Archive for November, 2006

Using Apple AirPorts

Wednesday, November 29th, 2006

Intro
AirPort is a local area wireless networking system from Apple Computer based on the IEEE 802.11b (which runs at 11Mbps) standard (also known as Wi-Fi) and certified as compatible with other 802.11b devices. A later family of products based on the IEEE 802.11g (which runs at 54Mbps) specification is known as AirPort Extreme, offering speeds up to 54 megabits per second and interoperability with older (802.11b) products.
AirPort and AirPort Extreme in common usage can refer to the protocol (802.11b and 802.11g, respectively), the expansion card or the base station.
In Japan, AirPort is known as AirMac due to trademark conflicts.

When logging into a non-Mac machine into an airport runniwn WEP you will need to translate the WEP password into Hex. This can be achieved by clicking on the password icon in the menu bar.

Airport Interface
Airport express and Airport extreme have a firmware limitation that limits the amount of concurrent connected users. Airport Express is limited to 10 concurrent users and the Airport Extreme is limited to 50 users.

Select “Enable interference robustness” when the base station is in an environment with other 2.4 Ghz devices that can interfere with your network. Devices that can cause interference include cordless telephones, some television repeaters, and microwave ovens.

The GUI interface of Airport Admin only allows for 1 port at a time to be directed to an internal IP.

WAN
Airport uses WDS. A Wireless Distribution System is a system that enables the interconnection of access points wirelessly. As described in IEEE 802.11, it allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them. Base stations connected thru WDS cannot share their internet connection with other remote base stations. WDS can automatically be configured by the main base station as long as you have all of the airports with their default settings and default passwords. WDS lists are built and tracked using airport IDs.

All base stations in a Wireless Distribution System must be configured to use the same radio channel, and share WEP keys if they are used. They can be configured to different service set identifiers. Since WDS needs all wireless stations to be on the same channel, changing the channel will break WDS.

LAN
PPPoE, Static IP, DHCP, WDS are all types of internet connections. PPTP is a VPN protocol. A virtual private network (VPN) is a private communications network often used within a company, or by several companies or organizations, to communicate confidentially over a publicly accessible network. VPN message traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider’s private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

PPPoE only requires Account name and User Password for a connection. PPPoE is primarily a DSL type of connection is used to only provide authorized access to the internet connection.

Which is NOT an option for the LAN Addressing when setting up DHCP Ranges?
There are three classes of internal IP addresses. A,B,C. Class A has range of 10.0.0.1 – 10.255.255.255 with a subnetmask of 255.0.0.0 which translates to about 16,777,215 addresses. Class B has a range of of 172.16.0.1 – 172.31.255.254 with a subnetmask of 255.255.0.0 which translates to about 1,048,576 addresses. Class C has a range of 192.168.0.1 – 192.168.255.254 which translates to about 65,536 addresses. Every address with a prefix with of 10., 172., or 192., is an internal IP.

DHCP needs to be turned on to be able to use the NAT feature. NAT might prevent users from printing to appletalk printers due to appletalk being an unroutable service. Distribute IP addresses needs to be uncheck if appletalk printing is needed.

Security
Using airports in conjunction with a RADIUS server allows for a stronger layer of authentication. Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations

A SSID is visible by default. By checking the “Create a Closed Network” button you will be hiding the SSID. In order to connect to a hidden SSID network, you must select “other” from the airport dropdown menu.

Access control feature on the Airport is used to allow only authorized MAC addresses wirelessly access to the Airport. This feature does not support access control on the wired interface. This is not very secure since there are ways to spoof MAC addresses. Airport allows for exporting of the list for backup purposes or for importing to another base station.

Features
As a feature Airport offers parental controls for AOL as long as the AOL client is installed and configured properly.

DMZ is available on the airport by selecting the “Enable Default Host at” check box in the base station options.

Updating the firmware is simple and easy. If the interface prompts you for a firmware upgrade, simply hit the upload button to upgrade the firmware.

When sharing printers on an airport or airport express use the bonjour protocol to setup the printers.

Enable Kerberos Auditing In Windows Server 2003

Tuesday, November 28th, 2006

To enable Kerberos event logging on a computer
[ ] Open your registry editor:
[ ] Add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry key
Set the value of the registry key to LogLevel
Set the value type of the key to REG_DWORD
Set the contents (data) to 0×1
Close Registry Editor and restart the computer

To disable Kerberos event logging
[ ] Delete the Delete the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel registry key

Managing FileMaker Pro Clients

Wednesday, November 22nd, 2006

From Wikipedia:
FileMaker Pro is is a cross-platform database application from FileMaker Inc. (a subsidiary of Apple Computer), known for its combination of power and ease of use. It is also noted for the integration of the database engine with its GUI-based interface, which allows users to modify the database by dragging new elements into the layouts/screens/forms that provide the user interface. This results in a “quasi-object” development environment of a kind that is still largely unique in the “industrial strength” database world.
FileMaker was one of a handful of database applications released on the Apple Macintosh in the 1980s.
FileMaker is now available for the Macintosh and Microsoft Windows operating systems, and can be networked simultaneously to a mixed Windows and Macintosh user base. FileMaker is also scalable, being offered in desktop, server, web-delivery and mobile configurations.
-

To complete a FileMaker Pro setup there are some things that you should remember to do, such as installing the latest patch for the version of FileMaker Pro being used, and testing the setup with the client.

When using FileMaker Pro, there are different ways to browse files, one of these ways is to implement Launcher Files so that users can access files and database with the fewest amount of clicks as possible.

To log into a FileMaker Server from FileMaker Pro, you can use paths to connect. The path would need to use a FileMaker-like application connection which is accomplished by typing “Fmnet://” without quotes. You are not required to put the username or password in the directory path to connect, just use the servername and databasename that you are trying to connect to, in the aforementioned order.

If you ever get serial number conflicts with FileMaker Pro, then ensure that you are ALWAYS using the correct license code to install the application. When entering the serial number, and FileMaker Pro refuses to accept the serial number, CHECK to make sure that the “registered to:” and “Company” fields MATCH the license code.

FileMaker Pro Advanced has some features that separate it from the regular version, such as Develop Utilities, Database Design report feature, Script Debugger, Data Viewer, Copy feature, Tooltip feature, Custom menus feature, File Maintenance Tools, and Custom Functions Utility.

Server External Authentication supports Single Sign On for the Windows platform and an analogous behavior on Macintosh OS X. This is a commonly employed technique in IS/IT system and network management. The concept behind Single Sign On, sometimes called universal authentication log–on or single–source log–on, is the belief that it simplifies user credential management activity by requiring the user to remember only one set of credentials to access digital assets and network based assets. Strictly speaking Single Sign On for FileMaker Pro 8 is a Windows OS client to Windows OS server feature only. However, in Macintosh OS X the feature can be mimicked by storing the credential information in the Keychain.

FileMaker Pro uses port number 5003 with both the TCP and UDP protocols when communicating via TCP/IP. Remember this when you have a firewall to go through.

FileMaker Pro Server is important because files running on a shared system without FileMaker Pro risk data loss. FileMaker pro files cannot be hosting using AFP in the same manner as using a FileMaker pro server.

FileMaker shares databases by sharing the database over a share point and opening it. Dymo is the most commonly used label printer with FileMaker.

When troubleshooting a connection from FileMaker Pro to FileMaker Pro Server, and it works from other systems, you should fall back on the normal networking troubleshooting tactics, such as checking the network connectivity on the client workstation, check the basic physical, then check the basic logical connectivity.

If you ever need to defrag FileMaker Pro Files than you can use SpeedDisk to defrag the databases.

If you are using FileMaker Pro on Windows XP to connect to a database hosted by FileMaker Server on a Mac OS X Server, and you are not able to connect to the database, you would check to see if anyone else can connect, then check the physical networking topology, after, you should check the Windows Firewall, as this is the most likely cause after everything else has been eliminated.

When trying to make it easier for users to open databases stored on a FileMaker Pro Server, you should save the users password for the FileMaker Server.

PS drivers are highly important in the FileMaker Pro world, if you don’t have the proper PS drivers installed, you can have a slew of different print problems, remember to always have the proper PS drivers installed.

To use a bar code scanner with FileMaker Pro, all you have to do is click in the field and pres the button to scan on the scanner. There is not much more you have to do to get a bar code scanner to work with FileMaker Pro. What it will do it capture the numbers from the barcode, have them show up on the screen in the appropriate (or selected) field.

The User Name in FileMaker Pro is set using the User Name option under the FileMaker Pro Preferences dialog box, under the General tab. This is where you can either set the system name, or type in the user name of the user once you click on “user name”, and select “other”.

FileMaker Pro client cannot share a database that is hosted on a server, but FileMaker Pro Server can.

A VLA is a volume license agreement, and like with most software, it is only available when you purchase more than one piece of software. It allows you to use the same serial number for numerous installations. For FileMaker Pro it is 10 or more users, and the number of installs you can deploy is determined by the VLA, and most time this is limited to the amount of licenses you purchases with your VLA.

The default file cache size for FileMaker Pro is 8MB, you can see where this is at by opening up FileMaker Pro, and clicking on Edit, Preferences, and then clicking on the Memory tab. This route will work for FileMaker Pro 8.5.

FileMaker Pro 6 can open databases hosted by FileMaker Server 5 and 5.5. FileMaker Pro 6 was released in or around 2002.

Troubleshooting Basics for Mac OS X

Tuesday, November 21st, 2006

Mac OS X Troubleshooting

INSTALLATION

When you are installing OS X you should ALWAYS perform a custom installation. If for nothing else, to remove the additional language support, which can waste a sizable chunk on the hard drive.

Make sure that the computer can handle booting from the Tiger DVD disc. If not, you won’t be able to install the OS from a DVD. You’ll need to boot off another machine with the OS or an external drive that has the os loaded on it.

Because OS 9 only runs in a non-journaled Mac OS Extended partition, you should make sure to format it this way if there is a need for the end user to use OS 9. X11 and Yellow Dog Linux do not need it. Also, it should not be installed by default as there are security concerns with this formatting option.

Choosing which file system to use on a Mac is of the utmost importance. The HFS+ file system is preferred, because it offers journaling, quotas, byte-range locking, Finder information in metadata, multiple encodings, hard and symbolic links, aliases, support for hiding file extensions on a per-file basis, etc. UFS is another preferred file system if it is going to be performing a lot of BSD-related work. It is important to note that UFS, because it is a Unix-based file system, is case sensitive.

Most desktop software applications available for purchase today support the Tiger OS. But from time to time, as consultants we run across legacy apps that will not support it. These include Norton Antivirus 9, Now Up To Date 4.5 (5 is supported), and Clients and Profits for OS 9. You should be aware of this as you are recommending software upgrades.

The BSD subsystem, which allows the users to operate the OS from a command line, is enabled by default. If you disable it, the Network Utility will not be installed.

Tiger is only compatible with G4’s and G5’s and a most G3’s. These include the Power Mac G3, slot loading iMac, the eMac, the iBook G3, and the lampshade iMac. The Beige G3 is not compatible.

From time to time, prepping a machine to join an Open Directory server environment is a key part of the initial setup. One key element to this setup is using Directory Access to join the Open Directory network.

Language translations, while handy if your user is multi-lingual, generally occupy wasted space on the hard drive. If you forget to uncheck these language translations in the initial installation, there is a free utility for download called DeLocalizer that will remove any additional language translations.

Enabling the firewall on a machine is generally a good idea. It protects the user’s data by creating an encrypted gateway between the user’s data and the outside world. The only exceptions to this arise if the OS X firewall interferes with any other software or hardware that isn’t compatible with the Tiger OS.

UPGRADES AND MIGRATIONS
For the most part, updating a Mac OS X system completely is only NOT appropriate when a client has specific Applications or Utilities that do not work with latest updates to the Mac OS. Generally, updates to an OS are good and should be applied. If a client asks you to not install the updates, a conversation should be had between you and the client asking why they are hesitant to upgrade. Remember, YOU are the expert. Slow internet connections and low system resources are both easily surmountable with some basic troubleshooting. The migration assistant, which is a feature only resident in Mac OS Tiger and Leopard only supports transfer via Firewire.

Generally speaking, its safe to clone a mac hard drive from one type of machine to another (provided that the hardware is compatible with the OS). The problems that you generally run into with this scenario involve driver conflicts.

It is absolutely imperative that you have the client test the upgrade when it is finished. But this should definitely be saved for the very end. You should back up the system prior to performing the upgrade, run any software updates after the install is complete and do a system resources check when you are finished updating. When you are confident that the system is running as well as it should, then hand it over to the user to test.

When you are copying a profile over from one machine to another manually, make sure that you are using the ditto command from the terminal and conducting the transfer as the user you want to control the profile. This will ensure that the permissions are set correctly.

Sometimes while migrating a user’s data manually, you may need to copy over some key folders manually. Look for their address book which is in the ~/Library/Application Support/Address Book directory and copy that over. If they use Entourage, you will also want to copy their Microsoft User Data folder which is in the Documents folder of that profile. An example of a folder that you don’t want to move over are folders with font caches in them. These fodlers can confuse the font installation on the new machine. Other items, such as the Preferences folder and the login items will come over nicely.

BACKUPS
One of the biggest reasons why IT support companies are fired is their improper implementation of their clients’ back-ups. This is why it is absolutely imperative that backups are performed whenever possible.

USER ACCOUNTS
The 318admin account is not always installed on client machines. Yes, we greatly encourage it, but if the client specifically states that they don’t want it on their machines, we cannot force their hand in it. We will, though, fully document their system including user names and passwords in order to support them remotely.

When troubleshooting issues with a user’s profile. Repairing disk permissions is a good bet. If this doesn’t help, it might help to run the machine in target disk mode and run repair disk permissions on the volume. This can only work if the drive is mounted as an additional volume and not the boot volume.

When cleaning up machines, it is sometimes useful to delete old user profiles. Deleting users from the user accounts creates a .dmg file that is placed in the /Users/Deleted Users folder.

GENERAL TROUBLESHOOTING
Font issues run rampant in Tiger. Generally fonts are located in three different locations in the profile. /Library/Fonts, /System/Library/Fonts, and ~/Library/Fonts. For heavy font management, we highly recommend font management software such as Suitcase to manage fonts.

When troubleshooting a client machine, it is also possible to run the machine in safe mode by rebotting the machine and holding down the Shift key after you hear the startup tone. Safe mode does limit the ability to use certain aspects of the OS. For example, the AirPort card and certain multimedia devices are disabled. Safe Mode will disable all of the login items and will only run Apple installed items at startup as well as required kernel extensions. It will force a directory check of the startup volume as well.

serveradmin in OS X

Monday, November 20th, 2006

Mac OS X Server is a strange beast. It has the ability to cause you to
think it’s the greatest thing in the world in that you can do all kinds of
complicated stuff quickly through a nice GUI. It can also dismay many of us
who know where Unix-specifics live in the OS and would prefer to configure
things there. So, where are all those settings that override so many of
the default Unix configuration files? Serveradmin is a command that gives
access to much of what you see in Server Admin and much of what you don’t.

Serveradmin use starts out with viewing data on a specific service. For
example, type sudo serveradmin fullstatus vpn and see a full status on the
settings and use of the vpn service. Or issue an sudo serveradmin settings
ipfilter command and see the settings applied to the firewall service. To
see all of the services you can configure and view type sudo serveradmin
list. Then look at doing a serveradmin start afp followed by a serveradmin
stop afp. Suddenly you are stopping and starting services on a server using
the command line, meaning you can actually issue these over an SSH session
rather than having to use ARD to connect. This can become invaluable when a
bad firewall rule locks you out of the Server Admin tool. Just issue a
serveradmin stop ipfilter and you’re right back in!

You can also set settings that aren’t available in the GUI. For example,
look at VPN. Let’s customize where we put our logs. First, type in sudo
serveradmin settings vpn. Now, look for the following entry:
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = “/var/log/ppp/vpnd.log”

To change this setting, let’s type in:
Serveradmin settings vpn:Servers:com.apple.ppp.pptp:PPP:Logfile =
“/var/log/ppp/pptpvpnd.log”

Now the PPTP logs will be stored in a separate location than the logs for
the rest of the VPN service. This couldn’t have been done using a
configuration file, but only using the serveradmin command. Nifty!

Now let’s look at NAT. NAT is cool, but there’s just two buttons: Start and
Stop. So how would we require a proxy for Internet traffic? How about
this:
Serveradmin settings nat:proxy_only = yes

Or we could log denied access attempts using:
nat:log_denied = no

These options aren’t available from the GUI at all. But what really happens
when we’re using these commands? Well, typically a plist file is being
updated. Any time you see a yes or no value then you are looking at a
boolean variable in a plist file. That log_denied variable is also stored
in /private/etc/nat/natd.plist in the lines:
log_denied

Fun stuff! In my book I actually go into a little more detail about
forwarding specific ports to other IP addresses using the NAT service as
well. That too happens in a plist.

Data Loss

Sunday, November 19th, 2006

We’ve attended plenty of events that preach the importance of backup, but rarely is it approached from what is essentially at the heart of data protection – data recovery. For example, did you know that DLT tapes (still the media of choice across the board) are designed to be overwritten only 5 times? According to our valued partners at SonicWALL, Inc., administrators report that they use DLT tapes an average of 12 times. Also, something like 73% of the backed up data surveyed, was unrecoverable!!! Point being, a backup is only as secure as its recovery plan.

The recommendation here is to run periodic recovery drills to test the viability of the data protection scheme. Taking SonicWall’s lead, we here at 318, Inc. would like to begin a vigorous push with all our clients towards increasing the awareness of the importance of data recovery. Another tidbit: 93% of companies that had suffered a major loss of data, were out of business within one year. Far too many systems administrators’ careers have ended abruptly due to recovery-plan negligence and we’ve all seen it happen… nuff said.

A few more interesting points on the subject of data loss (if data loss can be considered interesting…):

The speed of recovery is as important as anything else. The example was given of when, during the early days of eBay, their servers were brought down under attack and, though their data was safely backed up, it took 2.5 days to recover it. Million$ lost in revenue! Administrators should design a plan that includes rapid recovery of the most recent and most critical data, allowing the affected party(s) to resume their daily tasks while recovery of the older, less important files continue to restore.
People are, by far, the biggest challenge to security – eg. Passwords taped to monitor screens; using “password” as their password, etc. Only strict security company policies and education can combat this security leak. Even the most secure server in the world can be easily compromised by an employee walking through an airport with log-on credentials for that server, written with a Sharpie on the outside of their laptop case (it was an agent from the U.S. Homeland Security Department -true story – as the laptop came out of security’s X-ray scanner, it was mistakenly handed to the wrong person!).
Small to medium businesses are hit hardest by data loss. They usually have fewer resources to invest in protecting their data and are usually the ones least likely to appreciate the importance of a strong backup/recovery scheme.
Data protection is more important than ever now, considering that cyber-criminals are making approximately 6 times more money with far fewer expenditures than organized crime ever did, even in its hey day.
On the subject of data security, no discussion is complete without extensive planning for protecting the network that the data resides on. “Controlling the flow of data can be as difficult as herding cats.” For network security, 318, Inc. recommends the SonicWall TZ 170 firewall/router for most networks. We feel it’s important to understand some of the differences between using SonicWall’s firewall appliances and the limitations of other, “consumer level” products such as Linksys or D-link routers. From SonicWall.com:

SonicOS Standards, which ships on every SonicWALL TZ 170, includes:

Real-Time Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention. The TZ 170 extends security from the network core to the perimeter by integrating support for SonicWALL’s Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service, delivering real-time protection against the latest blended threats, including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code.
Powerful Content Filtering. The TZ 170 supports SonicWALL’s Content Filtering Service, providing an enterprise-class, scalable content filtering service that enhances productivity and security without requiring additional server or deployment costs.
Deep Packet Inspection Firewall. The TZ 170 features a configurable, high performance deep packet inspection firewall for extended protection to key Internet services such as Web, e-mail, file transfer, Windows services, and DNS.
WorkPort. The SonicWALL TZ 170 includes an optional port that can be configured as a WorkPort, creating an independent, isolated zone of trusted network security that protects corporate networks from malicious attacks that can occur when telecommuters share broadband Internet access with networked home computers.
Comprehensive Central Management Support. Every SonicWALL Internet security appliance can be managed using SonicWALL’s award-winning Global Management System, which provides network administrators with the tools for simplified configuration, enforcement and management of global security policies, VPN, and services, all from a central location.
More information about SonicWall’s products can be found at their website: http://www.sonicwall.com.

318, Inc. is a proud partner of SonicWall, and would appreciate the opportunity to perform a vulnerability assessment on your network in order to offer you some solid recommendations for protecting it.

SANS Mac OS X Checklist

Tuesday, November 14th, 2006

At 318 we take our customers security to be a serious matter. To help aid our customers and the Mac OS X Community at large in maintaining a maximum level of security, we have worked with the SANS Institute to develop a security checklist for Apple computers. This can be obtained at:

https://www.sans.org/score/macosxchecklist.php

Migrating Outlook 2003 Master Category List to Outlook 2007

Saturday, November 11th, 2006

1. Create a backup of selected Outlook 2003 contacts to PST format.
2. Verify that backup PST has categories on it by opening with 2003.
3. Close backup PST and Outlook 2003.
4. Open Outlook 2007 and back up current contact list in 2007 before deleting items.
5. Import Contacts from Outlook 2003 backup PST into desired destination Contact list.
6. Select a Contact item from your contact list (that is a member of a category not yet added to Outlook 2007), right click on contact and select “Categorize” then select “All Categories”
7. A new dialog appears with the default categories and the category which is not yet a part of the Master Category List (the one that you would like to add to the Master Category List). Highlight the desired Category and then select “New” (located on the right hand corner of the dialog). The category you highlighted will be specified; simply select a default color for the item and then select “OK” twice to apply the changes.
8. The color selected will be propagated to all contacts belonging to that category and the category added to the Master Category List.
9. Repeat steps 6-8 for all Categories not yet added to the Master Category List.
10. Reopen Outlook 2007 and verify that the changes have become permanent.

You have successfully migrated your Master Category List to Outlook 2007.

VoIP Technology Overview

Tuesday, November 7th, 2006

As the name implies, VoIP refers to voice or phone calls that traverse data networks using Internet Protocol (IP). This may mean that the calls are going over the Internet, or it may simply mean calls are traveling over privately managed data networks that are using IP to transport the calls from one location to the other.

This represents a fundamental change or shift in transportation and routing of traditional voice services work over analog wires.

With VoIP, the voice stream is broken down into data packets, compressed and sent to its destination using the Internet (as opposed to establishing a ‘permanent’ connection for the duration of the call), with routes traffic use depending on the most efficient paths given network congestion. Once received the packets are reassembled, decompressed, and converted back into a voice stream.

Digital format can be better controlled: we can compress it, route it, convert it to a better format, and so on. Digital signal is more noise tolerant than analog, but is also effected more by environment than Analog. VoIP applications require real-time errorless data streaming to support an interactive data voice exchange. This is obtained using Quality of Service (QoS). QoS helps ensure that packets aren’t lost, resulting in the loss of segments of voice traffic, or annoying clicks to users.

The bandwidth overhead for VoIP is far less than that of standard streaming audio. Today, every sound card allows 16 bit conversion from a band of 22050 Hz (for sampling you need a freq of 44100 Hz according to the Nyquist Principle) obtaining a throughput of 2 bytes * 44100 (samples per second) = 88200 Bytes/s, 176.4 kBytes/s for a stereo stream. Therefore, very good quality streaming audio requires 176.4 kBytes/s of bandwidth.

For VoIP, the throughput to send voice packets (176kBytes/s) . Digital data can be converted to a standard format that can be quickly transmitted, such as Pulse Code Modulation.

Pulse Code Modulation (PCM) is known to the IEEE as Standard ITU-T G.711 Voice bandwidth is measured at 4 kHz, so sampling bandwidth has to be 8 kHz (for Nyquist). Each sample is at 8 bits. Bandwidth requirements are 8000 Hz *8 bit or 64 kbit/s, as a typical digital phone line. Because of lower overhead and easier control over traffic, VoIP is cheaper in terms of bandwidth than using standard phone lines.

When using a standard phone line (PSTN), users pay a line manager company for the time used. The more time they talk, the more they pay. With VoIP Services, users can talk as long as they want with multiple people within their same VoIP network. For example, if a company has an office in Lansing, Michigan and an office in Los Angeles, California and use VoIP with their phone services then all calls between the Lansing and Los Angeles offices should be free.

Telephone companies use VoIP for a lot of long distance connectivity. They setup lines between two cities and are then able to transmit all calls between those two city’s free of charge with a much lower overhead than with PSTN lines. Vonage has entered the VoIP market, targeting residential services. By having sites in many of the major cities they are able to transmit calls between those cities free of charge.

Many companies also have sites in multiple cities as well. The availability of VoIP is now in a stable and mature stage and readily available from multiple vendors. Pricing has come down drastically over the past few years and VoIP solutions are now available for Small and Medium Sized business as well as the Enterprise.