Fax Machines on ShoreTel?   It is not uncommon for system administrators to create a user named FAX SEVER, then define it as EXTENSION ONLY.    Though I personally have been trying to eliminate all the forest eating fax machines and printers on the planet, it would appear that Fax machines are going to be with us for quite some time.   Even with a fax server, people want to stick a piece of paper into the machine and watch it “go through” after dialing the distant end.  This is an example of  “Experiential compatibility” as the marketing folks like to say.   We are more comfortable with a technology that is compatible with our experience.

Often, there are other analog devices that survive the move to IP telephony.   For example, the credit card machine!  Many company’s will have another ShoreTel user named CREDIT CARD and it also is defined as EXTENSION ONLY.  These devices share one common trait that many clients find very annoying.   If you connect a fax machine or credit card machine to a ShoreTel analog port, the device will now need to know how to “dial 9” to get an outside line, to complete a call.   So these means that you have to reprogram the fax machine and the speed dial lists that most companies have accumulated over the years.  Not an exciting thought and a great waste of human resourcess.

Is there a way to “hack” l the ShoreTel configuration database to just connectthe fax machine  to an outside line without the need to “dial 9”?   The answer is yes, there is a way.   I hope that you have watched enough of my stuff to have loaded a copy of SQLyog on your ShoreTel Server by now?  In the MySQL configuration database for the ShoreWare sever, there is a data table named “USERS”.   In the USERS database, look for the column labeled EXTERNAL DIAL TONE.   Find the USER of interest, in this example FAX MACHINE, and locate this column.  You will find that the existing default value is 0, requiring the user to “dial 9”.   By changing this value to -1, the user is directly connected to an outside line and is able to dial without using an access code.  Be careful changing this configuration database!  If you do not know MySQL or SQLyog, you should probably find someone who does.    The film clip accompanying this blog will walk you throught the configuration change.   Enjoy!



By: Peter Buswell

About the Author:

VoIP hacking is a new term that strikes fear into the hearts of many residential and corporate users thinking about upgrading from their existing traditional phone network and in some cases even dissuades them from doing so.

Thankfully, although talk of VoIP hacking goes back to 2004 and earlier, there are relatively few reports of it and it certainly does not compare to the levels of malicious use seen in the days of “blue boxing” and company PBX misuse.

In essence, VoIP becomes susceptible to hacking because in transferring analogue voice data into a digital form that is carried over the internet, some security firms say this is tantamount to gaining all the risks of computer data systems such as bugs, but also worms and viruses. Hackers already have their existing tools of the trade that they have owned for years, and can simply transfer these to the world of VoIP.

Types of VoIP Hacking

There are a number of types of such malicious use, all of which can be potentially very damaging:

Audio spam is a recently increasing form of abuse – we have all become accustomed to email spam and the same mechanisms that allow for distribution of spam to millions at a minimal cost also apply to the convergence of voice and data. Companies will have to get smart and combat such spam using complex filters.

Voice phishing is likely to increase. This is a form of social engineering where the person being called is convinced to hand over sensitive and confidential information. The ability to send out mass recordings over the internet via VoIP is likely to increase this type of malicious practice.

Caller ID spoofing is where the caller is able to pretend to be someone else, probably to obtain sensitive information from the person at the end of the line. Unless VoIP systems are made secure, this will otherwise likely be an easy to perform “hack”.

Call hijacking is the interception of a call intended for a particular party and relaying it to someone else. Again, this is likely to be used in conjunction with some form of social engineering.

Sometimes a hacker may simply wish to shut down a telephone network through brute force or denial of service attacks. For some companies, such disruption of business can cost millions of dollars. A disgruntled employee, for example, may try such an attack.

Wiretapping or phone tapping can be considered to be more simple to perform on a VoIP network. Because a hacker can access the system from afar via the internet, he need not jack directly in to the local phone network. Such compromising or sensitive information can be sold on by the criminal fraternity or even espionage carried out.

Worms and trojan horses can also use spoofing to disguise themselves within a voice packet. Once behind the corporate firewalls, they can wreak havoc on a company’s business critical systems.

How To Protect Yourself From VoIP Hacking

Whilst there are a number of risks from such practises above, minimizing the risk can enable you to obtain all the advantages of lower costs and valuable services. Most large companies are now considering migration to VoIP and have mitigated the risks by using advanced encryption and placing control of such systems to only a critical few persons.

Such measures can allow you to enjoy the benefits of VoIP in a secure operating environment with business risk being minimal and insignificant.



By: Christopher Buckley

About the Author: