Tag Archive for Telephony

| February 21, 2020
Comments Off on The Future for Avaya is Cloudy

The Future for Avaya is Cloudy

The Future for Avaya is CloudyBack in 2017 former telephony giant Avaya (AVYA) declared bankruptcy. Since then there has been a number of attempts to break up the firm. Extreme bought the Avaya network division in 2017. In 2019 there were rumors that Mitel was going to attempt a leveraged buyout of Avaya.

RingCentral will pay Avaya $500MEventually, Avaya made a deal with Unified Communications as a Service (UCaaS) vendor RingCentral (RNG) to save its bacon. With the deal, RingCentral will pay Avaya $500M and will be Avaya’s exclusive provider of UCaaS solutions. The two firms announced the “strategic partnership” in October 2019.

It’s February 2020 and the Avaya – RingCentral collaboration will start to show some results – next quarter. The beleaguered vendor announced at its Avaya Engage love-fest that beginning March 31, that in the U.S. the unimaginatively named Avaya Cloud Office by RingCentral (ACO) will be identical in features to the product RingCentral sells today. The rest of the world will have to wait – because RingCentral UCaaS is only available in seven countries.

additional Avaya features will creep into the offering through 2020It is reported that a few additional Avaya features will creep into the offering through 2020. The first two are targeted for release this summer are bridged appearance, and call park and page. Bridged appearance lets two desk phones maintain separate and shared lines, a feature typically used between assistants and their bosses. With call park and page, when a person places a call on hold, the system will automatically send a page to another department or user to pick up the call. The feature is particularly useful to retailers.

Towards the end of 2020 or later, the vendor expects to deliver features that include line appearance, call appearance, hotdesking, and support for the venerable Avaya Audix voicemail service.

Initially, Avaya Cloud Office by RingCentral will only work with three models of Avaya’s J series desk phones: 139, 169, and 179. Avaya will work with RingCentral to certify B series conference room phones, L series headsets and the CU360 video conferencing system. However, most IP Office customers are likely using older devices, given that Avaya launched the J series only one year ago.

Avaya is also developing software to automate the process of migrating settings and users from its legacy gear to the cloud, although that tool won’t be available until later in 2020.

rb-

No Jitter points out that faced with the threat of its large installed base that goes back to legacy Nortel platforms, dumping Avaya – Avaya needed to do something.

To me this looks more like a win for RingCentral. For a relatively small investment ($500M on a market capitalization of $10.5B), RingCentral becomes the preferred UCaaS provider for the large Avaya installed base (100M+ seats) likely planning on a move to the cloud. Meanwhile, Avaya picks up a fully developed UCaaS to sell – if it can execute. Which has been its problem all along.

Can Avaya hold on long enough to develop the promised automation tools move complicated things like CMS to a cloud interface? – we will see.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 15, 2017
Comments Off on Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hubbub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how the public phone system talks to itself to complete a phone call.

Signaling System 7 is a standard that defines how the public phone system talks to itself to complete a phone call.The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

How hackers get in

According to ars Technica, the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyberattacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up a call and SMS forwarding.

Two-factor authentication

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

The end of 2FA?

Cris Thomas, a strategist at Tenable Network Security warns in the article:

While this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cybersecurity researchers began issuing warnings about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake-up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

SS7 allows voice networks to interoperate

a man-in-the-middle attack In 2014 security researchers first demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use  This technology has not kept up with modern times.  In May 2017, Wired published an article that explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course, the TLA’s would never use this “flaw” in SS7 to spy on us.

What can you do?

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticanThey recommend for text messages, avoiding SMS instead of using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data and not through the voice network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allows secure voice communications.

Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
| January 14, 2014
Comments Off on BYOD Obsoletes PBX

BYOD Obsoletes PBX

BYOD Obsoletes PBXFierceMobileIT noted a new study from RingCentral, a provider of cloud business communications systems, which claims BYOD is now threatening the traditional business phone systems. The survey of 309 professionals within organizations who make purchasing decisions on phone systems found that personal mobile devices are so prevalent in the workplace that they are rendering traditional business phone systems obsolete.

cloud business communications systemsAccording to FierceMobileIT, the survey’s key findings:

  • Half of the respondents use mobile phones even while sitting at their desk, with a traditional desk phone in front of them
  • 88 percent of employees use their mobile phones for work purposes while on personal time, including evenings, breaks, weekends, and vacations
  • 70 percent of respondents believe office phones will eventually be replaced by mobile phones – Millennial workers are especially likely to believe this is true

RingCentral President David Berman told the author he believes that the new wave of employee-owned mobile devices is better than a premise-based phone system.

Mobile devices are turning into true business tools and are transforming the workplace as a whole, from shifting traditional business hours to changing how employees interact via voice, video, text and other business applications. We believe that all these changes are making legacy on-premise phone systems obsolete as they do not meet modern business needs

Praful Shah, RingCentral’s VP of strategy, told FierceMobileIT that his firm has seen a “tremendous behavior change going on with BYOD.” Asked what stood out in the research to him, he says it was the degree to which employees are using their personal devices to do work. He assumed the practice to be popular, but not to the degree the survey revealed. VP Shah noted;

Eighty-eight percent of employees are using mobile phones in their personal time for work. That is a phenomenally high percentage

The result is a shift in what physical telephones organizations will need to purchase. But it will also impact the need to provide applications that enable the employee to use multiple email and telephone accounts on the device, to keep private life and professional life separate when necessary.

rb-

This study is from a firm that sells a competitive product to on-premise PBX, so they are spreading FUD for their benefit. Firms considering cloud-based services should do due diligence and question how these cloud-based service providers are going to protect their data from government spying or it disappearing with little or no notice.

Additionally firm needs to protect its own data. They need a way to protect their data on an employee’s phone. That could include the ability to completely wipe the firms and the user’s data from the phone.  I wrote about how BYOD can land an employee in jail here.

 

Workforce Mobility infographic RingCentral

 

Related articles
  • The Top 5 Business PBX Providers for Q4 2013, as Ranked by Voip-Info.org (virtual-strategy.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| July 5, 2008
Comments Off on Converting from Centrex to a PBX

Converting from Centrex to a PBX

Converting from Centrex to a PBXSomething to be aware of as you plan a migration from Centrex to PBX or VoIP. There is a potential that if the customer does not use the phone system that the LEC sells, the LEC may charge the customer for the in-house wiring.  There have been cases where the LEC was seeking over $100,000 for the wiring after the customer switched.

Cable plant

In some areas, regulators have allowed the LEC to carry some OSP (Outside Plant Cables) on the regulated side of the books so some projected accounting value minus the depreciation would need to be recovered by the LEC if the customer were to leave the LEC. OSP has a life expectancy of 25 years or more, especially in environmentally protected locations such as equipment rooms.

A general rule of thumb is if the cable is black jacketed it is OSP. If the cable is gray or beige it is Inside Wire or cable such as riser. In some states, at the time of the ATT break up and thereafter black jacketed cable is still carried on the LEC’s books while the gray jacket is expensed. However, the customer should talk to the LEC OSPE (Outside Plant Engineer) as soon as possible to determine your specific situation.

The OSPE may want the customer to buy the risers and black jacket, which may include a 50-year-old black jacket, a mixture of Paper & Lead (a method of insulating conductors using paper pulp and covering in a lead jacket) as well as more current PIC (Plastic Insulated Cable).

An option would be to rebuild the complex. This option could be less expensive and easier than negotiating with the OSPE to take over 50 years of infrastructure.  Infrastructure which will never support any modern high-speed services.

Rebuilding the infrastructure also provides an opportunity to turn the tables on the LEC. With their own infrastructure, it is possible for the Owner to tell the LEC to vacate the building since they no longer provide service beyond the MDF. Maybe this is your opportunity to link the buildings with fiber and replace older copper while it is in good shape (having been inside most of its life).

Another tactic would be to convince the Telco into certifying that they had “abandoned the cable in place.” If the LEC has installed the infrastructure, and if they want to claim ownership of the cable then they would be responsible for removing the cable as is required by state/local building codes. In many areas, if a cable is not terminated on both ends then it is considered to be abandoned and must be removed. Removing cable is almost as expensive as installing it.

PBX Circuit sales

Another advantage Owners may have is that the LEC is the Centrex provider. A PBX deployment still represents an opportunity for DS-1, DS-3, and trunks sale. Another lever would be to keep a small Centrex as a backup, as part of a business continuity plan as well as ISDN services to remote locations.

One consideration is that when taking over the cable plant the LEC will have to deal with the fact that there may be customers within the facilities that were not part of the enterprise and which were customers of the LEC. We ended up having to sign a “Shared Sheath” or condominium agreement with the owner. The condominium agreement will let the LEC support their customers on the Owners riser system. The Owner will have to provide a technician to help the LEC in mapping out cable pathways for their customers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| April 22, 2005
Comments Off on IP PBX to VoIP Network Interface Specified

IP PBX to VoIP Network Interface Specified

IP PBX to VoIP Network Interface SpecifiedA draft document that proposes a series of best practices to optimize the interconnection and interop between IP PBX‘s and VoIP service providers has been proposed by Cbeyond with support from Cisco (CSCO) and Avaya among others

Charlotte Wolter, IP PBX to VoIP Network Interface Specified, Phone+, April 2005, p.48.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,