Corporate blog
Beyond the realms of Open Source and Technology

Announcing the March Asterisk Cafe

We will hold a meetup on every first Monday of the month.

The next meeting will be held on Monday, March 4th between 5:30 and 7:30 PM  at the Greenfield Tech offices, 14 Shenkar Street, 4th Floor, Hertzelia Pituach.

Topics that will be covered in the meetup include:

Ongoing topic:
1. Recent cases of systems being hacked in Israel, how to better protect ourselves and ways to deal with your service providers in such cases

2. Setting up the first community run Asterisk convention in Israel independent from any commercial agenda

Participation is free but space is limited!

Please register by emailing info@greenfieldtech.net

After a long hiatus, Asterisk Cafe meetups are back!

We will hold a meetup on every first Monday of the month. The next meeting will be held on Monday, February 4th between 5:30 and 7:30 PM  at the Greenfield Tech offices, 14 Shenkar Street Hertzelia Pituach.

Participation is free but space is limited!

Topics that will be covered in the meetup include:

1. Recent cases of systems being hacked in Israel, how to better protect ourselves and ways to deal with your service providers in such cases

2. Setting up the first community run Asterisk convention in Israel  independent from any commercial  agenda

To reserve your spot, please sign up at http://asterisk-israel.eventbrite.com/

 

 

 

Here’s a challenging question for the Asterisk technical savvy of you… What is the top performance you can squeeze out of an Asterisk box, running on Amazon EC2 – or to that extent, a cloud infrastructure? If you scout the Internet, you may find various answers – however, most of them aren’t backed up by real numbers or real information,made accessible in a normal readable form.
Recently, we’ve become heavily involved in a project requiring massive usage of cloud based infrastructure. I won’t go into details as to what the project is or what we are doing, however, I felt that some interesting facts about Asterisk 11.0.1 and Cloud infrastructure can be shared with the rest of you.

Before we dig deep into the actual results, let’s talk about the various measurements usually associated with performance assessments of an Asterisk box, mainly, the machines load average. In order to continue, we must first understand what the Linux Load Average actually is. Most of you know load average as the below:

Load Average Example

Most people know the load average as those 3 numbers, ranging from 0 to anything higher, and if the numbers reach a certain level – it’s bad. But the question is: “What is a good number? and what makes a number bad?” First, let’s understand what the number represents. Load average is an exponential average of all your machines processes. Running processes, sleeping processes, waiting processes and on Linux, also processes currently waiting for I/O access. Now, these number are directly correlated to the number of processors/cores your server has. In general terms, a machine with a single core, any number higher than 1 is considered bad – where 1 represents 100% of the resources being consumed. So, if your machine has 4 cores, the number 4 is your top most number – and from there it’s linear. Now, can we calculate HyperThreading into the equation, multiple CPU pipelines, SSD access – in Linux, all these come into play into that equation. In other words, we’ll never know what is the actual top limit, but working with a rule of thumb based upon the number of cores is a good practice – specifically if your operational environment is a virtualized one.

Now, there are 3 numbers in there – a 1 minute average, a 5 minute average and a 15 minute average. Technically speaking, the 1 minute average isn’t really interesting – as it is highly affected by context switches and process bootstrapping, thus, there is a good chande that its number will be higher than the “advised” number. The numbers that are more interesting are the 5 minute and 15 minute average. Technically speaking, if your machine’s load average is considerably higher than the advised at these, something is definitely wrong.

Presentations from AstriCON 2012

GreenfieldTech Presentations from AstriCON now available on our downloads page

At Astricon in Atlanta I presented the initial results of our VOIP Security Audits, and we will be posting links to both the presentation and the video when it is made available.

Here is one of the findings that were presented:
* The average number of Server and OS critical problems was 18.6 problems per PBX
* The highest number of Server and OS critical problems found was 117 problems on a single PBX

Conclusion:
You need to have an update policy with regular security updates for the server, not just the Asterisk software, and it needs to be implemented.

Click on this link to get more information about the GreenfieldTech VOIP Security Audits

Its AstriCon time again

 

 

 

 

 

Greenfield Technology will be participating in  Astricon’12, with multiple speaking slots and we will be holding raffles through out Astricon’12 in the Kamailio booth (#20) come on over and say hi to Nir and Eric.
Astricon’12 is taking place in Atlanta, GA, USA, during October 23-25, 2012

Speaking

GreefirldTech’s Nir Simionovich and Eric Klein will each be presenting at the event.



Wednesday, October 24, 2012

Eric will be presenting at 11:40-12:15  in the Cloud Track.

Presentation title:

Abstract

Last year’s Security Panels at AstriCon brought examples from the audience (like: found and hacked in under 10 min. and $400k in fraud in 2 days). This year there are many new fraud attacks and audit horror stories and recommendations for you.
This session will review the security breaches of the past year as well as highlights of the most common problems found in security audits. The audience is encouraged to provide their own examples and jointly define solutions.



Thursday, October 25, 2012

Nir  will be presenting at  10:00-10:35 in the Security Track.

Presentation title:

Abstract

Fail2Ban is a wonderful tool, but it is only one of many tools out there to assist in the protection of your Asterisk server. Some of these tools are so simple, that by utilizing very simple techniques, a complete lock down can be enforced. The session will share some methods that were deployed over the course of the years 2010 and 2011 and several locations and had proved to reduce the risk of hacking and fraud tremendously. 



Kamailio Booth

Along with speaking we will be at the Kamailio booth in the open source area. The Kamailio booth number is 20, if you are attending the show stop by to learn about use cases of Kamailio and what is new in the project.

We will be holding raffles at the following times:

Tuesday, October 23rd

  • 18:00

Wednesday, October 24

  • 12: 00
  • 14:00
  • 16:00
  • 17:50

Thursday, October 24th

  • 12: 00
  • 14:00

To enter, drop your business card in the Greenfield Technology container in the Kamailio Booth (#20).

You must be present to win. If the owner of the selected card is not present, the card will be put aside and another winner will be drawn.

 

 

It's that time of year again, to update on the latest trends in the Asterisk community and the Asterisk market. In comparison to previous year conventions, this years motto was, at least according to our view: "Asterisk is now a main stream option". We all knew that Asterisk was getting more and more recognition by the technical communities - however, this is the first time the business community had showed that it is accepting Asterisk as a valid solution in the market.
First of all, before I go on and add additional information on the previous post – I’d like to do one thing – sound the ALL CLEAR alarm signal. It would appear that while the Humbug engine had identified an anomaly, it had identified something that was out there for some time now, was catered by Asterisk internally – however, we didn’t have a clear indication of what it looks like as the attack is going on. And now, with a bit more details.
Everybody these days are big into cloud computing - be it due to cost constraints, hype requirements or simply because you don't have anything else to do - cloud computing is here to stay and will be with us for the next 10 years at the least. About 2 years ago, GreenfieldTech was involved in the testing and adaptation of Asterisk into the Amazon EC2 cloud infrastructure - since then much has happened. Asterisk based EC2 AMI images had become a norm and you can find dozens if not hundreds of Asterisk installations on Amazon EC2. The one thing that people always ask: "How does a cloud perform? is it measurable?" - well, most of the EC2 measurements were based upon fairly simple applications, so the actual results varied - in addition, due to the nature of the Amazon Cloud, results varied from one cloud region to another, depending on your termination provider, inbound provider, inbound bandwidth, etc. In other words, a definite answer was somewhat hard to give.
As you know, fraud analysis and Telephony Security forensics are a big thing here at GreenfieldTech. As our CEO, Mr. Simionovich, is also the chief architect of the Humbug Analytics project, GreenfieldTech enjoys access to information usually not available to other consulting companies and carriers around the world. The following post had been posted by Mr. Simionovich on the Humbug blog and shows a new Asterisk bound fraud pattern.

Switch to our mobile site