info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - VOIP Services - Good and Ugly

9/15/2017

 

Google VoiceGoogle Voice is passable, and their services were easy to get good call quality, but I would not call it reliable. Many dropped calls.I would not try to run a business with Google Voice.

 

VOIP Services - The good and the ugly



What you need to know about VOIP services, service providers. Which services are good, and which you should avoid like the plague.

Also some brief things you should know about the Equifax breach.

MP3 - VOIP Services - Good and ugly

 
 

 

VOIP Services

This show is about understanding VOIP services, and which service providers have good services, versus which ones have horrible services that should be avoided.
 

Equifax Breach - what you need to know

  • Use a service that puts a credit lock on all three credit reporting bureaus if possible
  • Transunion's service is ~$20/mo and the least annoying of the big three bureaus
  • Azure credits are more hassle than they are worth to deal with. The discount is not enough to compensate you for the problems associated with dealing with them.

http://newstarget.com/2017-09-12-how-to-check-if-your-credit-information-was-stolen-by-hackers-who-broke-into-equifax-143-million-u-s-people-affected.html

Use this next URL to check if you were included in the breach.

https://www.equifaxsecurity2017.com/potential-impact/

Since over 50% of the population was included in the breach, you need to assume that you were included.
Transunion now has a credit lock freeze capability with Equifax, so if you are a TransUnion subscriber, then you should be able to go into your account and specify a credit lock on the Equifax account.

https://www.secplicity.org/2017/09/11/equifax-mega-breach-daily-security-byte/

 
 

Good VOIP Services - Skype for Business with PSTN Calling

For companies with >50 handsets, consider hosted Avaya VOIP especially if you want to terminate locally provisioned numbers such as from a T1 or PRI.

For companies that have Office 365 and want an extremely reliable PSTN calling service, use Skype for Business.

Skype for Biz does not require handsets, but does work with them. It works without any on-premise hardware.

With all good VOIP services, network QoS and perimeter security appliance opitimzation should be done.

But the most reliable and straightforward VOIP implementation is always going to be Skype for Business because Microsoft knows very well how to build and maintan a secure and reliable infrastructure. The documentation on what needs to be done at the network layer and endpoints is VERY clear. In using their services for 6 months heavily, I have been extremely satisfied with the feature set and reliability of the service.

I have never had to call any tech support for Skype for Business w/ PSTN calling because the documentation and my knowledge was all that was required to get it working correctly the first time. And it has been reliable ever since.

3000 minutes per licensed user per month domestic calling for $20/user per month inclusive of taxes. The service works anywhere you have an internet connection, so it works in places where the cell phone does not, such as basements of concrete and steel buildings.

All you need is a QoS policy for Skype deployed via local policy or GPO and some optimized perimeter security appliance rules.

Microsoft will not just up and change their network infrastructure on you one day either like Jive does.

 
 
 

Vonage - Avoid


Vonage looks like a cheap service, but it has extremely high support costs.

One of the hallmarks of back VOIP PSTN calling services is a company that demonstrates that they do not know how IP networking really works, especially at the perimeter security appliance layer. So they will incorrectly structure their cloud server infrastructure in a way that a phone connection session does not stay on the same cloud server IP address for the entire session. Instead, one server hands off the call to another that has a different IP address. Then that server attempts to create an inbound connection to the WAN IP address of the perimeter security appliance.

Because this inbound connection (ingress) is NOT associated with an existing egress (outbound) session, it looks like an attack and is blocked.

The way this is often handled on horrible consumer routers is that uPnP is used by the device. uPnP is so insecure that no business class perimeter security appliance will even allow the feature.

 

Jive - AVOID

Jive documentation and tech support are below industry standard. We know an IT manager that spent over 200 hours with their tech support over the last 9 months trying to make the Jive services work properly.

Here is a document showing an example of how NOT to configure your perimeter security appliance as well as an example of how to configure it to make Jive work.

Jive Services

 
 

How to make the bad VOIP providers work anyway

Here is an example of a policy that makes Vonage work.

 2017 9 15 Vonage

 

 

Linkedin