Nz Voip (SIP)

Forums › VoIP › Nz Voip (SIP)

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9

6473 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#648538 30-Jun-2012 00:51

techmeister: 2talk do auto provisioning now too and it works very well.

Really? Was this announced somewhere?

farcus

1544 posts

Uber Geek

#648548 30-Jun-2012 01:50

nate:
techmeister: 2talk do auto provisioning now too and it works very well.

Really? Was this announced somewhere?

They have actually been doing it for a while now.

You can see the devices they auto provision from the support pages under equipment installation guide.
You need to log into your account to enable auto-provisioning and specify your device.

http://www.2talk.co.nz/support/

Lurch

1061 posts

Uber Geek

#648724 30-Jun-2012 18:02

Linksys SPA2102 Setup Guide
Linksys PAP2T Setup Guide
Cisco SPA122 Setup Guide

Just need to logon and select the device and 2talk does the rest.

johny99

495 posts

Ultimate Geek
Inactive user

#649390 2-Jul-2012 10:14

Thank you everyone, have chosen Compass on this occasion they do not use 2talk and if something goes wrong it is their issue as the whole lot is done in house, they also say that it is "privately address" to greatly limiting the risk of been hacked do not know what this means but do not like the sound of been hacked to top it off they will rent me some nice looking Snom 821's, will advise of my experience. Thanks you again.

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#650129 3-Jul-2012 17:03

johny99: they also say that it is "privately address" to greatly limiting the risk of been hacked do not know what this means but do not like the sound of been hacked

Being hacked, framed in terms of a VoIP system, generally means someone malicious connects to your PABX, authenticates as a legit station, and starts making international "0900" calls. Very expensive!

It can be prevented without private addressing by having appropriate firewall rules, but private address would go some way, yes. Unless of course you open up a public address anyway, so you can use VoIP phones remotely from the office...

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#650192 3-Jul-2012 18:39

ubergeeknz:
johny99: they also say that it is "privately address" to greatly limiting the risk of been hacked do not know what this means but do not like the sound of been hacked

Being hacked, framed in terms of a VoIP system, generally means someone malicious connects to your PABX, authenticates as a legit station, and starts making international "0900" calls. Very expensive!

I'd consider "being hacked" to be a lot more than that. Bots launching SIP URI attacks on a system can cause havoc, even if they're not physically able to route calls via the PBX.

I encountered a PBX today configured by a big player in the SME PBX sector that's wide open to the world, and their technical staff lacking any knowledge of the security risks, or issue involved. I'm not going to say any more here, but safe to say significant issues are arising as a result of this.

In this day in age if you have any SIP device explosed to the internet and port 5060 is wide open and not locked down to specific IP ranges (ie your VoIP provider) I see it as being no different to leaving your house door unlocked.

DonGould

3892 posts

Uber Geek

#650209 3-Jul-2012 19:40

sbiddle: In this day in age if you have any SIP device explosed to the internet and port 5060 is wide open and not locked down to specific IP ranges (ie your VoIP provider) I see it as being no different to leaving your house door unlocked.

So what you're saying is that users should block any traffic on port 5060 to any location other than their ITSP's servers even if they're just running a device behind a NAT firewall?

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#650213 3-Jul-2012 19:44

DonGould:
sbiddle: In this day in age if you have any SIP device explosed to the internet and port 5060 is wide open and not locked down to specific IP ranges (ie your VoIP provider) I see it as being no different to leaving your house door unlocked.

So what you're saying is that users should block any traffic on port 5060 to any location other than their ITSP's servers even if they're just running a device behind a NAT firewall?

No, because NAT offers a form of protection by creating pinholes.

I specifically mentioned hardware that was exposed directly to the internet.

DonGould

3892 posts

Uber Geek

#650351 4-Jul-2012 00:36

sbiddle: I encountered a PBX today configured by a big player in the SME PBX sector that's wide open to the world, and their technical staff lacking any knowledge of the security risks, or issue involved. I'm not going to say any more here, but safe to say significant issues are arising as a result of this.

This says a great deal to me about the protocol and the whole space. Technology should be easy to deploy and manage.

It seems to me that so far this technology is like computers where in the days of main frames and mini's. It's not mature and only really expected to work in the corporate space.

I've been thinking more about the BYOD debate we had earlier. Mobile phones are BYOD and work very well.

Computers are very much BYOD these days and have been for 3 decades. Even networked computers have been very BYOD for 2 decades since Windows for Work Groups 3.11 made peer to peer networking easy and Windows 95 made it even easier.

BYOD is important to me because it seems the only way to get the message to coms companies that they have to keep delivering more value is to leave them.

It's also really important to me to have systems that follow good robust internationally accepted standards.

Geoff Huston spoke on ABC about this a few years ago. He made two comments, one about compatibility and the other about security, and both very much apply in this space in my view.

This technology should not have to rely on uber trained experts to get it running and keep it running in my view, that's the throw back to decades old computing that the likes of Richard Stallman, Bill Gates and others fought to deliver us from.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

cisconz

cisconz
1339 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#650380 4-Jul-2012 06:02

DonGould:

This says a great deal to me about the protocol and the whole space. Technology should be easy to deploy and manage.

That is like saying anyone can rewire the phone socket in your house, while true, as seen in a lot of other threads, if not done correctly you can loose alot of speed on your connection.

Another example is re wiring a power socket, again easy, but get it wrong and you can kill someone or burn down your house.

A proper deployment model is the difference between having a house on your property and a caravan, both can be lived in, both serve their purpose, but you need to do alot more to make a caravan permanent than just drive it up and plug it in.
Think of the deployment model as being the project manager for a new house build, they have done all the research for you, promise it will be easy and meet building codes.

End of the day, you get a far better experience with a deployed solution than by someone who doesn't understand how it works putting in a device, that doesn't nessesarily meet all codes and protocols, but "still gives you dial tone"

Hmmmm

Handle9

11262 posts

Uber Geek

Trusted

Lifetime subscriber

#650390 4-Jul-2012 07:08

DonGould:
sbiddle: I encountered a PBX today configured by a big player in the SME PBX sector that's wide open to the world, and their technical staff lacking any knowledge of the security risks, or issue involved. I'm not going to say any more here, but safe to say significant issues are arising as a result of this.

This says a great deal to me about the protocol and the whole space. Technology should be easy to deploy and manage.

It seems to me that so far this technology is like computers where in the days of main frames and mini's. It's not mature and only really expected to work in the corporate space.

I've been thinking more about the BYOD debate we had earlier. Mobile phones are BYOD and work very well.

Computers are very much BYOD these days and have been for 3 decades. Even networked computers have been very BYOD for 2 decades since Windows for Work Groups 3.11 made peer to peer networking easy and Windows 95 made it even easier.

BYOD is important to me because it seems the only way to get the message to coms companies that they have to keep delivering more value is to leave them.

It's also really important to me to have systems that follow good robust internationally accepted standards.

Geoff Huston spoke on ABC about this a few years ago. He made two comments, one about compatibility and the other about security, and both very much apply in this space in my view.

This technology should not have to rely on uber trained experts to get it running and keep it running in my view, that's the throw back to decades old computing that the likes of Richard Stallman, Bill Gates and others fought to deliver us from.

I don't really think your argument makes a great deal of sense. If you are deploying a pc network you still need to configure it properly and deploy security, do maintainence etc. BYOD has very little to do with it, it's about deploying solutions in a robust manner. If you employed a numpty to do your IT deployment and he didn't install anti virus or deploy firewalls you would blame the guy doing the deployment not the tech.

If the people deploying the tech aren't competent then it is their issue not the tech.

Edited for typos

freitasm

BDFL - Memuneh
79140 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#650407 4-Jul-2012 07:45

If you think that simply bringing your own device and plugging to the network is all it takes, you are wrong.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#650414 4-Jul-2012 08:02

DonGould:
sbiddle: I encountered a PBX today configured by a big player in the SME PBX sector that's wide open to the world, and their technical staff lacking any knowledge of the security risks, or issue involved. I'm not going to say any more here, but safe to say significant issues are arising as a result of this.

This says a great deal to me about the protocol and the whole space. Technology should be easy to deploy and manage.

It seems to me that so far this technology is like computers where in the days of main frames and mini's. It's not mature and only really expected to work in the corporate space.

I've been thinking more about the BYOD debate we had earlier. Mobile phones are BYOD and work very well.

Computers are very much BYOD these days and have been for 3 decades. Even networked computers have been very BYOD for 2 decades since Windows for Work Groups 3.11 made peer to peer networking easy and Windows 95 made it even easier.

BYOD is important to me because it seems the only way to get the message to coms companies that they have to keep delivering more value is to leave them.

While this issue has nothing to do with a BYOD scenario, you could argue there are issues in common - security.

Anytime a device is hooked up to the internet you're exposing yourself to the entire internet. A 5yr old kid in Russia could find your IP address, as could a bot running from an EC2 instance in the US. In this day in age nobody in their right mind would leave a PC directly connected to the internet without some form of security, whether it be a software or hardware firewall or security appliance. Hooking up a PC at home to a NAT router at least offers some form of additional protection, even without a SPI forewall.

If you're going to expose port 5060 to the internet you need to be fully aware of the risks of doing so, and for this reason alone I would never recommend anybody configure a port forward to a VoIP device unless they fully understand the risks. I would go as far as saying 99% of people don't understand these risks, because they've never had to drive the ambulance to the car crash at the bottom of the hill.

As for PC's being a BYOD device I couldn't disagree more. No IT manager in their world who has a brain and wants a secure corporate or business IT network would let anybody bring their own PC to work unless that device belongs to the domanin and appropiate security policies are in place. The risks of letting users stroll up with their home laptop infested with spyware and viruses are simply far too great.

As for mobile phones being a BYOD device - apart from being able to change your API phones are a very locked down device that don't pose anywhere near the same risks. A person isn't going to be charged 60 minutes for a 1 min call because they didn't configure their mobile phone correctly, however this is a very real reality in the VoIP world with a BYOD scenario if configuration options such as SIP timers aren't configured correctly.

BYOD in the mobile world also isn't a perfect solution. If you buy an XT Galaxy S III for example and use it on Vodafone you'll suffer degraded battery life because fast dormancy is disabled in the XT handset, but supported on the Vodafone network. Likewise buy a VF SGS III and use it on XT and you'll suffer from degraded battery life because XT doesn't support fast dormancy and the handset has this enabled.

antoniosk

2358 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#650434 4-Jul-2012 08:50

As for PC's being a BYOD device I couldn't disagree more. No IT manager in their world who has a brain and wants a secure corporate or business IT network would let anybody bring their own PC to work unless that device belongs to the domanin and appropiate security policies are in place. The risks of letting users stroll up with their home laptop infested with spyware and viruses are simply far too great.

Geez dude, can't you just stop visiting those dodgy voip sites and keep your laptop clean?

Or better yet, get a Mac! they're secure and don't viruses, right....?

Oh wait, that's changed hasnt it....

________

Antoniosk

DonGould

3892 posts

Uber Geek

#650984 4-Jul-2012 22:26

freitasm: If you think that simply bringing your own device and plugging to the network is all it takes, you are wrong.

Totally agree, that this my whole argument.

We really need to get to a point where this technology is plug and play and Cisco should be leading the charge in this space.

I should be able to take a VoIP device from one network to another, and move my numbers with it, as quickly and simply as I can move a domain name and connect my wifi device from one network to another.

I totally agree with everyone who has suggested, stated or hinted that it's not this simple, it should be and we need to work to get it to that point with global standards.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9