Trixbox Asterisk-based PBX virtual machine

It has a host of interesting features:

• Web Interface to controll most of the features of Asterisk PBX.
• SIP and IAX protocol stack (H.323 can be added). POTS FXS/FXO and T1/E1 are not available on VMware due to timing issues.
• Digital Receptionist automaticaly answers incoming calls and gives caller a choice of actions through IVR)
• Timers allow to set up different time patterns for call handling. It allows to direct weekend calls differently than weekday calls for example.
• Conference Bridge to set up conference calls
• Direct Inward Dial (DISA) to connect to the PBX from remote site as if you were connected localy
• Star Numbers to access star features. (like *70 to enable call waiting and *71 to desable it)
• Follow me to ring a desk phone and a cell phone when a call comes in
• Inbound Routes to direct calls depending on caller ID and interface by which a call arrives
• Outbound Routes to direct calls to different providers for Least Cost Routing for example.
• Paging and Intercom for some phones (Grandstream and Snome)
• Queues to queue-up incoming callers like in a call center
• Ring Groups to ring multiple phones upon call arival
• Call Log with various reporting capabilities to see who called whome and when
• Voice Mail system with ability to send voice mail by email as an attachments.
• Web Interface to Voice Mail
• Fax Receiving with PDF conversion. Received faxes can be sent to you by email as a PDF file
• Call Recordings to record all or some calls or fragments of calls
• Control Panel to see what is going on at a glance and controll calls with drag-and-drop
• Dynamic Configuration to add or remove functionality on the fly
• VoicePulse integration to simplyfy setup for use with a VoicePulse account if you have one.

To run this image you will need a VMware Player (or Workstation). Un-rar downloaded file and then .vmx file in VMware player. After boot loging with root password “password”. If your network has a DHCP server, image should pick-up IP address automaticaly. To check your current IP address, login to root and do

# ifconfig eth0

You should see image IP addres in the first line of the output. Read the rest of this entry »

Dan Goodin, an AP Technology writer, has written an article published by Yahoo News that makes a point that web site scripting languages have become a next low hanging fruit for malware writers. It appears easier to exploit securith weaknesses of contemporary
web sites, like Orkut or MySpace to propagate a worm than it is to mess with tighter and tighter security of Windows operating system.

Roots of this problem can be found in a visionary statement “Network is operating system”. New Web Services are applications running over that operating system. I think there are a lot of parallels in what MySpace does and what AOL client application used to do. Rinse of Web Service worms is a testament to the success of “Network is Operating System” idea.

Can a Network OS deal with security problems the same “patchy” way as a conventional OS? Often OS users can tolerate existing threat because there is a workaround or that allows waiting for a patch. It is more difficult to do with Network OS because most of it is outside of our control. All we can do is to deal with individual applications running over it. A user of Network Operating System does not have the same degree of control over it. This leaves us, as users, in a situation where we can do one of two things: stop using the service or switch to another provider. Both of them are not really acceptable… but we have no choice…

I think this situation is calling for different approaches. One approach is to use a throw-away web environment. It can be done using a Virtual Machine, like a VMware image with a Web Browser. VMware virtual machine can be simply deleted from hard drive after web browsing.

Another solution might be in having application level access control to the resources of a usual computer. I think Dekart Private Disk with Firewall is one of the first vestiges of this approach.

For both of these approaches it does not really matter how insecure web site scripts are. Security measures are taken by OS user and designed by OS designers, rather than patched by web service designers.

It might be a smart strategy for Microsoft Windows create a virtual machine partition that would be allowed to browse web and have a firewall in between that part and the rest of the system. It is akin to idea of a DMZ in network protection, but in operating system. I think it might be interesting to have portions of OS file system dedicated to DMZ applications. If application is installed in DMZ it would be executed within OS with stricter access to resources than if it was not. Special subsystems within OS might be created to bridge two parts of OS in controlled manner. In this way, control (and responsibility) is back to where it belongs – with the user.

Microsoft already traveled down this road, but in different direction. Windows NT could run MSDOS applicaitons as a virtual machine that shared resources and access with Windows NT. Developers of various virtualisation technologies have gone another way to - aiming for complete isolation of virtual machines from each other.

I think trow-away web enviroment should concentrate on two key points - managing baseline configuration of the trow-away partition (is like installing applications for web browsing on a VMware image) and  managed interaction between DMZ Virtual Machine  and the host OS (kind-of Private Disk Firewall enveloping host OS).