FreePBX joins forces with Bria Cloud to let freedom ring anywhere

A guest blog from Jim O’Brien, Vice President of Server Engineering for CounterPath.

A little while ago, we got together with our friends at Schmoozecom and hatched a plan.

The goal was clear: Let’s make it very simple and straightforward for FreePBX end users to communicate with Bria clients on any device using their company’s phone system.

And what was born was a brand new capability we are offering to Bria Cloud Solutions customers, effectively bringing enterprise mobility to millions of FreePBX users worldwide.

Behind the scenes, Schmoozecom and CounterPath have worked together to make our products and services very complimentary. By making it simple for managers of FreePBX systems to connect their systems to Bria Cloud Services, they can provision users into FreePBX and for these users to be auto-magically provisioned into Bria Cloud Services.

So what does this mean for SMBs and enterprises using FreePBX? It means employees can communicate on any device they may have access to at any time, from any location.

Do you generally work from the office? Load Bria on your office computer. Going on a road trip? Load Bria on your smartphone. Working from the beach? Load it on your tablet. With FreePBX and Bria, employees can stay connected like never before.

Now, I’m a technical guy, so I can’t talk about this without going into a bit of detail. In a nutshell, the solution comprises:

  • FreePBX has a new module called Bria Cloud Solutions.
  • CounterPath has released a Provisioning Interface (based on our Stretto Platform) to the Bria Cloud Service for this FreePBX Module.
  • This module supports an Application Programming Interface (API) that allows FreePBX to provision users into CounterPath’s Cloud Service.
  • IT Managers [or System resellers or even Normal Humans J ] running their own FreePBX phone system add this new module to their FreePBX installation.
  • IT Managers then purchase subscriptions to Bria Cloud services for clients their organization will use (or purchase some and add more later).

The great part about this is, though, that end users see none of the above.

They are told “Go download the red Bria client and install it on your device (from iTunes for iPhone/iPad, from GooglePlay for Android smartphones/tablets, from BlackBerry World for Blackberry 10, and from CounterPath for Windows and Mac). Then login with a username and password that matches your FreePBX credentials.”

And it’s as easy as that!

The solution is also an IT manager’s dream. IT managers can see the usage of devices across their population and purchase more subscriptions. They can set limits for users and if someone gets a new computer or phone, the IT manager can remove an old device and the employee can then use Bria on their new device.

Another key feature is that the IT manager controls the configuration of the device(s). End users have access to preferences, but not the real settings that connect their Bria clients back to Free PBX for Voice or Voice, Video, Presence and Instant Messaging. The normal end user will have a much harder time breaking things, which means less time spent supporting end user configuration issues and typos, etc.

We hope that this first collaboration with the FreePBX team provides value to our mutual and newly-mutual customers.

For more information please check out our Press release, our Product Page, our Knowledge Base, and the Free PBX wiki.

This post originally appeared on blog.counterpath.com

About Jim O’Brien

Jim O’Brien is the Vice President of Server Engineering for CounterPath and directs his team in architecting, building and supporting server solutions that work closely with CounterPath softphone applications. Jim designed, launched, and supported wholesale and enterprise VoIP networks for GTE, Genuity, and Level(3). Jim joined CounterPath with the acquisition of BridgePort Networks in 2008.

Latest News From FreePBX: FreePBX 12/OTTS Training, AstriCon, FreePBXhosting.co.uk, Mitel and Stable FreePBX 12 News!

FreePBX Training

 Open Telephony Training Seminar- Milwaukee, Wisconsin!

Tuesday, November 18 – Friday, November 21, 2014 (Optional Packer’s Football Day Nov. 16th!) EARLY BIRD PRICING AVAILABLE UNTIL OCTOBER 31st!

Register Now

Who Should Attend– These sessions are usually attended by participants wanting to utilize FreePBX to get their part of the billion dollar open source telephony market, as well as end users wanting to further their knowledge of FreePBX and the FreePBX EcoSystem. You will attend sessions with FreePBX Integrators, Resellers and those using FreePBX or PBXact within their business or call center environments.

Learning & Course Objectives– This instructor lead four day course will be taught utilizing the latest and greatest version of our software FreePBX 12 and will provide advanced training and in depth labs on everything from initial FreePBX configuration to advanced sessions on various components of FreePBX. We will teach advanced topics to market, sell, deploy, troubleshoot, customize and administer Open Source Telephony Solutions based on FreePBX. The labs are designed to progressively provide a base of technical knowledge and telephony know-how.

What to Bring – Some basic Linux knowledge, and a laptop.

What to Take Away– A fully loaded FreePBX Demo Kit, which includes a Classic 50 Appliance, a Digium D70 and licensing for all FreePBX commercial modules and most importantly Certification on the World’s Most Popular Open Source PBX platform FreePBX!

(Optional) Packer Football Special – November 16th, 2014 is a Green Bay Packer home game against the Eagles. Schmooze has access to a handful of Packer tickets at a price of $250-$400.00 per ticket for anyone interested in joining us at the game that Sunday. Green Bay is only a 1.5 hour drive from Milwaukee and historic Lambeau Field is a place all die hard NFL fans need to visit once in their lifetime. Call us at (920) 486-6301 for more information on attending the game.

 


 

  

 FreePBX 12 is a significant leap forward, providing huge internal upgrades, improved functionality and new features for years to come. We expect to announce the release of the stable version within the next week or two. In the above video, Andrew Nagy (Software Developer for Schmooze Com Inc./ FreePBX) explains What’s New in FreePBX 12 during his presentation at FreePBX World in Las Vegas.

New Features available in FreePBX 12:

  • Support for Asterisk 12 & 13
  • Support for extensions to switch between chan_sip and pjsip
  • Continued support for Asterisk 1.8, 10 and 11
  • Support for Asterisk Rest Interface Manager Module
  • Brand New Dashboard, with security notices, and realtime and historical FreePBX Statistics

Dashboard

  • Call Parking now supports direct slot parking, allowing you to transfer callers directly into individual slots
  • Secure module signing to protect the integrity of your system.
  • Call Detail Reports now support html5 playback of call recordings, (no need to have quicktime player installed.)
  • Updated Module Administration, allowing system administrators to choose between stable and beta versions of modules, and even roll back module updates if needed.

 

  • New User Control Panel “UCP” that replaces the legacy ARI (Asterisk Recording Interface)
  • UCP uses a modular design allowing features to be easily added as the product develops
  • UCP Presence
  • UCP Call History – with html5 recording playback
  • UCP Customizable Widgets/RSS Feeds
  • UCP Settings Management: Find Me/Follow Me, VmX Locator, Call Waiting, Call Forwarding, Do Not Disturb
  • UCP Visual Voicemail – with html5 recording playback, and in browser recording upload of messages and prompts
  • UCP WebRTC Softphone – plug-in free browser based softphone
  • UCP Conference Pro – full control of conference rooms
  • UCP Fax Pro- send new and view incoming faxes
  • SMS Support within UCP for SIPStation Customers
  • UCP XMPP Chat client for UCP

Install or upgrade your existing system to FreePBX 12 by visting freepbx.org!


 

FreePBX Hosting

Give your business the competitive edge without the expense of investing in a PBX server. Hosted FreePBX service can accommodate all business sizes, large and small.

FreePBX Hosting

At Schmooze our core focus is telephony and software development, we have partnered with the best data centers in the industry to provide you with world class FreePBX hosting services. Now with services available in the UK. Try FreePBX Hosting Risk Free for 30 Days by visiting one of our partners.

Optimal Projects

United Kingdom Provider of FreePBXHosting.co.uk

North American Provider of FreePBXhosting.com

View our recent interview with Adam Hobach, President of CyberLynk Network discussing FreePBXhosting.com.

 


 

Astricon2014

Schmooze is a Gold Sponsor of AstriCon 2014- Las Vegas 

Oct. 22-24, 2014 make plans to join us at the Red Rock Resort in Las Vegas, Nevada for three days of conferences, exhibits and new product announcements and demonstrations!  To see some things to look forward to at AstriCon please see our recent FreePBX World interview with Billy Chia from Digium.

Using the FreePBX EndPoint Manager– 11 am on the 22nd

FreePBX Phone Apps Presentation – 1:45 on the 22nd

FreePBX Yesterday, Today and Tomorrow– 3:30 on the 23rd

FreePBX High Availability – 10 am on the 24th

Elastix, FreePBX and Asterisk panel. 2:25 pm on the 24th

The FreePBX/Schmooze Com team will be available on the exhibit floor (Booth 27), networking events and by appointment please contact us to schedule a time to meet.


 

mitel

Product Discontinuance Notice: 675xi Phones 

Mitel has announced the discontinuance of all variants of the Aastra 675xi SIP phones.

Schmooze still has some stock on hand of the 6753i and the 6755i for those interested in acquiring these before they are gone.

The newly released 68xxi series of SIP phones are great alternatives to the 675xi models, providing significant improvements including enriched functionality, superior audio quality, and enhanced color LCD display.

For clients who wish to stay within the 67xxi family for similar form factor the 673xi series offers suitable substitutions as well.

These models and more are available in the Schmooze Portal for purchase at competitive prices.

Do your part: Purchasing hardware from Schmooze helps provide funding for the continued development of FreePBX!


 

Stay tuned to our blogs and forums for upcoming announcements about a new certified WIFI phone, FreePBX Integrated Cloud-Based Provisioning for desktop, tablets and smartphones and more exciting additions to the ever expanding FreePBX EcoSystem!

Preston McNair follow @prestonmcnairPreston McNair(link is external) 
VP of Sales and Marketing 
FreePBX/Schmooze Com, Inc. 
Voice (920) 886-8130

Contact Us

 

 

 

 

Copyright © 2014, Schmooze Com, Inc. FreePBX is a Registered Trademark of Schmooze Com, Inc.
All Rights Reserved.  

Critical FreePBX RCE Vulnerability (ALL Versions)

CVE: 2014-7235
Date: 2014-09-30
Author: James Finstrom
Ticket: http://issues.freepbx.org/browse/FREEPBX-8070


We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. This affects any user who has installed FreePBX prior to version 12, and users who have updated to FreePBX 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.

This exploit allows users to bypass authentication and gain full “Administrator” access to the FreePBX server when the ARI module is present, which may then be used to grant the attacker full remote code execution access as the user running the Apache process.
We have released updates for users on FreePBX versions 2.9, 2.10, 2.11 and 12 per our security policy which covers releases that have come out over the last 3.5 years. Versions 2.8 and prior can be easily updated to 2.9 or higher through Module Admin which will remove the vulnerability. Versions 2.11 and 12 are the only officially supported versions of FreePBX but we always apply security patches to the two prior versions as well.

Users prior to FreePBX 12 should update FreePBX ARI Framework to version 2.11.1.5 immediately.

FreePBX 12 users should disable and uninstall the legacy FreePBX ARI Framework module and switch to the new User Control Panel, which is not to be confused with the previous ‘User Control Panel Tab’. 
Please note that indications of a compromised system include the presence of an “System Admin Dashboard” also called “admindashboard” module, the files c2.pl and/or c.sh.

 

If you are using the FreePBX Distro we have fixed this with upgrade scripts 5.211.65-19 and 6.12.65-18. As always review the wiki here on how to keep your FreePBX Distro system updated.

If these are present then your system has potentially been compromised. You should urgently remove this module via a system shell. 
Due to various differences between machines, your AMPWEBROOT may be in /var/www/admin,/var/www/html/admin, or potentially any other place.
To determine the location, if you are unaware, it is visible in the Advanced Settings page, as ‘FreePBX Web Root Dir’. FreePBX Distro based machines are set to ‘/var/www/html’
First, run the command:

 

rm -rf AMPWEBROOT/admin/modules/admindashboard

replacing the ‘AMPWEBROOT’ with the system setting.
Then run the following command to remove all traces of it from FreePBX

 

amportal a ma delete admindashboard

There will be an error output saying that uninstallation scripts failed to run, however this is expected, and is signifying that the module was removed successfully.

You must also remove any references to c2.pl or c.sh. which can be found by running the commands:

 

updatedb
locate c2.pl
locate c.sh

We have also noticed that additional Administrator users may have been created as part of a scripted attack. We urge you to verify that your machine does not have any additional unknown ‘Administrator’ users in the “Administrators” page.

Please note the FreePBX ARI Framework module used an independent authentication scheme and does not relate to the FreePBX authentication settings of none, database or web server.

Remember the best practice to avoid risk is to not expose your system to the public internet.

In FreePBX 12 we have implemented module signing which was a key element in identifying this issue. 


Users of FreePBX 12 should always take note of the tamper and/or unsigned module notices that show in their system.

 

Schmooze Com takes security of FreePBX and our other communications products seriously. In practice there are more eyes on the code in open source software than there are in closed source software, however the truth of the matter is security of any technological product is not determined by the method of distribution. This year’s earlier issues with the Heart-bleed Open SSL security defect brought to light not only how much of an impact open source software has on the entire Internet infrastructure, but emphasized the fact that we must continually improve the tools we provide our developers and community to review and scrutinize our codebase for potential security issues and bugs.

Since it’s inception FreePBX has had source and ticket management tools in place to provide transparency to our users. We continue to make huge investments in time, energy, and infrastructure to continually improve these tools. When security problems are found in open source software, the visibility of the code and ease of use provided by these new management tools allow diverse teams to collaborate and contribute code fixes. Bug and security fixes are often available within a matter of hours.

If you find a potential bug in FreePBX you can open a ticket at issues.freepbx.org

Or for potential security related issues, send an email to the security team at security@freepbx.org

CVSS Base Score - 9.4
Impact Subscore - 9.2
Exploitability Subscore - 10
CVSS Temporal Score  - 7.4
CVSS Environmental Score - 6
Modified Impact Subscore - 8
Overall CVSS Score - 6

Allison Smith FreePBX World Interview and 50% off Professional Voice Recording Promo!

Allison Smith FreePBX World Interview and 50% off Professional Voice Recording Promo!
 

 We recently interviewed Allison Smith during FreePBX World in Vegas!

Best known for her work as “The Voice of Asterisk”, and the professional voice talent behind the standard voice prompts bundled with FreePBX, Allison also speaks and blogs about ways to design telephone call flows which won’t drive callers crazy. Watch the interview here, and read her latest IVR Blog below for tips and best practices for creating IVRs.

 

We have added Allison’s Professional Voice Services to our line up of Add-Ons for FreePBX.  You can now purchase custom prompts directly in the Schmooze Portal.  

As a promotion to welcome Allison to the FreePBX Team, Use the PROMO CODE: “ivrvoice” from now until Friday September 19th at midnight central time to receive 50% off professional voice recordings!

  • 10 First-Last Name Recordings –$35.00 $17.50
  • 30 Word Recording $49.00 $24.50
  • 50 Word Recording $75.00 $37.50
  • 80 Word Recording $125.00 $62.50
  • 800 Word Recording – On-Hold w/ optional musical background $350.00$175.00

 Schmooze Portal

IVR design hints and tips, direct from Allison:

You’ve unpacked and installed your shiny new PBX – it’s an exciting time to be you!

Everything’s configured; you’ve updated the modules – you’ve even explored the modules. You’ve got this. You’re primed and ready to enjoy the ease and flexibility that your new FreePBX affords….and then it dawns on you.

This thing is the *gateway* to your company.

You will have *actual* callers accessing your company via your PBX. It’s the entryway; it’s the launch pad for interaction. Their first impression of you.

It’s your “welcome”.

It’s very likely that *zero* thought has been given to the fact that the IVR that your callers will hear – this mechanism which sorts people into various “categories” so that their concerns can be most efficiently dealt with – is the first clue callers will receive about your company. It’s the first inkling of what you’re about; it’s about who you are.

Yet, this crucial detail gets overlooked in the overall set-up of a typical new PBX install. In my daily work of voicing IVR systems – not only for Asterisk, but countless other systems, I’m amazed at the panicked state some people are in when they contact me. Here’s how it typically goes: “We need to get this system live as soon as possible – and I guess we need someone to voice the opening greeting. Maybe the after-hours message too. Oh! And mailboxes….we haven’t even thought about that….” I mean, they’re completely blindsided!

While possibly the most overlooked aspect of your system, getting your prompts voiced by a pro is essential. And although – in the interest of saving time and cutting costs, it might be tempting to grab someone in your office and put them in a quiet boardroom with a rough phone menu jotted on a legal pad, it can’t be over-emphasized how essential it is to hire a voice-over pro to voice your system. Our core competency is consistency (keeping everything smooth and fluid), discipline (to keep energy and sound quality matching from session to session), and a pro sound set-up (nothing has ever sounded great recorded direct-to-phone with background noise. Ever.) Not to mention the ability to add an unmistakable tone of professionalism and authenticity to your front-end.

There you have it! The first roadblock to a professional-sounding IVR is tackled: hiring a pro.

In order for your IVR to flow logically, you need to have a basic understanding of just *what* goes *where*. You require a good handle on how many extensions you have at your disposal; how many extensions you should realistically actually *use*, and – most importantly – you need to confirm that there will be *service* at the end of those extensions.


Whether you use a traditional call flow schematic to map out what you need (I call it “The Corleone Family Tree” due to its complicated, convoluted nature):

familytree.png

…or you simply sketch it out freestyle, it’s important to map out where each extension goes, what happens when the call is picked up, and how to escalate something of higher priority.

Here are some basics to keep in mind:

You Need to Use as Few Options as Possible

I try to tell clients to trim their opening menu down to five options, max. Attention spans being what they are, and retention of what people hear being quite limited, it’s important to pare down the choices to the essential “top five.” Once a selection has been made, a sub-directory should only have about three choices. Any more than that, and the customer isn’t getting anywhere.

Make Sure Urgent/Most Used/Safety-Related Prompts are First

I always tell the story of the cardiology clinic’s IVR I voiced, when – after 10 menu choices (five too many), the *last* prompt in the lineup was “If this is a medical emergency, dial 911…” Anything life-threatening, mission-critical, or time sensitive – front-stack that at the beginning of your IVR. Also, most commonly-pressed choices should be out of the way early; the deeper callers drill into the menu choices, the more specialized the request.

Provide an Opt-In

There’s a popular line of thinking that if you provide a “Press 0” option which routes to an actual person, that it will be abused. Not true. People are becoming more and more fiercely turnkey. They *want* to solve their dilemma on their own. It’s a part of life now, and the way – especially younger consumers – are used to doing things. Sometimes, none of the choices in a phone tree apply to what they’re calling about – and live assistance should always be an option – eventually. (I recently talked a customer out of putting “Press 0 for a live operator” at the *beginning* of their IVR – in that case, that’s *all* they would press. It should be a last-ditch attempt – at the *end* of the menu choices – as a way of providing one-on-one service if all other self-serve avenues fail.)

Of course, it goes without saying that once an extension is assigned, it needs to actually *go* somewhere – a mailbox which is assigned and attended to. Occasionally, I will voice prompts for a small entity who wants to sound larger than they really are – to the point where fake mailboxes were created to fuel the illusion of having reached a multi-national. If – upon frequent calls to the company – the customer figures out that Joe from accounting is also Joe the CEO, it reflects badly; also hugely undesirable is a mailbox which grows and festers unchecked; someone having created it but has not appointed it to be anyone’s responsibility. “Mailbox full” can be a death knell for a customer to hear.

That should get you started thinking about the framework for your IVR, and how all-important it is to set that solidly before writing your script.

To learn more about planning IVR’s and professional voice recordings make your plans to attend Astricon in October, where Allison will be presenting The New Rules for IVR, and Using Asterisk to create “Her”.

allison.jpg

 

 

 

 

Allison Smith, The IVR Voice

Certified FreePBX Partner

Queue Call-Back BETA Free Trial and New Software Bundles!

Announcing Queue CALL-BACKS for FreePBX®! TRY IT OUT FOR FREE!

vq-plus-header-queue-callbacks-free.png

vqplus-icon.pngFreePBX now has call-back solutions for call centers, or any businesses that get more calls than they can handle at one time! One of the biggest complaints most contact centers receive are from callers upset about hold times. With the new queue call-back functionality built into the Virtual Queue Plus FreePBX Module, your customers will never waste their time on hold again!

When enabled on a queue, call-back frees a callers time by letting them “press 1” to exit the call queue, and receive an automated call back. The call-back can go to the number they called in with, or one of their choice. When they are next in line to speak to a representative, the system will place an outbound call, and once accepted by the caller route them to the agent. Not only are your customers happier, but so are your agents, as they don’t have to handle as many disgruntled callers! System administrators and managers can also rejoice as abandon rates drop, as well as telco cost, since lines are not tied up with people waiting in queue!

For a very limited time, this new feature is available in the Schmooze Portal with a Free 30 Day BETA Trial! Simply log into your account, (or create one) click on the store, and add the BETA VQ PLUS Free Month Trial License to your cart, assign it to one of your FreePBX deployments, and check out!

Join the BETA

 

We have created some new bundles that include some of our most popular add-ons for FreePBX. This is a great way to get BIG DISCOUNTS on our most popular software!

system-builder-basic.png

System Builder Basic- $200 USD

This bundle includes key add-on modules that we recommend for every system.Endpoint Manager– easily manage and auto provision hundreds of supported devices directly from the FreePBX Administration GUI. FreePBX Phone Apps (RESTAPPS) IP phone apps that tightly integrate dozens of supported phones with FreePBX features (Visual voicemail, transfer to voicemail, time conditions management, queues, queue agents, presence, parking, login/logout, follow me, do not disturb, conference rooms, call forward, call flow control.)SysAdmin Pro– a power tool for administrators, allows complete system update management directly from the FreePBX GUI as well as management and configuration of system tools such as: intrusion detection, DDNS, DNS, email setup, FTP, abnormal call volume notification, network settings, port management, power options, storage notifications, time zones, UPS and VPN to FreePBX Support.

system-builder-plus.png

System Builder Plus-$500 USD

Fully deck out your FreePBX installs with our most popular add ons all in one package for a great price. This bundle includes EndPoint Manager,FreePBX Phone AppsSysAdmin ProPark ProPaging Pro,Class of ServiceConference ProCall Recording Reports,XMPP Management and Fax Pro.

call-center-builder.png

Call Center Builder-$1275 USD

Take your contact center to the next level with the Call Center Builder Bundle. This bundle provides advanced reporting tools: QXact ReportsCall Recording Reports, Call Management tools such asClass of ServicePinset Pro,Conference ProCaller ID Management, and Advanced Queue Enhancements, including Outbound Call Limiting and VQ Plus, which now includes Queue Callbacks (see above)!

 Schmooze Portal