The following example will probably clarify the issue we had last week regarding the alternative approaches to ALL IP solution. A system which is automatically provisioned with basic functions such as Internet access, registering SIP/VoIP accounts, and a setup for basic telephony should also provide Wi-Fi for guests and business partners.
It is no new that ISDN will soon be switched off. Up to what point the whole procedure is planned to be done is also well known. There will be no or almost no delay because the necessity on the part of the carriers is clearly articulated and mandatory. Companies are forced to take action sooner rather than later. Two possible solutions are available for the conversion to ALL IP.
It is time for a “new” network
Technically speaking, ISDN stands for Integrated Services Digital Network, from the user’s point of view, a long-standing, stable, and reliable communication network which standardizes a digital telecommunications network and unifies various services such as telephony, data, teletext or datex-P on one single network. Previously, each service required its own network and all networks were connected via gateways.
The term ALL IP means unifying and converting all currently existing transmission technologies in telecommunications networks on the basis of Internet Protocol (IP). Thus, services such as telephony, television and mobile communications will be provided by means of a uniform network protocol and no longer via the classical circuit switching. The switch to IP-based lines significantly reduces the complexity of networks while the number of operating network components decreases.
The migration from ISDN to ALL IP initially affects private and small business customer’s point-to-multipoint connections. Business customer’s that frequently used point-to-point connections (buzzword: SIP trunk) are expected to be switched off by Deutsche Telekom at around the time of CeBIT 2016 and alternative carriers are even one step ahead.
From the end of 2015 Deutsche Telekom offers its business partners up to eight parallel voice channels. Due to regulations, customers with more than ten phone numbers per basic ISDN connection currently have to apply for a second ALL IP connection in order to keep their phone numbers. Hence, it makes sense to actively develop an approach already in the run-up phase or to consider changing to another provider.
When evaluating which decision to take, one should consider how old the current operating PBX is, whether it is worth purchasing a new one, or whether the PBX has only been operating for a few years and it already supports VoIP. In the end a simple, economic cost-benefit analysis needs to be undertaken and an evaluation made.
Two options are available for the switch from ISDN to ALL IP
One solution is the migration of the already existing ISDN infrastructure by means of an ALL IP media gateway and the alternative is the replacement of the PBX by an ALL IP communication solution for both voice and data which can be integrated into the network infrastructure.
Teldat with its very long tradition in the telecommunication and IT market, provides both approaches: migration as well as the integration of an ALL IP communication solution. In our next blog entry we will look further into the available solutions for both approaches.
The requirements for connecting branches or company subsidiaries are not only a technical issue but are also substantially driven by costs. In order to keep up in a global environment chain, operators have to keep their costs low and ensure lean, fast processes. This means basically that branches and subsidiaries have to be managed and administrated centrally. An elementary part is the IT infrastructure connecting all users within the network securely, economically and without great effort.
Our daily data traffic on the Internet has reached dimensions which can hardly be put into numbers. For example, in June 2014, an average of 1.7 Tbit/s of data has been transmitted at the German DE-CIX (the largest Internet exchange point worldwide, situated in Frankfurt). Indeed, numerous transactions related to critical applications such as financial or personal data are conducted. Whether stock market transactions, online shopping or home banking, anyone who carries out such transactions counts implicitly that security, integrity and authenticity are guaranteed at any time.
For years, such processes and methods have been well established on the basis of deploying according technologies which permit to appropriately encrypt and secure data transmissions. Here, the use of SSL has become a quasi-standard.
However, it has also turned out that web server, NAS, gateways and routers, due to an implementation error are vulnerable, as sensitive data can be retrieved without being able to detect the spying of data as an attack. Furthermore, particularly worrying is that a variety of services which protect their data, typically via SSL/TLS, are affected. This also includes e-mails (POPS, IMAPS, SMTP with STARTTLS).
Anatomy of a “heart defect“
By looking closely at the problem, one realizes that the actual error is comparatively simple. In order to maintain a communication, so-called heart beats will be sent out between the communicating partners. In this process the sender transmits data (payload) to the receiver who in return sends the data back.
The problem, however, results from the fact that the receiver does not verify how much data has actually been sent. This means, if the sender “lies” and actually only sends one single byte but claims to send 16 Kbyte, the receiver responds willingly by sending back data from its random access memory. This results in phishing the random access memory of the remote station by the attacker.
If someone uses this procedure systematically and with high computing power, large quantities of credit card information and passwords can be gathered and spied upon. Furthermore, it was possible to get to the innermost part of servers in order to spy out the private key. The consequence would be that perfect imitations of servers can be placed on the Internet and the users won’t notice because they won’t get a warning message of faked certificates.
Is it possible for your data security to recover from a “heart attack”?
Users and people affected are in a rather uncertain situation. Concerning the systems to which we have access, we have to explore as soon as possible whether a serious threat exists. This can be carried out in cooperation with the corresponding manufacturer.
If this is the case, appropriate measures have to be taken quickly in order to update the affected systems. In this context, it is also advisable to replace the digital certificates and to declare already existing certificates as invalid, although this may “only” be a precaution. For services to which we do not have access, we have to rely on the respective service provider to ensure security as soon as possible. It only makes sense to change passwords, after the provider has renewed certificates.
Take security preventive measures
The use of Open Source and especially in this case of OpenSSL, shows how a fundamental and critical infrastructure on the Internet can crumble overnight.
When you look behind the scenes and see how many software engineers actually work full-time on the maintenance and development, it is indeed thought-provoking.
As a manufacturer, we also ask ourselves the question, which is the correct way into the future?.
In none of Teldat´s products are the software components mentioned above deployed. Nevertheless, we see it as part of our responsibility, towards our partners and clients, to keep developing our products continually and even more intensively.
AUTHOR: Bernd Büttner