Unified Communication:
|
|
- Shavonne Sparks
- 5 years ago
- Views:
Transcription
1 Unified Communication: It should work as easily as a telephone call! Authors Thomas Reisinger, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract This article explains various aspects of Unified Communication (UC) - the methods used to implement UC, and the problems faced by real-life organisations in the implementation surrounding firewall traversal and related security considerations, and possible solutions. Our focus will be on the Session Initial Protocol (SIP). With the help of examples, we will see how SIP works in concert with relevant industry standards to solve challenges around firewalls and Network Address Translation (NAT) for UC. In conclusion the article highlights some vendor best practise recommendations for UC. a a This article is published online by Computer Weekly as part of the 2017 Royal Holloway information security thesis series Unified-Communication-It-should-work-as-easily-as-a-telephone-call. It is based on an MSc dissertation written as part of the MSc in Information Security at the ISG, Royal Holloway, University of London. The full thesis is published on the ISG s website at Unified communication - The promise The Unified Communication promise is to connect people, enabling them to collaborate seamlessly to improve business agility and results. These results include better user and group productivity, dynamic collaboration and simplified business processes, with the goal of increasing revenues, decreasing costs and improving customer service. A characteristic UC based conversation could start by verifying the availability of the communication partner. If the partner is available, an instant messaging (IM) chat session would be initiated between the two parties. In case the chat capabilities are not sufficient for the communication, a video conference (VC) or content sharing session, or both, could be added to the UC session. If other parties are required to Unified Communication (UC): The interactive use of different real time communication methods/channels, and the integration with IT business applications and processes across multiple devices and media types, presenting a consistent unified user interface. join, they could be brought into the UC session. There are several elements associated with UC, including: Call Control (signalling). Voice over IP (VoIP). Instance Messaging (chat functionality). Video Conferencing. Collaboration (for example simultaneous modification of a text document). Business Process Integration (integration into an Enterprise Resource Planning system). Recording, streaming and content management. Page 1
2 Real world problems One of the most important points for UC deployment in an organisation is the adoption rate as this will justify the investment. There is no benefit if the users cannot use the system because it doesn t work. Beside the clear definition of the use cases, for example, to support multiple development locations where there is a need to share a white board, there are several points which needs to be considered. Ease of use Today it is very common to give the control for scheduling and using UC sessions to the user, rather than having a concierge service where an operator drives all the technology in the background. When the user is in charge of establishing and managing the UC meeting its success is closely related to the ease of use of the system. This starts with the invitation process (pre-meeting), content sharing, video and, more importantly, audio quality (in meeting) and continues through to the post-meeting activities. An example user interface for an UC client is demonstrated in Figure 1. Top issues for user UC adaption rate: Ease of use. Quality and Reliability. Interoperability. Figure 1: Polycom RealPresence Mobile ipad - Software Client Quality and reliability One of the most challenging prerequisites for video conferencing (VC) is the requirement on the underlying network infrastructure to ensure the correct delivery of the real-time media and signalling packets. The most common signalling protocols are SIP and H.323. The bandwidth requirements depend on the technology used and the CODEC (coder/decoder). The required network properties depend on the recommendations of the different vendors and include: CODEC: Coding and decoding of audio, video to/from digital data streams. Packet loss. This occurs when packets of data travelling across a computer network path fail to reach their destination. This can be caused by congestion or capacity overload on routers and connections. Typically there should be no more than 1% of lost packets. Page 2
3 Jitter. This is defined as the variation in the delay of received packets and should be no more than 40 ms. The packet delay variation can be addressed to a certain level, by using buffers, but this adds end-to-end delay. One-way latency. This is the amount of time a packet takes to traverse from the source to the destination. This should be no more than 100 ms. If the parameters above cannot be met a negative end user experience can be expected, for example: frozen or blurry video, poor audio quality and in the worst case call disconnections. This has a significant impact on the end user acceptance of the technology. There are a variety of QoS solutions. For example, the recommended UC DSCP (DiffServ Code Point) QoS settings are defined in RFC Configuration Guidelines for DiffServ Service Classes to tag on the IP layer. Interoperability In general, many organisations and companies are involved in UC development, each with possibly different interests and goals. This creates some issues with the interoperability of those technologies. The simple expectation of a UC end user is: It should work as easily as a telephone call. This is quite a challenge and some problems experienced by the end user could be: No video/audio received (capability exchange between endpoints fail). Poor quality video/audio received (poor CODEC quality implemented). No connection at all (signalling or capability exchange issues between two communication partners). Content sharing channels that cannot be established. For that reason, in May 2010, some vendors and organisations collectively formed the Unified Communication Interoperability Forum (UCIF). In June 2014, UCIF merged with International Multimedia Telecommunication Consortium (IMTC) to combine their efforts to improve the interoperability and education surrounding UC. Session initiation protocol (SIP) One of the most popular signalling protocols for UC is the Session Initiation Protocol (SIP) defined in RFC One core functionality of SIP is to negotiate the ports, IP addresses and domain names required to describe the sessions it controls. SIP also manages session traffic to be established, such as the Real-Time Transport Protocol (RTP) which streams audio and video. Some of the main reasons for the popularity of SIP come from the wide distribution of Voice over IP (VoIP) and the movement from telephony to the UC/VC space. Another advantage of SIP signalling is its flexibility. Figure 2 illustrates an example for a point to point communication between two endpoints on a LAN (Local Area Network) with an SIP proxy. SIP and firewalls For two organisations to communicate with each other via the Internet, the UC infrastructure needs to pass through the firewalls of both organisations. There are two main issues with getting SIP to traverse firewalls: packet filtering and NAT. The depletion of available IPv4 addresses, which are essential for inter IP communication, brought about a solution called network address translation (NAT) to map private IP addresses (for example, /8, /12) to public routed IP addresses. The first Page 3
4 Figure 2: SIP P2P call with proxy server issue is getting the SIP messages themselves through, and the second is getting the media sessions that need to be initiated to pass through. The later is the more challenging aspect. Because of the wide deployment of firewalls and NAT gateways UC traffic will not work end-to-end without special solutions put in place, two of which are discussed in the following two sections. Firewalls with Application Layer Gateway/Proxy (ALG) Some firewall vendors try to solve the firewall traversal problem for the signalling and media streams by the introduction of Application Layer Gateways (ALGs) inside their products. An ALG-enabled firewall reassembles all application-related TCP and UDP packets, which can include DNS, HTTP, or SIP messages, and examines the messages, possibly modifies them, and permitting or rejecting the traffic based on the configured policy. It ensures that protocol anomalies and misuse attempts are detected, and message sequence and protocol standards are all correct. For each application, a specific ALG needs to be implemented and kept updated by the firewall vendors. In the context for SIP, ALGs also fix issues caused by firewall packet filtering and NAT. The ALG dynamically modifies the configuration/traffic based on application-specific information such as IP addresses, port numbers, and remapping of RTP traffic together with Session Description Protocol (SDP) information. However, ALGs built into firewalls don t cover all aspects of UC requirements and using an It s not recommended to solely put your trust in ALGs built into firewalls for UC. unknown SIP extension may sometimes cause parts of the UC to fail. For example, content sharing could be blocked but video and voice may be working with ALG turned on. Because all the traffic, signalling and media needs to traverse the ALG firewall, it has an impact on performance and adds some additional delay into the real-time communication. From the author s experience, it is not recommended to solely put your trust in ALGs. Solutions for that are discussed in the next section. SIP and Media NAT/Firewall Problems Many internet application protocols work fine with NAT and firewalls as long as some guidelines are followed as described in RFC Network Address Translator (NAT) - Friendly Application De- Page 4
5 sign Guidelines. Unfortunately, with SIP the initial RFCs covering these protocols ignored NAT and assumed IPv6 would remove the need for NAT. However, IPv6 deployment has been low, with approximately 16.65% of hosts in the UK being IPv6 as measured by Google (January 2017). Some of the main protocol design recommendations for working with NAT, which could have been incorporated, are: Using client/server systems which are more workable compared to peer-to-peer applications. Avoiding the use of end-to-end IPSec (layer 3 encryption) which causes issues as key information is obfuscated from intermediate devices such as firewalls and gateways. Use DNS names, rather than IP addresses in the payload which allows for better connectivity through NAT. Avoiding multicast, which is difficult through NAT. Avoiding the use of session bundles. (The classic example is FTP, where one connection is for control and one for data transfer. In real time communications we have RTP and RTCP, the Real Time Control Protocol.) Using TCP instead of UDP to optimise traversal. Figure 3: SIP INVITE message highlighting NAT/firewall problems In Figure 3 an SIP INVITE message is shown highlighting the problem fields in red: 1. In the Via header field the private IP address and listening port 5060 are used and may not have an active mapping and filter rule in the NAT gateway. 2. The Contact URI may not be routable because of its private IP address The SDP information in the c= and m= lines will not work behind NAT as it is using a local IP address and port. SIP violates most of the points discussed above. Early solutions to this problem used ALGs. Later a solution called STUN (RFC Session Traversal Utilities for NAT ) is used directly on the SIP User Page 5
6 Agent to identify if it is behind a NAT device and to discover its mapped address. Unfortunately, STUN doesn t cover all NAT variations and the IETF developed ICE (RFC Interactive Communication Establishment) which makes use of the STUN protocol and its extension TURN (RFC Traversal Using Relay NAT ). There are several extensions available for SIP, such as: symmetric SIP, connection reuse and SIP outbound to help overcome the NAT/firewall problems for the SIP signalling part, but the media stream issues are not resolved. The best solution for media NAT traversal is to use, at the first stage hole punching in combination with ICE. Hole Punching is a probing technique, used to enable two clients, for example two SIP User Agents, to set up a direct session with the help of a rendezvous server on the internet, for example a SIP proxy, even when the endpoints are behind NATs. This is a very common method used for peer-to-peer networks such as online gaming, file sharing, and for UC. In case ICE and Hole Punching is not successful a fall back to STUN/TURN should enable traversal. The best solution for media NAT traversal is to use, at the first stage hole punching in combination with ICE and if this is not successful fall back on TURN. Session border controller (SBC) The Session Border Controller (SBC) is under discussion by the IETF and user community in order to break up the direct SIP User Agent (UA) end-to-end architecture by introducing a back to back user agent (B2BUA) between a private and public network. In RFC Requirements from Session Initiation Protocol (SIP) Session Border Control (SBC) Deployments, many aspects are discussed including the conflict with SIP architectural principles. SBCs solve the most critical problems surrounding NAT/firewall traversal and provide successful UC calls by following a clean architecture (see Figure 4). The B2BUA acts on the public side as a user agent server and handles UA sessions from the public network side, applies policies, processes the sessions, possibly relays the media, and proxies the session into the private network. Figure 4: SBC Architecture SBCs provide the following common functions in relation to SIP: Topology and IP address hiding. Media traffic management. Fixing capability mismatches between User Agents. Maintaining SIP-related NAT bindings. Page 6
7 Media encryption/decryption. Media relay and transcoding. SBCs are very common in service provider environments and are increasingly being deployed and used by enterprises in general, especially for cloud based UC solutions. Security considerations for UC With the wide distribution and exposure of UC architectures to the Internet, the need for security is obvious. Compared with the classical Public Switched Telephone Network (PSTN) and its perimeter and physical security, UC is much more exposed to threats via the internet. Hence, UC, like other information technology areas, needs to be covered by a regular Information Security Management System (ISMS). This section highlights the threats to UC systems and possible approaches to reduce the risks. Real life examples Some classical security risks: Information leakage. Integrity violation. Denial of Service (DoS). Unauthorised access. Masquerade/man-in-the-middle attack The discussion points from the previous section highlight some of the threats and possible attacks on UC infrastructures. The security services defined in RFC Session Initiation Protocol, when implemented correctly, can help to reduce the risk. This section demonstrates some real-life attack examples. ISDN gateway misuse The following example demonstrates a common problem, seen by the author several times. This is a problem caused by incorrect UC infrastructure security configuration even though the right components are in place, and can result in telephone invoices for thousands of Euros. Unfortunately, many customers are still using ISDN for voice or video calls in meetings. For voice only calls, a SIP/private branch exchange (PBX) telephone gateway can be used, causing a similar problem illustrated in Figure 5 and described as follows: 1. SIP Scan Organisation ABC.com provides a business-to-business SIP video dial-in option via a firewall and a dedicated SBC (see Figure 5 point 1). That means any unauthenticated SIP UA is allowed to send a SIP INVITE message to the SBC and this message is processed by the SBC. A potential attacker could find out the SIP dial-in point by conducting Internet research on the corporate home page, signatures, through social engineering, or simply by querying the SIP service DNS records of the organisation s domain name. 2. Virtual Meeting Room (VMR) Scan The attacker already knows a valid virtual meeting room (VMR) number (similar to an extension) learned from an signature or by guessing. A SIP INVITE can then be sent to this SIP URI, for example, 10123@ABC.com by the attacker. If this is a valid VMR, the call ends up on the MCU (Multipoint Control Unit) illustrated in Figure 5 point ISDN misuse The attacker is now connected to the infrastructure of ABC.com and could try to dial out via ISDN from the MCU, inviting somebody via ISDN into the same VMR. The number used for dialling could be a premium international number, maintained by the attacker, generating a telephone toll to ABC.com indicated by Figure 5 point 3. Page 7
8 Figure 5: Example ISDN gateway misuse There are several options to reduce the risk of such ISDN service misuse. Turning off ISDN is generally not acceptable for various reasons, such as security policy and business need. There are still misleading security features of ISDN such as caller identifier, which can easily be spoofed. Another problem with ISDN is that it doesn t allow IP based security services such as mutual TLS authentication or the usage of certificates. Allowing only authenticated users to send SIP INVITES is also not feasible, because this will prevent the communication with external organisations. A more practical solution is to use different PINs for each meeting as authentication during the join process before the connection gets established. The PINs shouldn t be included in meeting invites and a different PIN exchange mechanism should be used. In addition, a chairperson password can be used to enable participation only after a participant has provided the chairperson password when joining the VMR. Another option is to allow unauthorised Internet calls only to a specific static VMR with specific security settings and limited services e.g. no ISDN/PSTN dial out. UC security recommendations from vendors In addition to available standards and security services, each UC vendor provides some kind of recommendations and guides for their part of the UC ecosystem (products and services). Some examples from well-known industry vendors are discussed here. Most of these recommendations apply in general for IT assets, and some are more specific to UC. Some of the recommendations in the two guidelines Polycom Recommended Best Security Practices for Unified Communications and Cisco Video and TelePresence Architecture Design Guide include: For end user: Participate in training around the usage of UC technology and related security measurements. Change PINs and passwords regularly as specified by the company security policy. Disable Auto Answer on video endpoints. If enabled, this could allow somebody to call into a physical meeting room, where the endpoint is located, and listen/watch conversations without the knowledge of the people in the room. For IT managers - Implementation/Architecture: Place all UC infrastructure components behind a firewall and use an SBC for firewall traversal. Page 8
9 Turn off unused features/open ports, to reduce the amount of attack vectors. Use VPN connections for branch locations to provide a similar security level to that provided at the main site of the organisation. Change default passwords and configuration items. Encryption for signalling and media should be used together with device/user authentication. For system management use secure protocol versions e.g. SSH, and HTTPS for management interface access. Use the SBC security policy compliant settings to avoid unwanted connections and registration attempts from the Internet. Use a virtual meeting room (VMR) for business-to-business or external guest user calls. Don t allow call establishment from unknown sources directly to an endpoint inside the organisation. For IT Managers - Operation Incorporate the UC architecture into a security management system such as ISO Conduct periodic security assessment vulnerability scans (internal and external) on UC components, update security configurations and apply software updates accordingly. Mobile UC devices should be managed centrally for endpoint security via a secure channel. Review and monitor the UC infrastructure generated log files for anomalies in the UC usage. Biographies Thomas Reisinger has been active in the network and security field around the globe for more than 20 years, helping customers to build a solid IT infrastructure. He holds a Cisco Certified Internetwork Expert (CCIE #9283) certification in routing and switching since 2002 and received his MSc in Information Security from the Royal Holloway University in The last couple of years he manages a small team in EMEA that help customers with their UC strategy. His interests include UC infrastructure and related security. He may continue his academic career with a PhD in information security at the Johannes Kepler University in Austria. Peter Komisarczuk s a member of the Information Security Group at Royal Holloway, University of London, where he is Programme Director for the MSc Information Security (Distance Learning). He is a chartered engineer and has a PhD (Surrey), researches in networks and security and has worked in industry in various R&D roles at Ericsson, Fujitsu and Nortel Networks. Page 9
SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)
security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, 29.03.2006, Atlanta, GA (USA) 2006 SWITCH Content and Firewall and NAT Privacy / Encryption SpIT / Authentication Identity General
More informationABC SBC: Secure Peering. FRAFOS GmbH
ABC SBC: Secure Peering FRAFOS GmbH Introduction While an increasing number of operators have already replaced their SS7 based telecommunication core network with a SIP based solution, the interconnection
More informationABC SBC: Securing the Enterprise. FRAFOS GmbH. Bismarckstr CHIC offices Berlin. Germany.
ABC SBC: Securing the Enterprise FRAFOS GmbH Bismarckstr 10-12 CHIC offices 10625 Berlin Germany www.frafos.com Introduction A widely reported fraud scenarios is the case of a malicious user detecting
More informationConfiguring Hosted NAT Traversal for Session Border Controller
Configuring Hosted NAT Traversal for Session Border Controller The Cisco IOS Hosted NAT Traversal for Session Border Controller Phase-1 feature enables a Cisco IOS Network Address Translation (NAT) Session
More informationFirewall traversal methods and security considerations for unified communication architectures with industry case studies Thomas Reisinger
Firewall traversal methods and security considerations for unified communication architectures with industry case studies Thomas Reisinger Technical Report RHUL ISG 2017 10 10 February 2017 Information
More informationVPN-1 Power/UTM. Administration guide Version NGX R
VPN-1 Power/UTM Administration guide Version NGX R65.2.100 January 15, 2009 2003-2009 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationWhite Paper. SIP Trunking: Deployment Considerations at the Network Edge
SIP Trunking: Deployment Considerations at the Network Edge at the Network Edge Executive Summary The move to Voice over IP (VoIP) and Fax over IP (FoIP) in the enterprise has, until relatively recently,
More informationDepartment of Computer Science. Burapha University 6 SIP (I)
Burapha University ก Department of Computer Science 6 SIP (I) Functionalities of SIP Network elements that might be used in the SIP network Structure of Request and Response SIP messages Other important
More informationRealtime Multimedia in Presence of Firewalls and Network Address Translation
Realtime Multimedia in Presence of Firewalls and Network Address Translation Knut Omang Ifi/Oracle 9 Oct, 2017 1 Overview Real-time multimedia and connectivity Mobile users (roaming between devices) or
More informationRealtime Multimedia in Presence of Firewalls and Network Address Translation. Knut Omang Ifi/Oracle 9 Nov, 2015
Realtime Multimedia in Presence of Firewalls and Network Address Translation Knut Omang Ifi/Oracle 9 Nov, 2015 1 Overview Real-time multimedia and connectivity Mobile users (roaming between devices) or
More informationIntroduction. H.323 Basics CHAPTER
CHAPTER 1 Last revised on: October 30, 2009 This chapter provides an overview of the standard and the video infrastructure components used to build an videoconferencing network. It describes the basics
More informationWhat is SIP Trunking? ebook
What is SIP Trunking? ebook A vast resource for information about all things SIP including SIP, security, VoIP, SIP trunking and Unified Communications. Table of Contents 3 4 5 6 7 8 9 10 11 What is the
More informationAllstream NGNSIP Security Recommendations
Allstream NGN SIP Trunking Quick Start Guide We are confident that our service will help increase your organization s performance and productivity while keeping a cap on your costs. Summarized below is
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationApplication Note. Microsoft OCS 2007 Configuration Guide
Application Note Microsoft OCS 2007 Configuration Guide 15 October 2009 Microsoft OCS 2007 Configuration Guide Table of Contents 1 MICROSOFT OCS 2007 AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2 2 INGATE
More informationSession Border Controller
CHAPTER 14 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 14-1 Information Model Objects (IMOs), page 14-2 Vendor-Specific Inventory
More informationA. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.
Volume: 383 Questions Question No: 1 Which parameter should be set to prevent H.323 endpoints from registering to Cisco TelePresence Video Communication Server automatically? A. On the VCS, navigate to
More informationexamcollection.premium.exam.161q
300-075.examcollection.premium.exam.161q Number: 300-075 Passing Score: 800 Time Limit: 120 min File Version: 6.0 300-075 Implementing Cisco IP Telephony & Video, Part 2 v1.0 Version 6.0 Exam A QUESTION
More informationCisco TelePresence Conductor with Cisco Unified Communications Manager
Cisco TelePresence Conductor with Cisco Unified Communications Manager Deployment Guide TelePresence Conductor XC4.0 Unified CM 10.5(2) January 2016 Contents Introduction 6 About this document 6 Related
More informationInstavc White Paper. Future of Enterprise Communication
Future of Enterprise Communication InstaVC is a futuristic Video Collaboration platform for the organizations to achieve client-less and plugin free, real-time communication which enables peer-to-peer
More informationJournal of Information, Control and Management Systems, Vol. X, (200X), No.X SIP OVER NAT. Pavel Segeč
SIP OVER NAT Pavel Segeč University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.sk Abstract Session Initiation Protocol is one of key IP communication
More informationChapter 11: Understanding the H.323 Standard
Página 1 de 7 Chapter 11: Understanding the H.323 Standard This chapter contains information about the H.323 standard and its architecture, and discusses how Microsoft Windows NetMeeting supports H.323
More informationCisco TelePresence Conductor with Cisco Unified Communications Manager
Cisco TelePresence Conductor with Cisco Unified Communications Manager Deployment Guide XC2.2 Unified CM 8.6.2 and 9.x D14998.09 Revised March 2014 Contents Introduction 4 About this document 4 Further
More informationOverview of the Session Initiation Protocol
CHAPTER 1 This chapter provides an overview of SIP. It includes the following sections: Introduction to SIP, page 1-1 Components of SIP, page 1-2 How SIP Works, page 1-3 SIP Versus H.323, page 1-8 Introduction
More informationWHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points
WHITE PAPER Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS Starting Points...1 The Four Essentials...2 The Business Case for SIP Trunks...3 To benefit from the latest
More informationPolycom RealPresence Access Director System
Release Notes Polycom RealPresence Access Director System 4.0 June 2014 3725-78700-001D Polycom announces the release of the Polycom RealPresence Access Director system, version 4.0. This document provides
More informationMinnesota Microsoft Unified Communications User Group Welcome! March 26, 2009
Minnesota Microsoft Unified Communications User Group Welcome! March 26, 2009 Today s presenters Rob Hanson rhanson@avtex.com Business Development for UC Colleen Reynolds creynolds@avtex.comcom Ops Manager
More informationCisco TelePresence Conductor with Unified CM
Cisco TelePresence Conductor with Unified CM Deployment Guide TelePresence Conductor XC3.0 Unified CM 10.x Revised February 2015 Contents Introduction 5 About this document 5 Related documentation 5 About
More informationThis is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.
This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett. For more information or to buy the paperback or ebook editions, visit
More informationVoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.
VoIP Basics Phone Network Typical SS7 Network Architecture What is VoIP? (or IP Telephony) Voice over IP (VoIP) is the transmission of digitized telephone calls over a packet switched data network (like
More informationNever Drop a Call With TecInfo SIP Proxy White Paper
Innovative Solutions. Trusted Performance. Intelligently Engineered. Never Drop a Call With TecInfo SIP Proxy White Paper TecInfo SD-WAN product - PowerLink - enables real time traffic like VoIP, video
More informationSecurity and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California
Security and Lawful Intercept In VoIP Networks Manohar Mahavadi Centillium Communications Inc. Fremont, California Agenda VoIP: Packet switched network VoIP devices VoIP protocols Security and issues in
More informationFreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering
FreeSWITCH as a Kickass SBC Moises Silva Manager, Software Engineering FreeSWITCH as a Kickass SBC Moises Silva Manager, Software Engineering Moises Silva
More informationPolycom RealPresence Access Director System
Release Notes 3.1.1 April 2014 3725-78700-001C1 Polycom RealPresence Access Director System Polycom announces the release of the Polycom RealPresence Access Director system, version 3.1.1. This document
More informationDesigning Workspace of the Future for the Mobile Worker
Designing Workspace of the Future for the Mobile Worker Paulo Jorge Correia Technical Solutions Architect Building Business Value Enable mobile workers and BYOD Locate and access remote experts Collaborate
More informationCommunications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise
Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise The Changing Landscape IP-based unified communications is widely deployed in enterprise networks, both for internal calling
More informationP2PSIP, ICE, and RTCWeb
P2PSIP, ICE, and RTCWeb T-110.5150 Applications and Services in Internet October 11 th, 2011 Jouni Mäenpää NomadicLab, Ericsson Research AGENDA Peer-to-Peer SIP (P2PSIP) Interactive Connectivity Establishment
More informationThinkTel ITSP with Registration Setup
January 13 ThinkTel ITSP with Registration Setup Author: Zultys Technical Support This configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone System with ThinkTel
More informationCisco Unified Border Element (CUBE) Integration Guide
Cisco Unified Border Element (CUBE) Integration Guide Technical Documentation for integrating Cisco Unified Border Element with Blue Jeans Network 516 Clyde Avenue Mountain View, CA 94070 www.bluejeans.com
More informationModern IP Communication bears risks
Modern IP Communication bears risks How to protect your business telephony from cyber attacks Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure
More informationBroadvox Fusion Platform Version 1.2 ITSP Setup Guide
November 13 Broadvox Fusion Platform Version 1.2 ITSP Setup Guide Author: Zultys Technical Support This configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone
More informationUnified Communications in RealPresence Access Director System Environments
[Type the document title] 2.1.0 March 2013 3725-78704-001A Deploying Polycom Unified Communications in RealPresence Access Director System Environments Polycom Document Title 1 Trademark Information POLYCOM
More informationNetwork Address Translators (NATs) and NAT Traversal
Network Address Translators (NATs) and NAT Traversal Ari Keränen ari.keranen@ericsson.com Ericsson Research Finland, NomadicLab Outline Introduction to NATs NAT Behavior UDP TCP NAT Traversal STUN TURN
More informationApplication Note 3Com VCX Connect with SIP Trunking - Configuration Guide
Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...
More information10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network
10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More informationOverview. Features and Benefits CHAPTER
CHAPTER 1 Cisco Intercompany edia Engine (Cisco IE) provides a technique for establishing direct connectivity between enterprises by combining peer-to-peer technologies with the existing public switched
More informationCisco Expressway Session Classification
Cisco Expressway Session Classification Deployment Guide First Published: December 2016 Last Updated: December 2017 Expressway X8.10 Cisco Systems, Inc. www.cisco.com 2 Preface Preface Change History Table
More informationIngate SIParator /Firewall SIP Security for the Enterprise
Ingate SIParator /Firewall SIP Security for the Enterprise Ingate Systems Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?... 3 3
More informationSIP as an Enabling Technology
SIP as an Enabling Technology SIP and VoIP Fundamentals Mike Taylor - CTO spscom.com 888.777.7280 Strategic Products and Services / 300 Littleton Road / Parsippany, NJ 07054 Agenda What is SIP? Acceptance
More informationTest-king. Number: Passing Score: 800 Time Limit: 120 min File Version:
300-075 Test-king Number: 300-075 Passing Score: 800 Time Limit: 120 min File Version: 14.1 http://www.gratisexam.com/ 300-075 Implementing Cisco IP Telephony & Video, Part 2 v1.0 Version 14.1 Exam A QUESTION
More informationCisco Webex Cloud Connected Audio
White Paper Cisco Webex Cloud Connected Audio Take full advantage of your existing IP telephony infrastructure to help enable a Webex integrated conferencing experience Introduction Cisco Webex Cloud Connected
More informationGLOSSARY. Advanced Encryption Standard. Cisco Adaptive Security Appliance. Business-to-business. Binary Floor Control Protocol.
GLOSSARY Revised: March 30, 2012, A AES ASA Advanced Encryption Standard Cisco Adaptive Security Appliance B B2B BFCP bps Business-to-business Binary Floor Control Protocol Bits per second C CA CAPF CBWFQ
More informationSecure Telephony Enabled Middle-box (STEM)
Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components
More informationOpen Mic Webcast. Jumpstarting Audio- Video Deployments Tony Payne March 9, 2016
Open Mic Webcast Jumpstarting Audio- Video Deployments Tony Payne March 9, 2016 Agenda The Challenges of Audio and Video Architecture Bill of Materials Component Descriptions Deployment Sample Deployment
More informationUnofficial IRONTON ITSP Setup Guide
September 13 Unofficial IRONTON ITSP Setup Guide Author: Zultys Technical Support This unofficial configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone System
More informationCisco TelePresence Conductor
Cisco TelePresence Conductor Deployment Guide XC1.2 D14827.02 May 2012 Contents Contents Introduction... 4 About the Cisco TelePresence Conductor... 4 Call flow with the Cisco TelePresence Conductor...
More informationTechnical White Paper for NAT Traversal
V300R002 Technical White Paper for NAT Traversal Issue 01 Date 2016-01-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form
More informationPage 2 Skype Connect Requirements Guide
Thinking about implementing Skype Connect? Read this guide first. Skype Connect provides connectivity between your business and the Skype community. By adding Skype Connect to your existing SIP-enabled
More informationCisco Expressway Options with Cisco Meeting Server and/or Microsoft Infrastructure
Cisco Expressway Options with Cisco Meeting Server and/or Microsoft Infrastructure Deployment Guide First Published: December 2016 Last Updated: October 2017 Expressway X8.9.2 Cisco Systems, Inc. www.cisco.com
More informationDigital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model
Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model 1. Description of Services. 1.1 SIP SBC with Field Trial Endpoint Deployment Verizon will assist
More informationbecome a SIP School Certified Associate endorsed by the Telecommunications Industry Association (TIA)
SSCA Certification become a SIP School Certified Associate endorsed by the Telecommunications Industry Association (TIA) Exam Objectives The SSCA exam is designed to test your skills and knowledge on the
More informationGUIDELINES FOR VOIP NETWORK PREREQUISITES
GUIDELINES FOR VOIP NETWORK PREREQUISITES WHITE PAPER October 2016 Unified Networks Unified User Clients Unified Messaging Mobility 100+ Call Management Features Executive Summary This document contains
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationApplication Note Asterisk BE with Remote Phones - Configuration Guide
Application Note Asterisk BE with Remote Phones - Configuration Guide 15 January 2009 Asterisk BE - Remote SIP Phones Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 REMOTE SIP PHONE
More informationCisco Unified Presence 8.0
Cisco Unified Presence 8.0 Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time from any workspace.
More informationIP Office Platform R11.0
Issue 03d - (09 October 2018) Contents 8. Remote SIP Deskphones 8.1 Provisioning... the Deskphones 59 8.2 Configuring... Application Rules 61 1.1 Example Schematic... 4 8.3 Configuring... Media Rules 61
More informationApplication Note Asterisk BE with SIP Trunking - Configuration Guide
Application Note Asterisk BE with SIP Trunking - Configuration Guide 23 January 2009 Asterisk BE SIP Trunking Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2
More information2FXS Analog Telephone Adapter
2FXS Analog Telephone Adapter Product features Feature-rich telephone service over home or office Internet/ Intranet connection Auto-provisioning features for flexible, ease-of use IP PBX system integration
More informationTSIN02 - Internetworking
Lecture 8: SIP and H323 Litterature: 2004 Image Coding Group, Linköpings Universitet Lecture 8: SIP and H323 Goals: After this lecture you should Understand the basics of SIP and it's architecture Understand
More informationFIREWALL SETUP AND NAT CONFIGURATION GUIDE FOR H.323 / SIP ROOM SYSTEMS BLUEJEANS 2018
FIREWALL SETUP AND NAT CONFIGURATION GUIDE FOR H.323 / SIP ROOM SYSTEMS BLUEJEANS 2018 0 H.323 / SIP Room Systems Table of Contents 1. How to setup Firewall and NAT to work with Blue Jeans Network - page
More informationImplementation and Planning Guide
nexvortex SIP Trunking February 2018 5 1 0 S P R I N G S T R E E T H E R N D O N V A 2 0 1 7 0 + 1 8 5 5. 6 3 9. 8 8 8 8 Copyright nexvortex 2018 This document is the exclusive property of nexvortex, Inc.
More informationVoice over IP (VoIP)
Voice over IP (VoIP) David Wang, Ph.D. UT Arlington 1 Purposes of this Lecture To present an overview of Voice over IP To use VoIP as an example To review what we have learned so far To use what we have
More informationEXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!
EXAMGOOD QUESTION & ANSWER Exam Good provides update free of charge in one year! Accurate study guides High passing rate! http://www.examgood.com Exam : 070-337 Title : Enterprise Voice & Online Services
More informationVoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts VoIP System Gatekeeper: A gatekeeper is useful for handling VoIP call connections includes managing terminals, gateways and MCU's (multipoint
More informationSpectrum Enterprise SIP Trunking Service NEC Univerge SV8100 IP PBX Configuration Guide
Spectrum Enterprise SIP Trunking Service NEC Univerge SV8100 IP PBX Configuration Guide About Spectrum Enterprise: Spectrum Enterprise is a division of Charter Communications following a merger with Time
More informationINTERFACE SPECIFICATION SIP Trunking. 8x8 SIP Trunking. Interface Specification. Version 2.0
8x8 Interface Specification Version 2.0 Table of Contents Introduction....3 Feature Set....3 SIP Interface....3 Supported Standards....3 Supported SIP methods....4 Additional Supported SIP Headers...4
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Application Notes for Configuring Sipera Systems UC-Sec Secure Access Proxy with Avaya Aura Session Manager and Avaya Aura Communication Manager to Support Core
More informationNetwork Address Translation (NAT) Contents. Firewalls. NATs and Firewalls. NATs. What is NAT. Port Ranges. NAT Example
Contents Network Address Translation (NAT) 13.10.2008 Prof. Sasu Tarkoma Overview Background Basic Network Address Translation Solutions STUN TURN ICE Summary What is NAT Expand IP address space by deploying
More informationReal-Time Communications for the Web. Presentation of paper by:cullen Jennings,Ted Hardie,Magnus Westerlund
Real-Time Communications for the Web Presentation of paper by:cullen Jennings,Ted Hardie,Magnus Westerlund What is the paper about? Describes a peer-to-peer architecture that allows direct,interactive,rich
More informationIP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007
IP Possibilities Conference & Expo Minneapolis, MN April 11, 2007 Rural VoIP Protocol, Standards and Technologies Presented by: Steven P. Senne, P.E Chief Technology Officer Finley Engineering Company,
More informationConfigure Call Control
Call Control Overview, page 1 Cisco Expressway and TelePresence Configuration Tasks, page 2 Configuring Cisco Unified Communications Manager, page 5 Provisioning Endpoint Display Names, page 10 Call Control
More informationMaintaining High Availability for Enterprise Voice in Microsoft Office Communication Server 2007
Maintaining High Availability for Enterprise Voice in Microsoft Office Communication Server 2007 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationVoice over IP. What You Don t Know Can Hurt You. by Darren Bilby
Voice over IP What You Don t Know Can Hurt You by Darren Bilby What is VoIP? Voice over Internet Protocol A method for taking analog audio signals, like the kind you hear when you talk on the phone, and
More informationThe Session Initiation Protocol
The Session Initiation Protocol N. C. State University CSC557 Multimedia Computing and Networking Fall 2001 Lecture # 25 Roadmap for Multimedia Networking 2 1. Introduction why QoS? what are the problems?
More informationSBC Edge 2000 V5.0.1 IOT Skype for Business 2015 Intermedia SIP Trunk Application Notes
SBC Edge 2000 V5.0.1 IOT Skype for Business 2015 Intermedia SIP Trunk Application Notes Document Overview Introduction Audience Requirements Reference Configuration Support Third-party Product Features
More informationatl IP Telephone SIP Compatibility
atl IP Telephone SIP Compatibility Introduction atl has released a new range of IP Telephones the IP 300S (basic business IP telephone) and IP400 (Multimedia over IP telephone, MOIP or videophone). The
More informationLocation Based Advanced Phone Dialer. A mobile client solution to perform voice calls over internet protocol. Jorge Duda de Matos
Location Based Advanced Phone Dialer A mobile client solution to perform voice calls over internet protocol Jorge Duda de Matos Superior Institute of Technology (IST) Lisbon, Portugal Abstract Mobile communication
More informationYealink VCS Network Deployment Solution
Yealink VCS Network Deployment Solution Aug. 2016 V21.20 Yealink Network Deployment Solution ii Table of Contents Table of Contents... iii Network Requirements Overview... 1 Bandwidth Requirements... 1
More informationApplication Note. Polycom Video Conferencing and SIP in VSX Release 7.0. Presented by Mike Tucker Tim O Neil Polycom Video Division.
Application Note Polycom Video Conferencing and SIP in VSX Release 7.0 Presented by Mike Tucker Tim O Neil Polycom Video Division July 2004 This document describes the SIP functionality in Version 7.0
More informationNEC: SIP Trunking Configuration Guide V.1
NEC: SIP Trunking Configuration Guide V.1 FOR MORE INFO VISIT: CALL US EMAIL US intermedia.net +1.800.379.7729 sales@intermedia.net 2 NEC: SIP Trunking Configuration Guide V.1 TABLE OF CONTENTS Introduction...
More informationAvaya PBX SIP TRUNKING Setup & User Guide
Avaya PBX SIP TRUNKING Setup & User Guide Nextiva.com (800) 285-7995 2 P a g e Contents Description... 3 Avaya IP PBX Configuration... 3 Licensing and Physical Hardware... 4 System Tab Configuration...
More informationAPP NOTES TeamLink and Firewall Detect
APP NOTES TeamLink and Firewall Detect May 2017 Table of Contents 1. Overview... 4 1.1 When is TeamLink Used?... 4 1.2 Onsight Connect Solution Architecture... 4 1.3 Three Stages of Onsight Connectivity...
More informationCisco Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2)
Cisco 300-075 Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) https://killexams.com/pass4sure/exam-detail/300-075 QUESTION: 90 An engineer is configuring a new DX-80 in Cisco Unified Communications
More informationUnified Communications Networks Security and Platforms
Unified Communications Networks Security and Platforms About Program Who May Apply? Learning Environment Program Overview Program Architecture Partnership with Industry Index Who is Who? 2 Index Introduction
More informationConfiguring SIP Registration Proxy on Cisco UBE
The Support for SIP Registration Proxy on Cisco UBE feature provides support for sending outbound registrations from Cisco Unified Border Element (UBE) based on incoming registrations. This feature enables
More informationKeep Calm and Call On! IBM Sametime Communicate Softphone Made Simple. Frank Altenburg, IBM
Keep Calm and Call On! IBM Sametime Communicate Softphone Made Simple Frank Altenburg, IBM Agenda Voice and Video an effective way to do business! Sametime Softphone Computer is your phone! Sametime Voice
More informationAn Efficient NAT Traversal for SIP and Its Associated Media sessions
An Efficient NAT Traversal for SIP and Its Associated Media sessions Yun-Shuai Yu, Ce-Kuen Shieh, *Wen-Shyang Hwang, **Chien-Chan Hsu, **Che-Shiun Ho, **Ji-Feng Chiu Department of Electrical Engineering,
More information