Understanding PBXs (Fall, 2007)

Greetings from the Central Office! It’s autumn in Puget Sound country, although we had an unusually cold and wet summer. Still, fall means back to school, and that means that my “service monitoring” gets a lot more interesting. By the way, Amber, your mom found out that you cut classes today, and you’re going to be in big trouble! Next time you decide to hang out at the mall, don’t go to the one where Mrs. Pierce works. All the boys down at Fort Meade had a big laugh over that one, too.

But I digress. In this installment of Telecom Informer, we’re going outside of the central office, and into hotels, hospitals, and college campuses. In many of these places, the majority of calls never leave the building. Instead, they’re routed over Private Branch Exchanges or PBXs for short. While most PBXs are connected to the Public Switched Telephone Network (PSTN), they can operate as entirely self-contained systems, or connect to other telecommunications networks (such as the secure networks operated by various governments around the world).

Avaya Definity photo

The Avaya Definity, one of the longest-running PBX series

Nearly everyone reading this has probably made a phone call through a PBX at some point in their lives. Ever had to dial “9” first to make a call? Your call most likely traveled through a PBX. Ever called from one hotel room to another by dialing only the room number? Your call probably never left the building. I say “probably” and “most likely” because many local phone companies offer a service called Centrex. This offers calling features similar to PBXs, but everything (including “service monitoring” and government surveillance) is handled right here in my central office. We just charge you a hefty fee per month, per line.

Years ago, phreaks often thought of a PBX as a fun way to make free phone calls. They’d refer to “diverters” or “extenders” in conversations, and often used such terminology interchangeably with “PBX.” A phreak I knew named Phred, based out of Staten Island, spent his days collecting other phreaks’ phone numbers, and then calling them using PBXs he’d broken into. “I’ve got your number,” he’d threaten on conference bridges, which were common at the time. “I’ve got EVERYBODY’S number, and I’m gonna call you on my phone sex PBX.” I’m not sure what ever happened to Phred; he disappeared one day and nobody ever heard from him again. Rumor has it he went to prison, but who knows. At least we know that’s where TRON is.

And now, if you’ll indulge, it’s time for a trip down memory lane. Before Internet access was widely available (believe it or not, it’s only been about 15 years), hackers and phreaks largely communicated and shared information via text files and hacking programs (such as ToneLoc) circulated on dial-up BBSs. You can think of a dial-up BBS as similar to a Web message board, except that each one had to be dialed up separately using a modem. If someone else was connected to the BBS, you’d get a busy signal.

One of the more creative inventions of 2600 Magazine was their voice BBS, which gave people without computers another avenue to communicate. Messages left there were quite often interrupted by red box tones. I spent many long hours in the central office performing “service monitoring” of (516) 473-2626.

Hackers and phreaks also communicated using conference bridges, such as those provided by Alliance Teleconferencing. These were a favorite with phreaks because they both contained an incredible array of conference management features (many of which were used to harass DrHavoc’s mom), and were highly susceptible to , erm, “creative” billing arrangements. And, of course, there were 2600 meetings, where local hackers and phreaks could meet and share ideas face-to-face.

OK, back to the present day. Although a poorly configured PBX can still allow unauthorized people to make free phone calls, finding an open DISA port is rare these days. And with the low cost of long distance (I just called Emmanuel in Singapore, and it cost only 7.25 cents per minute), combined with the high risk of being caught, it’s hardly worth the bother anymore.

So, you may ask, what good is a PBX if you can’t make free phone calls using it? Fair question, but first, it’s good to understand why people install PBXs so you can think of creative ways to have fun with them. PBXs provide numerous advantages to the people who install them, but probably the biggest one is a lower phone bill. Instead of paying a monthly fee to the phone company for each individual telephone line in a facility, you only need to buy as many phone lines as you actually use for incoming and outgoing calls. This is calculated by the PBX installer based on averages, with some buffer for unusually busy periods. Making a call within the building ties up your phone, but it doesn’t tie up an actual phone line. If you make a call outside the building (generally by pressing 9), or if you receive a call from the PSTN, the PBX takes care of routing your call.

The second biggest advantage is control. With a PBX, you can control the calling features available to each telephone set individually. For example, you could configure some telephone sets to only receive incoming calls, others to only be able to make calls within the building, and still others to have unrestricted capability. You can even control the hours when calls ring through to office phones, for example, forwarding calls to an answering service after hours. Or maybe if you’re creative, forwarding calls to DrHavoc’s mom instead.

Another form of control is least cost call routing. Suppose that you have accounts with two different long distance carriers. One carrier provides attractive pricing for domestic calls, and the other provides attractive pricing for international calls. Based on the numbers dialed, the administrator can instruct the PBX to route the call over one long distance carrier versus another (using carrier access codes, a topic I have covered in previous issues).

PBXs provide numerous features other than just additional control over how and when calls are placed. You’re probably familiar with those “press 1 for sales, press 2 for service, or press 3 for a recording of our CEO farting” phone trees. With a PBX, you can make your very own. PBXs generally also include voicemail systems, and PBX administrators have as much flexibility around voicemail features as they do around calling features. For example, you can decide whether or not to let callers record their own outgoing messages, control the number of messages they can store in their mailbox, or grant the ability to return phone calls (to name just a few options).

There are dozens of different manufacturers of PBXs, but they are largely self-contained and proprietary systems. PBXs generally use digital inside wiring (often with proprietary encoding, meaning you have to use only telephone sets of the same brand and model as your PBX), and can connect to the PSTN using either digital (ISDN and/or T1) or analog lines. Note that not all PBXs support all types of PSTN connectivity. In general, despite a lot of noise about open standards, you pretty much have to buy both your PBX and your telephones (called station sets) from the same manufacturer. Manufacturers sometimes have multiple (and often incompatible) product lines; for example, Nortel has both the Norstar and Meridian product lines. These telephone systems have different features and hardware, and are not fully interoperable.

To make things even more exciting, telephones, computers, voicemail, email, and VoIP technologies have converged rapidly over the years. This leads to a confusing hodgepodge of acronyms, many of which mean different things to different manufacturers. For example, a “VoIP PBX” could actually be using any of over a dozen communications protocols, some public and some proprietary, with transport over IP being the only thing they have in common. And even then, which part of the call takes place over IP can vary. Some PBXs, for example, label themselves as VoIP, but in practice, they can only route long distance calls over the Internet (using services such as a SIP provider). Conversely, there are now software-only PBXs, such as Asterisk, which can be operated without connecting to a single physical telephone line.

One feature that my central office supports, which many PBXs don’t, is CALEA. If you’ve read my previous columns, I have described in detail this FBI-mandated surveillance infrastructure, which is built into the PSTN. However, in-building calls may not be safe for much longer. Many colleges and universities around the country have reportedly been contacted by the FBI requesting provisions for PBX surveillance infrastructure. They claim it’s to assist them in cracking down on “drug activity.” It’s probably only a matter of time before hospitals, businesses, and anywhere other than the Department of Justice receives similar requests.

And on that uplifting note, it’s time to bring another issue of The Telecom Informer to a close. Have a safe and happy Halloween, and Thanksgiving, press 4 to pull my finger, and I’ll see you all again this winter!

 

LINKS:

http://www.telephreak.org – A software-only Asterisk PBX offering free voicemail and conference bridges.

http://askcalea.fbi.gov/ – FBI-operated Web site describing CALEA nationwide surveillance program.