Are Cheap IP-PBX Business VoIP Phone Systems Right For Your Business?

The world was still listening to Smashmouth and contemplating the underlying meaning behind The Matrix when the founder of Digium.com, released his free, open source IP PBX software in 1999.

He created an entirely new segment in the open source software market… Not only did companies using Asterisk collectively save millions of dollars when installing the open software, they found it could be hosted or installed on-site, as a call distributor, a VoIP gateway, a conference bridge and much more.  It became the Swiss army knife of IP-based telephony overnight.

But then, in January 2009, one small business Asterisk customer was slapped with a gigantic and unexpected phone bill. His system had been hacked…Is Asterisk Secure?

Australian newspaper Adelaide Now reported: “A small business has been landed with a $120,000 phone bill after criminals hacked into its internet phone system and used it to make 11,000 international calls in just 46 hours.” But the Australian business owner wasn’t the only victim. Three companies in the U.S. using IP PBX systems (two from Asterisk) suffered similar fates around the same time.

Adding insult to injury, a slew of neckbeards eventually went online and posted soundless YouTube videos that exuberantly demonstrated, keystroke by keystroke, how to break into the PBX and make free calls.

So what happened?

As an Asterisk reseller said following an attack on one of his customers, “We were so focused on the telephony side [when we installed Asterisk] that we completely overlooked…the IT side, the security side.”  It was obvious in hindsight. Their failure to secure the server ensured their demise.

Since then, Asterisk has solidified enormously.  It’s now backed up by thousands of skilled IT experts in an open source community who take security very seriously. As of today, there are more than a million Asterisk-based systems in use across more than 170 countries.

The upside of Asterisk

In a nutshell, Internet Protocol Private Brand Exchange allows you as your own personal phone company. You can set up branch menus, dial “9” for an outside line, assign 3 digit extensions for every team member at the office and much more.

We’ve all used PBX and are familiar with the functionality it provides, but most people think of it as something too complex or expensive to implement on our own. Thanks to Asterisk, that’s not the case.

Asterisk offers the same functionality of a hardware PBX, for free… Below is a feature list from Asterisk.org (click on the image to visit the page)

Asterisk Features

Laying the groundwork

There are a lot of ways to set up Asterisk. The easiest and most efficient is by installing one of the pre compiled distributions. Of those, we recommend Asterisk Now because, while it’s not as flexible as home brew installations, it allows relatively inexperienced users to change the plumbing and create customization. It needs to be stressed that that you will be forced to operate in a predefined framework though.

If you’re feeling a little more adventurous, you can always create your own from the source. When you go this route, you get a lot more control over the functionality and it’s actually not as hard as you might think (assuming you know basic command line).

When you install Asterisk from the source, it enables you the freedom of choosing your own Linux OS (we recommend Ubuntu) and then tweaking the installation for your environment and hardware to maximize performance.

Find full instructions on installing Asterisk from source here.

Parting thoughts

If you’re planning an Asterisk installation and need advice on securing the system, Ward Mundy has collected the most critical steps for locking down your installation. You’ll find further advice in the forums and wiki at the Asterisk.org website.

So while using Asterisk to commit phone fraud is no longer an issue, hackers (some of whom may be your employees, suppliers or business partners) often find ways to defraud using the system. Click here to download a Phone Bill Fraud Prevention Checklist from the Telecom Association.

AT&T and Verizon Alternatives

When the Bell System monopoly on telephone communication run by AT&T was broken into “Baby Bells,” also called Regional Bell Operating Companies (RBOCs) in 1982, the monopoly on phone service seemed to be at its end.

The original anti-trust action by the Department of Justice was initiated in 1972, but legal wrangling stalled the final breakup until 1982. Thirty plus years later, I often wonder whether the quality of service has improved.  A quick online scan shows throngs of unhappy customers’ voices have echoing across forums and consumer advocacy sites.

Freedom From Telecom Bullies

Verizon is the other major player in the space, selling its phone service under the FIOS brand.  They also bundle internet access and TV service and deliver it over a fiber network. Verizon was initially known as Bell Atlantic, one of the aforementioned RBOCs. In 2000 it merged with GTE and re-branded itself with the name we know today. Now, with millions of customers across the country, Verizon too has been inundated by hordes of unhappy customers who complain about phone service and virtually every other service Verizon offers.

Fortunately, the telecom landscape has evolved in recent years and now provides businesses many alternatives to those two incumbent phone companies. The VoIP revolution has transformed the industry, so I’d like to suggest a few companies that we feel comfortable recommending to business clientele looking for a change.

Here are our top picks:

ShoreTel

ShoreTel targets mid-sized and larger companies, generally those that need 25 or more phones. The ShoreTel Connect product is a VoIP system that can be run as a managed service from the cloud, or as a system with its own hardware and servers that you manage at your place of business. Or, if you have multiple locations, you can install Connect as a hybrid deployment where certain locations are managed in the cloud while others are managed on site. The product supports IM, VoIP, conferencing, web sharing and video. Its allows users to move from an IM to a phone call, to an online meeting then to a desktop share that can include video, all with a single click.

Ooma

Ooma began as a VoIP provider for residential customers, then expanded into business services with a clear customer demographic: small businesses that need 25 or fewer phones. Ooma works with any traditional phone (of the curly cord variety), eliminating the need to buy IP phones. You can easily set the system up to ring remote extensions off premises, including employee cell phones which is useful for sales, service and other workers who spend time outside the office. This short video leads you through the basic setup process.

Broadview Networks

Broadview Networks, discussed elsewhere on this blog, serves more than 200,000 users every day with its OfficeSuite cloud phone system. It provides not only excellent quality VoIP phone service; Broadview also lets you communicate with hi def video, web and audio conferencing, and toll-free service.

As network speeds increase and technology becomes more refined, the marketplace for VoIP continues to grow and become more relevant. Contact us with any additional questions you might have relating to finding a suitable alternative to the incumbent phone companies.