available, the team found that they have common major problems:
There are a few proprietary components that are closed source which many of these custom
firmwares won’t include. This may have impact on the performance on the router. For example,
DD-WRT is known to suffer speed penalty (DD-WRT Wiki) in R7000 router. xWRT-Vortex is based
on Asuswrt-Merlin, a custom firmware originally written for Asus brand routers. However, it has
then been ported to run on R7000. One of the main advantages of using this firmware
The implementation of this IPPBX solution incorporates a server software called Elastix. Elastix
was chosen due to its all-in-one approach in providing unified communications solution. Its
functionality is based on open source projects, such as Asterisk, FreePBX, HylaFAX, Openfire and
Postfix.
Despite the fact that the server hardware used in this project is compatible with Elastix 2.5.0,
this may not be true with other hardware. The underlying Linux Operating System distribution of
Elastix 2.5.0 is CentOS 5, which was released on 12th
April 2007 and had stopped receiving full
updates since the first quarter of 2014. This means that no more new features will be added to
the operating system and with it the support for newer hardware.
Although CentOS 5 will still be receiving maintenance updates (i.e. bug fixes, security updates), it
may face major difficulties in running on newer hardware. An updated version, Elastix 4.0.0
based on CentOS 7 (currently under development) will solve this problem. However, as of time
of writing it is only at Beta 1 stage and hence is not yet ready for deployment in production
machine. This poses a dilemma, as using older hardware may compromise on system reliability
and using newer hardware for Elastix server is preferable due to cost saving from their superior
power-efficiency.
A workaround for this problem is to implement a virtualisation solution in this major version
transition stage. A bare-metal hypervisor can be used to run a virtualised instance of Elastix
2.5.0 at slight performance penalty. Another advantage of running
The team recommends using VMware ESXi 5.5 Update2 for this workaround due to following
considerations:
VMware ESXi is commonly used in the industry.
It incurs no additional fee (free license).
ESXi 5.5 Update 2 is a mature product (ESXi 5.0 was released on 2011).
CentOS 5 will be supported with maintenance updates up to 31st
March 2017 (Galuschka, 2015)
and VMware ESXi 5.5 Update 2 will reach its end of general support on 19th
September 2018
(VMware, Inc., 2015). It can be safely assumed that Elastix 4.0.0 stable release will be available
before ESXi reach its EOS.
Another advantage of this workaround is the ability to run other operating system in tandem
within the same device, providing other services for the small business (the hardware still have
24. 23Affordable & Secure IPPBX Solution for Small Businesses
to meet its system requirements). One example is to run Elastix for IPPBX in one Virtual
environment, while running a NAS solution (e.g. FreeNAS, NAS4Free, etc.) on another to cater
for the business’ file archival needs.
Digium TDM410 was selected as telephony card. Although external internet telephony gateways
are available at a cheaper price, the team concludes that the labour time saved from not having
to configure external internet gateway is cost-efficient (Digium internet telephony card are
guaranteed to work with Elastix).
The switch used is a 16-port Linksys desktop business gigabit switch. This switch is selected
mainly due to cost consideration and power efficiency, as it meets EEE (Energy Efficient
Ethernet) 802.3az standard (Linksys).
Appendix C: Penetration Testing
Nmap Scanning
25. 24Affordable & Secure IPPBX Solution for Small Businesses
Metasploit services
The team found the following services :
Two mail services (POP3)
Cyrus pop3d 2.3.7 Invoca-RPM-2.3.7-12.el5_7.2 (port 110) cev-2006-2502
Cyrus pop3d (port 995)
One mail service on smtpd
Postfix smtpd (port 25)
1 Http Webserver
Apache httpd 2.2.3 CentOS (port 80)
1 SSH Service
OpenSSH 4.3 Protocol 2.0 (port 22)
1 Imap Service
Cyrus imapd 2.3.7 (port 110)
1 mysql service
MySQL 5.0.95 (port 3305)
2 Services (one http and one imap) running ssl (secure socket layer)
Apache httpd 2.2.3 (same as the normal http server)
Cyrus imapd (same as the normal imapd service)
The team then checks the vulnerabilities of these services:
Cyrus Imap
26. 25Affordable & Secure IPPBX Solution for Small Businesses
This exploit will not work on the machine since it isonly exploitable on version 2.3.4 and the
Elastix server uses version 2.3.7. The team also consulted http://www.1337day.com for other
exploits.
The team found that they have the same exploit as the exploits-db currently used. It is
concluded that
postfix smtpd
The first and only exploit seen on postfix smtpd is associated with a buffer overflow that works
on a 2005-1099 CVE exploit created by Salim Gasmy. However, the service ran in this machine is
made by different people. Therefore, the team concluded that the service has no known
exploits.
27. 26Affordable & Secure IPPBX Solution for Small Businesses
Apache httpd 2.2.3 CentOS
The team found from CVE details that this version of Apache has 45 Vulnerabilities (CVE Details).
However, the highest and most damaging vulnerability in this (CVE-2010-0425) occurs only
when the webserver is running on a Windows machine. Another vulnerability (CVE-2007-6423)
also applies only to Windows machines. The rest of vulnerabilities are in the form of XSS
Scripting and DoS, the first one is handled by the Web App and the second can be mitigated by
using a firewall that can capture DOS attacks and is only relevant if the organisation’s
infrastructure is specifically targeted.
Denial of Service (DoS) Vulnerabilities:
CVE-2014-0231
CVE-2014-0098
CVE-2013-6438
CVE-2013-1896
CVE-2012-0031
CVE-2011-4415
CVE-2011-3348
CVE-2011-3192
CVE-2011-0419
CVE-2010-1452
CVE-2010-0408
CVE-2009-2699
CVE-2009-1891
CVE-2009-1890
CVE-2007-6750
CVE-2007-6422
Cross-site scripting (XSS) Vulnerabilities:
CVE-2012-4558
CVE-2012-3499
CVE-2012-2687
CVE-2008-2939
CVE-2008-2168
CVE-2008-0455
CVE-2007-6421
CVE-2007-6388
CVE-2007-6203
CVE-2007-5000
CVE-2007-4465
28. 27Affordable & Secure IPPBX Solution for Small Businesses
CVE-2006-5752
OpenSSH 4.3 Protocol 2.0
The scan is based on CVE Details list of vulnerabilities on OpenSSH 4.3 (CVE Details). Firstly, the
team uses the auxliary scanner from msf. However, no users were found through this method.
The team can confirm this, because a user called User1 was created and there is also the user
root, but it doesn’t authenticate any of them. Moreover, when the team searches for a list of
exploits in the exploit-db and 1337day, the team found that they only affect older versions.
MySQL 5.0.95
The team found that there is only one vulnerability (CVE DEtails) and one exploit (Kettle, 2013)
available for said vulnerability applicable for this version of MySQL. However, this vulnerability
can only be exploited if the attacker can get ahold of a username and its password in order to
log in to the webserver.
After analysing the team concludes that all our services are secure as far as to known
vulnerabilities
VoIP Pentesting
The VoIP system that runs in our Elastix Box runs on two different kinds of protocols, SIP and
IAX2. However, it can also use SILK to communicate with Skype users. The main problem faced is
that the SIP protocol is not very secure (NightRang3r). It will only be used in the internal
network, while IAX2 will be implemented for voice traffic that requires communicating to the
outside network (i.e. mobile extensions).
29. 28Affordable & Secure IPPBX Solution for Small Businesses
IAX2 is a strongly encrypted protocol that can provide more security features than SIP. As an
example, if a Man-in-the-Middle attack occurs, attacker can fully capture conversation using SIP
protocol. However, attacker cannot fully capture IA2 packets, as the initialization packet can
only be obtained using tcp_dump command inside the server machine. . The Pentesting Voip
article by NightRang3r (NightRang3r) demonstrated that files can be captured from either parts
of the communication in SIP protocol to be cracked. However, this could not happen if the
communication is performed from 2 users outside the network (i.e. mobile clients), as their
communications is hidden by VPN tunneling. Attacker would need to see the output on the
user’s mobile phone in order to reproduce it.
To examine IAX2 protocol, the team performed this test:
A user2000 (192.168.1.4) performs a call to user 3000 (192.168.1.5):
30. 29Affordable & Secure IPPBX Solution for Small Businesses
By observing Wireshark packet capture, the team found that there is a packet which starts at
192.168.1.6 (Elastix Server) creates a packets to open the connections. This packet however is
not present for either of the users as can seen in the screenshot.
Based on the article written by kernelwho regarding extracting IAX payloads (kernelwho, 2011),
without the first file that arranges the file transfers inside the network, the team cannot
continue to decode the IAX2 packets, as this is the packet that sets the encryptions rules.
Another way to get around this is to use a brute-force attack. However, this attack can be
mitigated relatively easily with proper implementation of Fail2ban.
The team concluded that the inside and outside communications are reasonably secure as long
as the system is kept up-to-date, firewall is implemented and Fail2ban configured. Moreover,
some security policies and guidelines must be implemented to mitigate other possible threats
within the network itself.
Appendix D: Cost Estimate
Initial Costs
The team calculates the estimate based on the equipment needed to deploy IPPBX for 5
extensions and 2 mobile extensions. Hardware cost estimate is based on market price as of June
2015 (staticICE, 2015).
Item Cost ($)
HP MicroServer HP ProLiant MicroServer Gen8 G1610T
ECC RAM Upgrade to 4GB
465
70
Digium TDM410 Telephony Card 165
128GB SSD (SanDisk) 70
Router (Netgear R7000 Nighthawk) 192
Switch (Linksys LGS116) 140
Cabling 220
IP Phones (Linksys SPA962) x 5 (with chargers) 825
Labour (3hr setup with 1 hr training) 500
Total Cost: $2647
31. 30Affordable & Secure IPPBX Solution for Small Businesses
Electricity Cost
Running a separate server as an IPPBX server will not only incur initial infrastructure setup cost,
but also additional ongoing electricity cost. The team then measured the electricity using Power
Mate electric meter by CCI Pty Ltd. This power meter is widely available to borrow from local
libraries as save-power kit.It needs to be noted that electricity consumption of other devices
were not measured, as the purpose of this measurement is to calculate only the extra electricity
usage from hosting IPPBX server on premise.
The team calculates the cost of electricity consumption based on the rate provided in AGL
Business Maximiser - New South Wales small business electricity market offer (2 year energy
plan period using single rate meter) released on 05 April 2015 (AGL Sales Pty Limited, 2015) at
25.685000 cents per kWh.
To simulate electricity usage under load, stress test were performed with stress using the
following switches:
stress -c 2 -m 2 -d 1
The team recorded an average of 35W/h when the server is idle and 52W/h when under stress.
Assuming that the server is under continuous stress for 9 hours and idling for the rest of the day,
the team uses this calculation to estimate electricity cost of running the self-hosted IPPBX
server:
(((0.2569 * 0.052) * 9) + ((0.2569 * 0.035)* 15))*365 = 93.1121205
The team concluded that the ongoing electricity cost to main the deployed Elastix server is
estimated at $93.10 per year.
Based on the calculations above, the team concluded that the total cost of operating a self-
hosted IPPBX system over 24 months is estimated at $2833.20.
32. 31Affordable & Secure IPPBX Solution for Small Businesses
Appendix E: Configuration
Elastix Configuration
37. 36Affordable & Secure IPPBX Solution for Small Businesses
Fail2ban
yum -y install jwhois
cd /usr/src/
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-
0.8.4/fail2ban-0.8.4.tar.bz2/download
tar -jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
cd /etc/fail2ban/filter.d
touch asterisk.conf
vi /etc/fail2ban/filter.d/asterisk.conf
#
#
# $Revision: 251 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
38. 37Affordable & Secure IPPBX Solution for Small Businesses
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>S+)
# Values: TEXT
#
# Asterisk 1.8 uses Host:Port format which is reflected here
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching
peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching
peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Username/auth
name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does
not match ACL
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Peer is not
supposed to register
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - ACL error
(permit/deny)
NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Device does
not match ACL
NOTICE.* .*: Registration from '".*".*' failed for '<HOST>:.*' - No
matching peer found
NOTICE.* .*: Registration from '".*".*' failed for '<HOST>:.*' - Wrong
password
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
NOTICE.* .*: <HOST> failed to authenticate as '.*'
NOTICE.* .*: <HOST> tried to authenticate with nonexistent user '.*'
39. 38Affordable & Secure IPPBX Solution for Small Businesses
VERBOSE.*SIP/<HOST>-.*Received incoming SIP connection from unknown peer
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Modify the [default] ignoreip section and Add the [asterisk-iptables] section to your
/etc/fail2ban/jail.conf file :
#/etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/16
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=you@company.com,
sender=fail2ban@company.com]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 86400
-------
backup the logger.conf file to logger.conf.bak and create a new one
mv /etc/asterisk/logger.conf /etc/asterisk/logger.conf.bak
touch /etc/asterisk/logger.conf
Copy these contents into the new file vi /etc/asterisk/logger.conf
;
; Logging Configuration
;
; In this file, you configure logging to files or to
; the syslog system.
;
; For each file, specify what to log.
;
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See 'asterisk -h' for more information.
;
; Directory for log files is configures in asterisk.conf
; option astlogdir
;
[general]
dateformat=%F %T
40. 39Affordable & Secure IPPBX Solution for Small Businesses
[logfiles]
;
; Format is "filename" and then "levels" of debugging to be included:
; debug
; notice
; warning
; error
; verbose
;
; Special filename "console" represents the system console
;
;debug => debug
; The DTMF log is very handy if you have issues with IVR's
;dtmf => dtmf
;console => notice,warning,error
;console => notice,warning,error,debug
;messages => notice,warning,error
full => notice,warning,error,debug,verbose
;syslog keyword : This special keyword logs to syslog facility
;
;syslog.local0 => notice,warning,error
;
fail2ban => notice
----------------
Reload logger module in Asterisk
asterisk -rx "module reload logger"
Add Fail2ban to the list of startup services
chkconfig fail2ban on
Start fail2ban
/etc/init.d/fail2ban start
Verify
iptables -L -v
You should see "fail2ban-ASTERISK" in your iptables output.