PSTN: Switching and Signaling

As the PSTN’s global reach and capabilities become more extensive, signaling became the most significant security concern within the PSTN. In its early days, signaling was no more complicated than taking the phone off-hook to let an operator know you wanted to make a call. Dialing gradually became more automatic, first for operators, then later for subscribers. Today’s direct-dial networks, VoIP gateways, and myriad protocols only serve to increase the complexities and risks when it comes to signaling.
Electromechanical automated switching equipment first appeared in 1891 following Almon Strowger’s patented Step by Step (SXS) system, although Bell System resistance to it would postpone its adoption for decades. The classic rotary dial phone was another Strowger invention that was finally adopted by the Bell System in 1919 along with SXS switches. Yet it would take until 1938 for Western Electric (the equipment R&D arm of the Bell system) to develop a superior automatic switching system, namely the crossbar switch. And not until the 1950s did Bell Labs embark on a computer-controlled switch project, but the 101 ESS PBX that resulted in 1963 was only partially digital. Also introduced that year was the T1 circuit and Touch Tones, the Dual-Tone Multi-Frequency (DTMF) dialing scheme that is still with us today. Despite the fact that switching itself was analog, digital T1 circuits quickly replaced analog backbone toll circuits and most analog CO interconnect trunks. By 1965 Bell had released the first central office switch with computerized stored program control, the 1ESS that offered new features like speed dialing and call forwarding. Yet the 1ESS was still an analog switch at its core. Thanks to T1 “robbed bit” signaling, however, all signaling was out of band, at least from the phone phreaker’s perspective.
Insiders suggest that AT&T was prepared to postpone true digital switching until the 1990s, but Northern Telecom changed their plans with the DMS-10 all-digital switch, introduced in the late 1970s. The need for an all-digital AT&T alternative drove development of the 5ESS and accelerated implementation of ISDN. Today, the most common Class 5 (central office) switches in North America are the Nortel DMS-100 and Lucent 5ESS, running ITU-T Signaling System Number 7 (SS7) with full ISDN support.
The Class 5 switch is the first point where we can find the full suite of telephone services being handled in one place as part of the Intelligent Network model. A typical Class 5 can handle operator services, call waiting, long distance, ISDN, and other data services. The Class 5 will have tables that are queried for every service and will send the appropriate request to the right place. For instance, when you pick up the phone in your house to make a long distance phone call, the Class 5 switch detects the line is open and provides a timeslot in the switch for your call (this is when you hear the dial tone), then based on the buttons pushed (dialed) the switch will send the call either to the local carrier or to the long distance provider. If you dial a long distance call from a provider who is not your local provider, the switch will deliver the request to the closest switch that handles calls for that particular carrier. Class 5 switches act on demand (i.e., they set up, sustain, and tear down connections as needed). This helps to reduce the amount of traffic over the lines when not needed, thus expanding the overall capacity of the system. These switches are a real workhorse for telephone companies (LECs, CLECs, and even IXCs, though they can use a Class 4 switch in most cases). A Class 5 switch can handle thousands of connections per minute.

The Intelligent Network (IN), Private Integrated Services, ISDN, and QSIG

The model drawn up in the 1980s and 1990s for advanced network functionality is called the Intelligent Network (IN). Services such as 8XX-number lookups as well as Calling Cards, Private Integrated Services Network (PISNs), and many other advanced services are all made possible through SS7, ISDN, and IN capabilities. PISNs are geographically disparate networks that are connected via leased lines that allow for enhanced services such as multivendor PBX deployments, Voice VPNs (don’t get these confused with data VPNs, they are a true private network for voice, just like that provided by a PBX), and even certain kinds of VoIP. A Private Integrated service Network Exchange (PINX) lives within a PISN. Another application is integration with the QSIG protocol, which allows PBX products from other vendors be able to be used transparently to integrate all voice networks.
QSIG (a Q.931 ISDN extension) as a protocol has been around since the early to mid 1990s. But QSIG can be used to integrate systems even without ISDN. QSIG also leverages DPNSS, which was developed prior to when the final QSIG protocol was agreed upon. Not used much in U.S. networks, DPNSS had much of its life in the United Kingdom. Modern networks are using QSIG as the means to interconnect voice channels between PBXs while preserving critical information about caller and call state in the process.
ISDN is a common-channel signaling (CCS) solution that works with media or data traveling down one pair of wires while signaling control is handled over another. Remembering back to our earlier discussions of the channels of 64 kbps in size, a typical ISDN will hold 23 bearer (B) channels that carry voice and data and one data (D) channel that carries signaling information. All channels are 64kbps, so we have 24, 64-kbps channels totaling 1536 Mbps, or equivalent to a T1 and 30 B channels plus a D channel on an E-1, but in each case we lose one channel for signaling. Not only was distance from the central office a new issue with ISDN trunks, but the customer also had to implement new equipment. This Customer Premise Equipment (CPE) required ISDN terminators in order to access the network. Today the use of ISDN in the provisioning and delivery of broadband Internet access via DSL and cable services keep pricing competitive and affordable. Besides its use in the DSL services, ISDN still has an active share in providing redundant and emergency data network access to critical servers and services when higher speed lines or primary access has been disrupted.
Over the last 100 years, signaling has moved from operator-assisted modes to loop and disconnect modes, from single frequency to multifrequency signaling, and now to common channel signaling using the ISDN signaling channel.

ITU-T Signaling System Number 7 (SS7)

SS7 (or C7) is an ITU-T (formerly CCITT) standard that defines how equipment in the PSTN digitally exchange data regarding call setup and routing. Other ITU-T signaling systems are still in use throughout the world, particularly:
  • ITU-T 4, Channel-Associated Signaling (CAS) with a 2VF (voice frequency) code in the voice band and a 2040/2400 Hz supervisory tone
  • ITU-T 5 CAS with 2VF and a 2400/2600 Hz supervisory tone, plus inter-register codes with Multi-Frequency (MF) tones
  • ITU-T [5] R2 is a revision of ITU-T 5 but uses different frequencies
What sets SS7 apart above all is the fact that it is Common Channel Signaling (CCS), not CAS like its predecessors. Throughout the telecommunications industry the SS7 can be used for call session setup, management and tear down, call forwarding, caller identification information, toll free, LNP, and other service as implemented by carriers. Information passed through SS7 networks are communicated completely out of band meaning that signaling and media do not travel down the same path. The SS7 was loosely designed around the OSI 7-layer model. Figure 1 illustrates their basic similarities.

Figure 1: Basic OSI and SS7 Stacks
Message Transfer Parts 1, 2, and 3 (MTP)
MTP level 1 is much the same as the Physical layer (1) of the OSI. Here the electrical and physical characteristics of the digital signaling are addressed. The physical interfaces defined here are those such as our previously discussed DS0 and T1. MTP level 2 aligns with the Data Link layer of the OSI. MTP level 2 takes care of making sure transmissions are accurate from end to end, just like the Data Link layer issues such as flow control and error checking are handled in the MTP level 2 area. MTP level 3 aligns itself with the Network layer of the OSI. MTP level 3 reroutes calls away from failed links and controls signaling when congestion is present.
Telephone User Part (TUP)
This is an analog system component. Prior to digital signaling the TUP was used to set up and tear down calls. Today most countries are using the ISDN User Part (ISUP) to handle this requirement.
ISDN User Part (ISUP)
Most countries are using ISUP to handle basic call components. ISUP works by defining the protocols used to manage calls between calling and called parties.
Automatic Number Identification (ANI), or—when it’s passed on to a subscriber, known as Calling Party Identification Presentation (CLIP)—caller ID is passed to the PSTN (or back again) through ISDN trunks and displays the calling party’s telephone number at the called party’s telephone set during the ring cycle. ANI is used for all Custom Local Area Signaling Services (CLASS) such as custom ringing, selective call forwarding, call blocking, and so on.
Signaling Connection Control Part (SCCP)
The SCCP is used mainly for translating 800, calling card, and mobile telephone numbers into a set single point destination code.
Transaction Capabilities Applications Part (TCAP)
TCAP supports the passing and exchange of data within noncircuit-related communications. An example of noncircuit-related data is authentication of a user to a calling card plan.
Communication within an SS7 network and its equipment are called signaling points, of which there are three; Service Switching Points (SSP), Service Transfer Points (STP), and Service Control Points (SCP).
Service Switching Points (SSPs) are the primary calling switches; they set up, manage, and terminate calls. When calls need to be routed outside of the SSP’s trunk group a request may be sent to a Service Control Point (SCP), which is a database that responds to queries and sends routing information to requesting switches that delivery the appropriate route for the type of call placed. A Service Transport Point (STP) is a packet switch that forwards messages down the appropriate link depending on the information contained within the packet.
Figure 1 shows basic OSI and SS7 stacks. Links between the SS7 network are broken down into six different types, lettered A through F. Figure 2 illustrates a typical SS7 network topology with specific link type labeled. Table 1 describes each link.

Figure 2: An SS7 Network Topology and Link Types

Table 1 : SS7 Network Links 
Link Name
Connects signal endpoints to an STP
Connects peering STPs
Connects STPs into pairs to improve reliability
Essentially same as B
Used if A links are not available
Fully Associated
Direct connection of two endpoints (SSPs)
SS7 can also be run on IP networks using SCTP, using a slightly different stack that includes SCTP transport (instead of TCP or UDP).
SS7 has important security considerations, particularly between carriers where misconfigured implementations with unverified data can open the door to large scale fraud and other risks. The bottom line is that SS7 is a peer-to-peer protocol that may be out-of-band for phone phreaks, but carries significant risk from other sources, especially if it’s running unencrypted over IP through SIGTRAN (SCTP).


PSTN: Signal Transmission

In the old days, the path an analog voice signal took from your phone to the CO switch (or switchboard) was simple. With the appropriate cross-connects, each local loop was half of the analog circuit required for a phone conversation, and the switch (or operator) simply connected you with a calling or called party that represented the other half of that circuit. Although loading coils might have been used to reduce signal attenuation on the circuit, no amplification or signal processing was used.

Since Bell’s original invention, several improvements had been added. Common battery from the CO with a separate return path instead of the earth eliminated the need for a battery in each phone and made the phone less noisy. Ringing was accomplished through magnetos, first added to the phones themselves and later pulled in to the CO and standardized as 90 Volts of Alternating Current (AC)—all other phone/PSTN functions on the line use Direct Current (DC). And eventually, automated electromechanical switching eliminated much of the need for an operator within the PSTN.
Still, analog transmission and switching had their limits. Until 1915, it wasn’t possible to go much further than 1,500 miles on an analog long-distance circuit. And even when that limit was broken thanks to the vacuum-tube amplifier, these long-distance calls were very noisy. Radio telephony overseas and to ships further expanded the reach of analog telephony in 1927. And Frequency Division Multiplexing techniques were developed in the late 1930s that allowed many calls to pass over a single voice circuit by using frequency shifting techniques equivalent to those used by FM radio. Each 4 kHz band of voice conversation would be shifted up or down to a specific slot, allowing many calls to be carried simultaneously over a single coaxial cable or radio interface. By the 1950s, 79% of the inner-city CO trunks in the United States were using FDM. But even the microwave systems in use since the 1950s were analog systems.

T1 Transmission: Digital Time Division Multiplexing

Even though Alec Reeves of Britain had developed Pulse Code Modulation (PCM) techniques in 1937 for digitizing audio signals, and Bell labs had invented the transistor in 1948, which was required for the large-scale implementation of digital techniques, it would take more than a decade to make digital transmission a reality (and longer still before the advent of digital switching could make the full signal path digital outside the local loop). 1963 brought the introduction of the T1 or Transmission One digital carrier using revolutionary signal manipulation techniques that would forever change telephony.
Unlike all previous carriers, the T1 started in an all-digital format, meaning that it was structured as a series of bits (193 per frame to be exact, 8 bits per channel, 24 channels, plus the framing bit—moving at the rate of 8,000 frames, or 1,544 Megabits per second) that by design could be completely regenerated again without data loss over long distances (see Figures 1 and 2). This provides a 64-kilobit-per-second digital bitstream for each of the 24 channels, using Time Division Multiplexing (TDM).

Figure 1: A T1 Frame*
* Eight bits in each channel capture a 125µs slice of each associated analog audio signal.

Figure 2: Time Division Multiplexing
TDM as introduced in the T1 is the multiplexing workhorse of the telecommunications world and will be the base multiplexing environment for the rest of our discussion of the PSTN. Yet for the T1 to be successful, it is just as important to have a foolproof way of converting an analog signal to digital bits that would make or break the new form of digital transmission. This is the job of a codec. Although today in the era of digital media we take for granted the engineering required to create the first effective PCM codec—now commonly known as G.711—it was no small feat in its day. Yet, even today as debate rages over what codec is best to use for VoIP, G.711 is still considered the “toll quality” standard that others must beat, and is especially good at preserving modem and FAX signals that low-bandwidth codecs can break.
Although we’re not going to do a deep dive on digital/analog conversion here, it is worth pointing out that slight differences between U.S. and European standards will mean that some conversion needs to take place even within a standard G.711-encoded channel in order for that channel to move from a T1 to an E1 or vice versa. Specifically, slight differences in PCM encoding algorithm (µ-law vs. A-law) may require conversion when voice or VoIP streams cross international boundaries. Of course, on a data circuit, that conversion is not going to happen automatically (if it did, it would scramble the data). But it can cause problems across a VoIP if you’re not careful.
Similarly, when using a T1 circuit for data, it’s important to make sure the circuit is properly configured since some signaling modes can use what’s called “robbed-bit” signaling, which is fine for circuit-based voice but will corrupt data running on it. For this reason, only 56K of the 64K channel could be used for data on early data circuits. Today, clear channel data can be provisioned that uses a full 64K channel.
Back to the codec issue, however. It’s worth pointing out that very complex trade-offs exist in codec selection and they’re not as simple as quality vs. bandwidth. Some codecs require much more processing, others work poorly with modems, faxes, and other nonvoice applications (particularly low bandwidth codecs: it’s not hard to imagine the problems inherent with sending a 56 Kbps modem signal through a 4Kbps voice-optimized codec. Even the best compression algorithms would struggle to represent that much information in so few bits, not to mention the inherent distortion present in D/A-A/D conversion.
Starting with the introduction of the T1, timing became an important consideration for the PSTN. Digital circuits like the T1 must be plesiochronous, meaning that their bit rate must vary only within a fairly limited range or other problems can be created within the PSTN. In comparison, analog circuits are completely asynchronous. This requirement has forced a hierarchy of master clocks to be incorporated into its infrastructure.
With the advent of SONET, a fully synchronous solution to the timing problem has arrived, along with massive bandwidth that can be further enhanced with Wavelength Division Multiplexing (WDM—basically the use of different colored light on a single optical fiber to increase capacity). Pointers and bit-stuffing in SONET and SDH are used to minimize the impact of clock drift between digital circuits, though the advent of VoIP has created some challenges because VoIP is asynchronous. VoIP is also a packet technology (since it runs on packet networks), so it is subject to variations in latency and jitter and packet loss that are simply not significant issues in circuit networks because timeslots are guaranteed. On the other hand, the PSTN’s circuit network is far less efficient overall than any packet network because of the excess capacity it reserves.
As T1 and other digital trunks were deployed in the PSTN, digitized voice services in 64Kbps increments, each called a Digital Signal 0 (DS0) —became the basic switchable unit of the PSTN. A single DS0 is a 64Kbps channel equivalent to an analog line converted to digital via G.711. With the advent of TDM-based digital switching, the DS0s were aggregated by digital access and cross-connect systems (DACS) for transport or presentation to the switch via DS1 (1.5 Mbps) or DS3 (45 Mbps) interfaces. These digital switches communicate over T1 and other digital trunks to access and toll tandem switches, sending calls across the telephone network to destination switches. The DS0 voice channels are then split back out to their original 64Kbps state and converted back to analog signals sent onward to the destination local loop.
In fact, there is now a full hierarchy to the T carrier system in North American and the E carrier system in Europe (as well as the more recent SONET/SDH optical carrier system). Aggregation of voice and data channels at many levels can take place, and knowing how these systems can interact is essential. Table 4.1 roughly defines the capacity and equivalency of the various North American, Japanese, and European digital signal hierarchies in a single chart. I’ve never been able to find this information in one place, so I created a single chart to cover the whole range of PSTN transport solutions in use today.
In Table 1, dark bands are for the circuits most commonly provisioned for business customers. Bolded items are used most commonly in wide area networks overall. Note: Although SONET and SDH are directly equivalent to each other, the process of mapping between them and their T or E-carrier counterparts requires the use of SONET Virtual Tributaries (VTs) and Virtual Tributary Groups (VTGs) or SDH Virtual Containers (VCs).
Table 1: Digital Signal Hierarchy (North America and Europe)
As you can see from Table 1, 24 DS0 channels make up a T1 circuit, 28 T1 circuits make up a T3 or OC-1 link, and so forth. An OC-12 link can support up to 7936 DS0 channels if it’s broken out into E4 circuits or 8064 if it’s broken out by T3 circuits through a DACS or Add Drop Multiplexer (ADM). 10 Gigabit Ethernet can run over an OC-192 SONET ring, and so on. These mappings are essential to understanding capacities for Internet access circuits as well when sizing for VoIP, since upper limits on Speed (left column) cannot be physically exceeded (note that actual throughput will be at least 10% lower because of overhead).
Perhaps you have ordered and provisioned a voice or data T1 for your company or clients. Have you ever thought why only one voice T1 is needed for a company of 100 employees with a PBX, knowing that only 24 channels can be used at any one time? The answer is that not everyone will be on the phone, receiving a fax, or otherwise using an available channel at once. Normally you can count on a six-to-ten ratio when calculating how many DS0s are needed. Those in the sales and service industry may go as low as four-to-one because they are on the phone more and need higher channel availability. Even with VoIP, sizing access circuits is important, since there are hard limits on the amount of data that can be pushed through that circuit network, even if the number of channels isn’t so important. Less bandwidth might be required if G.729 was used in place of G.711, but more would be required if the link also supported Internet access, especially if Quality of Service (QoS) limitations weren’t set up on the corresponding routers.
In Figure 3 we see that the DACS can be used to combine a wide variety of digital signal inputs and present them through a single interface to the next hop, which might be a switch, SONET multiplexing equipment, enterprise routing equipment, or something else. Keep in mind that although both voice and data traffic of any flavor can run over SONET, timing requirements won’t allow something like a T1 to run over something asynchronous like Gigabit Ethernet.

Figure 3: DACS Channel Aggregation
T1 links in particular have a lot of nuances not discussed here in detail, from different framing and superframing formats like D4 and Extended Super Frame (ESF) to special line coding like Bipolar 8 Zero Substitution (B8ZS) used to ensure byte synchronization without losing data or bandwidth.
Other framing considerations come into play for different digital carriers such as E1, T2, T3, STS-1, STM-2, and so on. There are excellent books on the topic for those that need more details, but in general none of these formatting issues require any security consideration.

PSTN: Outside Plant

The original premise behind the telephone exchange or Central Office (CO) was to run only one wire or set of wires into each house and have a centrally located facility for switching connections via operator (or automated equipment). Even though new homes today may see six or more wire pairs, plus a coaxial cable for broadband cable television, the basic principle remains the same: each line to the customer forms a loop that passes through to the CO.
The collection of cabling and facilities that support all local loops outside the CO (or “wire center”) is known as the “loop distribution plant” and is owned by the Local Exchange Carrier (LEC). It starts out from the CO in a large underground cable vault with primary feeder cable (F1) to reach out over copper (or fiber) to the Serving Area Interface (SAI) for that area (look for a large grey or green box with doors mounted on a concrete pedestal in most areas of the United States). F1 cable is typically 600 to 2000 or more pairs and usually must be buried because of its weight (although fiber-optic F1 cable can be aerial if needed). It often is armored or pressurized and generally is enclosed in a concrete trench all the way to the CO, with manholes or other access points at least every 750 feet to allow for installation of repeaters (for digital trunks like the T1), loading coils, and other necessary equipment. In most of the world, the LEC is able to keep F1 and SAI fairly secure through physical locks, alarms, and so on.
At the SAI, F1 feeds are cross-connected to secondary feeder cable (F2) that goes out over copper underground to pedestal boxes where the distribution cable is split out or on poles to aerial drop splitters. Subscriber drop wires are then cross-connected to the F2 at that point. In rural areas, even lower-level cable facilities (F3, F4, F5) may exist before a drop wire is terminated. A box is installed where the drop wire is terminated outside the subscriber’s premises and this box is considered the demarcation point for the LEC. All wiring from there to the CO is the responsibility of the LEC, and from there to the phone devices themselves is the subscriber’s responsibility (or that of the landlord). Physical security of that inside wiring—particularly in shared facilities—can be an issue in some cases. And F2 or lower feeds and pedestals are not well secured in general (and present the biggest opportunity to an eavesdropper).
Where growth or other planning challenges have exhausted the supply of F1 or F2 pairs, it’s sometimes necessary for the LEC to install Remote Terminal (RT) equipment (sometimes called “pair gain” systems) that can multiplex multiple local loops on to a digital T-carrier (using Time-Division Multiplexing (TDM) over a 4-wire copper or pair of fiber-optic cables), or via older Frequency-Division Multiplexing (FDM) systems. RT units generally are locked and alarmed, however. And it is much more difficult to eavesdrop on a digital trunk (such as a T-carrier) or FDM system because of the costly equipment required. Figure 1 shows a diagram of a central office equipped with outside distribution plant (ODP).

Figure 1: The Central Office with ODP*
* This classic example assumes no fiber is in use to these SAIs within the CO (see SONET example in Figure 2).
In addition to the loop distribution plant, the LEC will have outside plant for trunking between central offices, and the LEC and other Inter-exchange Carriers (IXCs) will have outside plant for long distance connections between COs and other switching centers such as toll centers. And the LEC or other Competitive Local Exchange Carriers (CLECs) may run fiber for SONET (or SDH) rings (see Figure 2).

Figure 2: A Modern SONET Ring Example
The diagram in Figure 2 shows that by using path diversity for fiber-optic routes along with SONET rings with Add-Drop Multiplexers, several self-healing SONET rings provide F1 and some F2 subscriber loop feeds as well as trunking between two central offices. Large business customers can also connect to this SONET ring for high-capacity voice and data services if they are located close enough to the buried fiber.


PSTN: What Is It, and How Does It Work?

Today, the PSTN is the most broadly interconnected communications system in the world, and is likely to remain so for at least another decade or more. For voice, it has no equal. VoIP services like Skype have banked on this fact; their business model depends on a steady flow of PSTN interconnect charges. But the PSTN provides FAX, data, telex, video, and hundreds of other multimedia services as well. And for many decades, the PSTN has enjoyed a universal numbering scheme called E.164. When you see a number that begins with “+” and a country code, you are seeing an E.164 number. In most of the world, connectivity to the PSTN is considered as essential as electricity or running water. Even the Internet itself depends on the PSTN to deliver dedicated access circuits as well as dial-up.
In the early days following Bell’s invention, wired communications at its most advanced meant two (or more) devices sharing a single iron wire, whether you were using a telegraph or telephone. A grounded wire to earth completed the circuit running between phones, each with its own battery to generate the current necessary to transmit. It was noisy and lines couldn’t run very far, and it would be many decades before it could truly be called a global network, much less a national one.
To fully define today’s PSTN, we’ll need to focus on several areas in turn. First, the physical “cable plant” required for signal distribution, from twisted-pair copper and coaxial electric to the latest fiber-optic cabling. Second, its signal transmission models, combining analog and digital signal processing and transmission over electrical, optical, and radio interfaces. This directly affects the kinds of content it can carry. Third, the increasing sophistication of associated signaling (control) protocols and “intelligent network” design introduced with the Integrated Services Digital Network (ISDN). And finally, its associated operational and regulatory infrastructure on international, national, state, and local levels


Frequently Asked Questions | Hardware Infrastructure

Q: How is a PBX different from a switch in a telephone central office?
A: In many ways, the two switches serve the same basic function, but with differnt target customers. PBX systems are usually smaller-scale systems with more enterprise-specific feature functionality, and tend to interconnect a larger percentage of digital and IP phones than a PSTN switch would.

Q: Do I need an analog PBX to use an analog phone or trunk? Or a digital PBX to use a digital phone or trunk?
A: No, a digital PBX or VoIP gateway can handle analog lines and trunks just fine. These signals are converted to digital signals before bing switched on a digital PBX’s Time Division Multiplexing (TDM) bus or Gateway VoIP media stream. A digital phone does require a digital PBX, but digital trunks can be split out on a channel bank for an analog switch if the signaling also is converted to an analog format.

Q: Where do the names “ring” and “tip” come from? What do they mean?
A: In the old days of telephones, operators connected calls using quarter-inch phone plugs (the same plugs that later were used with stereo headphones before the mini-phone plug became commonplace). The tip of the plug was the positive side of the circuit. The ring (or slip-ring) was a conductive circle around the plug above the tip and was the negative side of the ciruit. Sometimes another conductor was present on the plug after the ring—this was called the sleeve.

Q: What does “codec” mean, and what common codecs should I consider using? Is any kind of codec more secure than another?
A: Codec is short for COder/DECoder (and in more modern usage, COmpressor-DECompressor—though the first PCM codec was not compressed). In audio, a codec like the name implies, compresses audio before transmitting it, and decompresses the received audio. This helps pack more traffic in the same bandwidth. G.711 is standard PCM encoding, G.721 uses Adaptive Differential PCM (ADPCM) to cut the bandwidth required in half, and G.729 can compress a 64 kbps speech channeld down to 8 kbps, but with significant loss of quality (and it won’t work for fax or data connections). In general, your choice of codec will not affect the security of your VoIP system one way or the other.

Q: Why do regular firewalls have so many problems with VoIP traffic?
A: There are several reasons for this. First, VoIP packets have three characteristics that make traversal more difficult: separate signaling streams from media streams, broad ranges of port numbers for media, and embedded IP addresses. Second, VoIP standards are always changing and firewall vendors have a hard time keeping up. Finally, VoIP packets are real-time by nature and firewalls aren’t friendly to real-time packets under load.

Q: What is a WEP initialization vector and how is it used? Why is it not enough to protect me?
A: WEP is a stream cipher, which uses a value known as an initialization vector to ensure every signal is a unique signal, despite being encrypted by the same key.

Q: WEP’s fatal flaw is that its IVs are too short, and duplication occursCan I use WPA2 with any access point?
A: Most access points, but not all, now support WPA2 encryption. To be sure, consult the manual that came with your router (or they can usually be downloaded from the manufacturer’s site) and look up the encryption they support. Some routers can be upgraded by uploading a special firmware to the device. Check the manufacturer’s Web site, just to be sure.

Q: Can I run my own RADIUS server?
A: RADIUS, which stands for Remote Authentication Dial in User Service, has many free implementations for Linux and other operating systems. For a typical list of commercial and open source options, visit the VoIP-Info wiki at

Q: What are some of the security concerns involved with using the popular instant messaging clients?
A: The same vulnerabilities that exist on the desktop are found in IM clients. This includes man-in-the-middle attacks, keylogging, and even audio capture and reconstruction with freely available tools on the Internet. And just as we’ve seen in the operating system world, the more widespread an IM client becomes, the more attractive a target it is to the hacking community.


Solutions Fast Track | Hardware Infrastructure

Traditional PBX Systems
  • Know the PBX architecture model: PSTN over trunks to PBX (or gateway) to lines connecting stations and other devices. VoIP solutions may not be as far away from this architecture as you think and you need to understand the architecture to assess risk.
  • Features are the value-add for a PBX; the way your organization uses them will either add risks or mitigate risks. Know your features.
  • Change the default settings. Most PBX or adjunct systems that are compromised are exploited by weak or default passwords
  • Make backups! Keeping up-to-date backups of your phone system are just as important as it is on your computer network.
  • Audit your security! PBX systems often are overlooked when security is considered, especially if it’s not in the budget. That can change quickly after a weekend of toll fraud that can create a bill of $100K or more in international long-distance charges.
PBX Alternatives
  • Key Telephone Systems, Centrex, IP Centrex, and Host IP solutions are alternatives to PBX systems that send more of the switching intelligence offsite.
  • These alternatives can simplify deployment and security considerations but at the cost of flexibility and overall capability.
VoIP Telephony and Infrastructure
  • Huge differences exist between media servers and media gateways from different vendors. Know what class of device your organization plans to deploy so you can help develop an appropriate risk profile and mitigation plan.
  • Boundary traversal for VoIP will require special attention and can be handled through proxies or application-layer gateways within firewalls.
  • Enable WPA2 security on wireless access points and VoIP devices and consider 802.1x authentication. These devices will not have encryption or authentication turned on by default and you will need to set up supporting infrastructure.
  • Make sure you’ve got enough raw power, cooling, and UPS systems in place to safe guard mission-critical systems. Don’t forget that availability is a security concern!
Related Posts with Thumbnails

Link Exchange