>> The Hardware infrastructure

Traditional PBX Systems
Business telephony in large organizations has revolved around the private branch
exchange (PBX) for over a century, and given that length of time, it’s easy to see
why VoIP often is positioned as a modern alternative to the PBX. However, this
comparison is the wrong one to make, as the PBX concept itself is transport-neutral.
It would be just as wrong to say “analog vs. PBX” or “digital vs. PSTN,” so let’s
make sure we’ve got this basic principle down first.A PBX—or PABX internationally
(the “A” stands for “Automated”) is a communications switch that (1) replaces
PSTN switching functionality for a set of associated extensions, (2) provides access
trunks to carriers for routing PSTN calls, and (3) may provide additional communications
feature-functionality based on configuration settings and equipment capabilities
(see Figure 3.1).
Figure 3.1 A Basic PBX Diagram*
* All PBX systems provide PSTN-like switching services between endpoints and
adjuncts, the PSTN, and other private PBX switches (and associated private networks).
Only a few of the possible adjunct systems are mentioned here. An ACD is
an Automatic Call Distribution server (for use in call centers to direct calls to groups
of agents), and an IVR is an Interactive Voice Response server (also commonly used
in call centers to let callers use touch tones and voice prompts to select services).
So a PBX could be all IP or all analog or anything in the middle as long as it
switches calls between extensions and the PSTN as needed. In the end you will find
that despite the marketing hype, most VoIP systems are just PBX systems with different
combinations of support for IP lines and trunks. In some cases, the call control
part of the system is split out from the gateway that handles the non-IP electrical
interfaces. Or it’s pushed out to a service provider. But the basic switching concept is
preserved somewhere across the system as a whole. Regardless, understanding basic
PBX terminology will help you understand the underlying architecture of the VoIP
systems you may encounter, so let’s start there.



PBX Lines
In telephony, a line (or station line) connects endpoint equipment (digital terminals,
analog phones, fax machines, modems, or even an IP phone through an IP network)
to the PBX (or central office) for switching. An analog line is the private equivalent
of a local loop or loop transmission facility.
NOTE
A PBX is more likely than your phone company to support ground start phones
and trunks on analog interfaces. Your phone at home seizes control of the line
by using loop start, which involves shorting the two ends of the line together to
activate the circuit. Ground start sends one of the leads to ground (typically
ring) to seize the line, which is much less likely to cause glare (a condition that
arises when both sides on a line or trunk simultaneously seize control of the
line).
Typically, a PBX supports analog lines (and trunks) through a line card with 8,
12, 16, 24, or more lines per card, which are then wired to a patch panel for interconnection
through a structured cabling system to the analog phone or device. Most
of the security concerns around analog lines center on how well protected the
equipment and cabling systems are from eavesdropping and tampering. Ground start
loops will make theft of service less likely because a special phone is required, but
otherwise the same basic rules for protecting a PSTN line from tampering apply.
Of course, line is also a generic term that may apply to power lines providing
electricity to homes and businesses. But when we talk about an analog telephone
line, we are talking specifically about the two wires involved: the tip (the first wire in
a pair of phone wires, connected to the + side of the battery at the central office or
PBX; it is named tip because it was the at the tip of an operator’s plug) and the ring
(connected to the – side of the switch battery and named because it was connected
to the slip ring around the jack).Any equipment that works with Plain Old
Telephone Service (POTS) lines will work with a PBX analog line configured for
loop start. From a PBX, an analog line will nearly always be 2-wire although 4-wire
lines with Earth & Magnet (E&M, sometimes also called Ear and Mouth) interfaces
are supported from the same card for analog trunks.


TIP
If you’ve ever taken a peek behind the phone jacks that litter the walls of your
home, you are likely to see two (or three) pairs of wires, one Green/Red, the
next Yellow /Black, then White/Blue, but for our purposes only the first pair is
important. The Green wire, referred to as the Tip, is the positively charged terminal.
The Red terminal, the Ring, is the neutral, which completes the circuit,
enabling electrical signals to flow freely. Note that newer homes may use a
more recent color scheme that is also used for Ethernet cabling. The first pair is
White/Blue, then White/Orange, then White/Green and finally White/Brown. This
scheme is what you’re most likely to see in structured cabling systems within
buildings
Analog PBX systems supported only analog lines, but with the introduction of
digital switching, a new class of line was developed: the digital line. In most PBX
systems, a proprietary format for digital line signaling (and media) was created that
requires the use of digital phones manufactured by that vendor. Some vendors, however,
also support Integrated Services Digital Network (ISDN) standard phones
directly (or through the PSTN) via the ITU-standardized ISDN BRI. Most proprietary
digital formats use a 2-wire system with 8-wire plugs and jacks, although some
are 4-wire systems. ISDN uses a 2-wire system from the CO switch, but is 8-wire to
the interface used by a phone terminal, so the actual number of wires used will
depend on several factors (such as whether the phone has a built-in NT-1 interface).
Also, many proprietary switch features will not be supported on ISDN phones, particularly
when the phone is manufactured by a different vendor. And even within a
vendor product line, you may discover that newer features are supported only on
newer phones or phone firmware. In any case, digital lines for proprietary digital terminals
typically are supported by digital line cards with 8, 12, 16, 24, or more lines
per card, and ISDN lines for ISDN phones are supported by either ISDN trunk
cards or special ISDN BRI line cards, which may come in several flavors depending
on the ISDN BRI type.
In the case of the modern hybrid PBX or IP-PBX, there is an equivalent concept
for IP lines to IP phones, but unlike analog or digital lines the IP line isn’t necessarily
tied down to a single electrical interface on the PBX. In fact, the PBX can
use multiple Ethernet ports to support an IP line, and IP phones can fail over to
multiple IP-enabled PBX systems.The first IP line support built into most PBX systems
leveraged the H.323 suite of protocols or proprietary protocols like Cisco
“skinny,” but almost all new development on PBX systems today uses Session
Initiation Protocol (SIP).The bottom line is that the concept of an IP line exists in
virtually every VoIP system out there, and understanding how the line concept is
expressed in a specific VoIP system will give you an important handle with which to
analyze its architecture and security.
This flexibility and versatility is a huge advantage to VoIP, but it does come at a
price. Because the phones are now sharing infrastructure and bandwidth with other
devices (and perhaps the entire data network), quality-of-service (QoS) guarantees
for packet loss, latency (how long each packet takes to arrive from the phone to the
PBX), and jitter (variability of latency across packets in a stream) now become the
responsibility of the party providing the network infrastructure. Additional vectors
for Denial-of-Service attacks on IP lines (either to the phone or the PBX) and
Man-In-The-Middle (MITM) attacks must be considered. In my experience, the
resulting loss of accountability from a single organization or vendor to multiple entities
rarely is included in planning (or ROI calculations) for VoIP deployments.