Security for Asterisk

Frequently asked questions about SECast

SECAST

»

FAQ

Topic

FAQ’s

Telium offers a 100% money back guarantee so you can rest assured you don't waste your money. Telium has adapted and evolved its software over many years to ensure compatibility with the broadest range of products and versions. When Telium installs and configures one of its products it will either work as expected or we will provide a complete refund (fees, licences, etc). The reason we are so confident is that we haven't yet found a PBX we could not integrate with.

We have worked very hard to develop a stellar reputation as a trusted and reliable partner - we would not jeopardize our reputation for one sale. Ask your account manager for more information about our guarantee.
From a compatibility standpoint there is no difference between our Free/Flex/Commercial editions; so if the Free edition works on your server then the others will work too. From a connectivity standpoint, a subscription (SaaS) license must contact Telium servers to ask if the subscription is valid; so your environment must allow SecAst to contact Telium servers over the internet (to TCP port 443).
No. Telium engineers require direct SSH access to the hosts. Use of remote desktop (including TeamViewer, PC Anywhere, AnyDesk, RemotePC, LogMeIn, Javascript Console, etc) can causes considerable delays and errors. If you must have installation occur using any remote desktop software then installation effort (and costs) will be doubled.

We recommend that you publish the necessary SSH ports externally, or provide VPN access as noted in FAQ 2042
Yes. We build SecAst for a variety of different CPU architectures. Due to CPU/SBC issues We offer custom platform compilation to our OEM customers only.

Unlike generic PC platforms, SBC's may contain some significant differences in chipsets which would cause HAast to fail when probing hardware (to detect device failure). For this reason we do not offer generic non-x86 software builds of HAast.

If you are targeting a low power-CPU (eg: ARM) then we compile SecAst for the specific CPU model (eg: ARMv8.6-a) to minimize overall CPU load. Compiling for a specific CPU model allows SecAst to take advantage of advanced instructions offered by the specific CPU. We do no simply cross-compile for low power CPU's (e.g. ARM / OpenSPARC / RISC-V / etc.) for performance reasons - unless specifically requested by the OEM. Note that Peerlink (inter-node) communications are encrypted, and encryption/decryption operations benefit considerably from advanced CPU instructions.

In addition to compiling SecAst, we also compile dependent libraries if not already available for the target platform, and optionally interface with onboard sensors for health monitoring. Upon request Telium can compile a complete telephony stack, OS, etc. and deliver a bootable MMC/disk image.

Please contact your account manager for pricing details.
No. Included in the license price of each product is the (optional) shipment of USB dongles. This includes handling (our internal costs) and postage (shipping by postal service with tracking and insurance). Telium uses the basic shipping offering which can deliver in as few as 5 days (or up to 3 weeks to countries like China or Russia). This time may increase in the event of postal disruptions or Coronavirus.

If you need expedited shipping then we can send the USB dongles overnight using UPS or FedEx. Please note that you must pay the full cost of expedited shipping in advance, and that shipments will not leave Telium until payment for the license and shipping have been received in full. Please contact Telium administration (admin@telium.io) with your mailing address to request a quote for expedited shipping.
Although unusual, there are times when Telium must decline the sale of software or services. For example:

If a customer asks us to perform work for which are not qualified, or we do not have the capacity to complete the job to our high standards, we will decline the opportunity. We will not jeopardize our reputation by delivering poor quality work.

If a customer is rude or disrespectful towards any Telium team member then a Telium manager or executive will step in as the point of contact for the customer. If the inappropriate behaviour continues, then Telium will seek to the resolve the issue with the customer, and if not resolvable Telium will terminate the commercial relationship with the customer. Protecting employees is not just the right thing to do, we also have a legal obligation to ensure we don't condone a hostile work environment.

If a prospect is rude or disrespectful, then Telium will decline the opportunity to do business with the prospect. Rude or abusive behavior before we even have a commercial relationship usually leads to worse behavior once a project has started. In addition to protecting our employees, we need to protect our reputation; a single sale is not worth jeopardizing our hard-earned reputation.

If a customer requests that Telium participate in activities which are illegal or immoral, the account manager will attempt to find an acceptable alternative way forward with the customer. If the customer makes participation in these activities essential for project progress, then Telium will terminate the commercial relationship with the customer.

If a customer appears more interested in learning the names of our clients, details of our proprietary technology, names of key staff, etc. than the project/opportunity, then Telium will attempt to proceed with the project using an arms length relationship (minimal contact between Telium staff and the customer). If this is not possible, then Telium will terminate the commercial relationship with the customer.
Yes. If you are registered in the OEM, VAR, or other channel program then we do offer discounted licensing. You can purchase up to 5 unlimited edition licenses of each product for $0 (free), but you still need to pay the full annual maintenance fee. (This covers our license and support costs).

The license you receive will be fully functional (everything enabled) but limited to 5 simultaneous calls. This should satisfy all development needs. Please note that these are Not For Resale (NFR) licenses, and you may not transfer these licenses to anyone outside of your organization. If you require an unlimited edition license with no simultaneous call restrictions for development, then you would have to purchase a normal license (undiscounted).

You may continue to use a developer license only while maintenance is active on that license. If you let the maintenance expire (i.e. do not renew the annual maintenance) then you must cease use of the license.
Yes, the Flex and Unlimited editions of SecAst meet the "Commercial Product" criteria as defined in Far 2.101 (FAC Number 2022-04, Effective Date 01/30/2022).

The OEM edition of SecAst does not meet the criteria for "Commercial Product". The OEM edition may includes features and functionality not available to the general public, individuals, or certain foreign entities. As well, pricing of the OEM edition depends on the included features and functionality, as well as any custom design, development, and other engineering time invested in creating the specific edition.
Yes. However, this support is not included with the SecAst maintenance agreement. You would have to purchase hourly support seperately, with a minimum of 4 hours base plus 2 hours per device. This allows the Telium support staff to familiarize themselves with the equipment and scale effort with the number of units deployed.

In some cases there will be additional charges as Telium will need to acquire or lease the hardware/software in question to allow for Telium support staff to learn about the device. Even if Telium has used such hardware/software in the past, the 4 hour minimum is enforced for all products.

The only exception to the above is if the hardware in question is purchased from Telium. Third party hardware support is included with the base SecAst maintenance agreement, so Telium support staff can assist in the configuration and diagnosis of problems with the third party hardware. Please note that Telium regularly tests and re-tests 3rd party software for devices it resells, and maintains it's own library of drivers, patches, and other tools. Telium cannot provide any such drivers or tools unless the associated hardware was purchased directly from Telium. (Telium cannot legally redistribute any such drivers/patches/tools).
Telium uses a third party service for its licensing technology, and all Telium goods and services which incorporate licensing must be managed through the third party licensing portal. We cannot sell (i.e. reactivate) maintenance on a license once that license number is flagged as expired on the licensing portal. The portal simply will not allow us to do so.

If we were to sell a product or service which equates to, or is similar to, a maintenance agreement outside of the portal that jeopardizes our licensing agreement (since we have a revenue sharing agreement this equates to fraud). We don’t want to say no to any revenue, but we are constrained by a strict agreement and we must act accordingly. If you have an existing license in operation that you want to reactivate then we do offer a 10% discount on license repurchase.
You are welcome to purchase technical support in 40 hour blocks. This will provide you with hands on (SSH) assistance to solve Telium product installation/configuration issues. Communication is by e-mail only. You will be assisted by a technical support representative. Assistance is delivered/consumed in increments of 1 hour. Please note that it is not economical for Telium to offer support in blocks of less than 40 hours. All support hours purchased expire in 180 days.

Telium also undertakes professional service engagements to design, build, integrate, customize, etc. whatever you need. These projects typically start in value at $1M USD, are managed by a project manager, and are staffed by Telium engineers and consultants. Staff can work on site at your location or at Telium's offices in Waterloo Canada. Communications is by phone/video conference/in person.

Telium might undertake a smaller professional services engagement depending on the nature of the project. However, Telium does not normally divert engineering or management resources for smaller engagements. These engagements must be well defined and documented (by the customer) software development projects, and are undertaken for customers who have a substantial existing relationship with Telium.

Professional service engagement fees are exclusive of any product license costs, third party product costs, or associated costs. Neither support nor engineering staff can generate licenses unless an applicable maintenance agreement is already in place.
No, each host running a licensed copy of SecAst must hold a unique license file. This applies regardless of activation method.

In the case of cloud activation or VLS activation, the clients running the duplicate license will be downgraded to the free edition upon detection of the duplicate license. After removing the duplicate license from the offending host, your must restart the SecAst service on both hosts.

If you are using cloud activation, you must contact Telium support to request the license be unlocked. Assuming the licenses in question are covered by a maintenance agreement then there is no charge for the unlock (up to 3 times per year). After 3 unlocks, or if the product is not covered by a maintenance agreement, there is a $500 charge to unlock the license.
Usually the answer is yes. But, we also reserve the right to set a minimum order quantity for particular customers/industries. In particular, if a customer has a lengthy and complex procurement cycle, requires agreement to their own contracts/terms/conditions , or generally incurs additional costs (legal, accounting, etc). then Telium will enforce a minimum order quantity (MOQ). If the consumer is not known at the time of quote or purchase then a MOQ will apply, and may be adjusted upwards at time of purchase at Telium's discretion.

Telium tries to avoid enforcing an MOQ with any quote/purchase. However, if the sales team determines that servicing a particular customer involves an excessive level of cost then a MOQ will be in force. MOQ levels may be 10/50/100 licenses depending on the situation.
If your SecAst maintenance has expired then you can re-institute (i.e. purchase) a maintenance agreement + new base license and continue to receive full support and upgrades. A second option is to purchase hourly support (2 hour minimum) and we can offer support for SecAst or anything else we are qualified to help with. A third option is to post your question in the forums and then you can receive help from other users. Telium's support team will also respond to forum questions on a best effort basis.

NOTE: due to spam problems users can only post questions to forums using the contact form. If you have been directed to this FAQ by the technical support team then they have probably already posted the question for you. Keep an eye on the posting to check for responses.
It depends. If you have a regular Maintenance Agreement for one of our commercial off the shelf products, then we strive to solve (not just respond) your problem within 2 hours. If such a request is unanswered for more than 2 hours then we start moving engineers into the support department to help answer questions. On the outside your problem should be resolved within 4 hours.

If you have a priority maintenance agreement with 24/7 support then your request follows a different path. Your request moves to the head of the support queue. If it is not responded to within 30 minutes the request is escalated to the account manager (ringing his cell phone wherever he/she is, any time day or night). If not responded to within 1 hour the VP Engineering and VP Sales & Service will receive similar notifications on their cell phones. We strive to resolve all priority maintenance requests within 1 hour. If your maintenance agreement contains an SLA / response time clause, then those terms override the above.

All support requests start in a triage queue that is monitored 24/7. Requests fitting into either of the above categories are dealt with quickly in the timelines specified. All other requests (e.g. after hours product information requests, technical requests from users of the Free Edition, technical requests from users with expired maintenance agreements) are dealt with on a best effort basis. Some requests are forward to the admin / marketing team to answer, while others may be moved to the support forums. Please note that the technical support team cannot provide free support for either the Free Edition, or expired licenses. We realize that it can be frustrating not getting free support, but we need to cover the costs of our support department. (So please don't send complaints about not getting support if you are not paying for support).
Yes. SECast has been designed to use a default rule, with exceptions applied based on additional rules/logic/etc.

Many ITSP's and large installations often request that SECast provide another level of exception lookup or override (e.g. check another database to allow/deny a rule), using the customer's own databases or other systems. Telium is happy to add this logic to SECast, unique to each customer's environment, but this is a for-fee exercise. (And this is very common). Please contact your account manager for additional information on how we can provide customization for you.
Yes, but with conditions. The licensing system used by Telium requires that the lowest link in the license chain be anchored to a physical device. When using a VLS, it becomes the lowest link in the license chain and so it must by anchored to some physical device which has been certified by Telium's license provider.

If you have purchased a physical server from Telium, then that device is already certified and the VLS can operate without any external cloud access/dongle/etc. If you wish to use your own server to run the VLS, then you must provide a means to activate the VLS software (see https://telium.io/en/activation/).

If you plan to run the VLS natively on hardware (not virtualized), and that hardware has been certified by Telium's license software provider, then you will not need any external cloud access/dongle/etc since you can use Hardware Fingerprint activation. Please provide the exact make & model of your planned VLS server to Telium before purchasing a software only VLS license, to ensure the resulting solution will meet your needs.

Note that the license provider does not publish a list of certified equipment, as they feel doing so may make it possible to reverse engineer how the license anchor operates. Instead, we can submit and make & model of hardware and they will provide confirmation of certification.
Yes, it's called the Free Edition, and is suitable for companies wanting to test if SecAst's basic functionality & compatibility meet their needs. In addition, the Free edition is a functional and useful security add-on for SOHO environments, more capable that any other freely available scripts, etc. You can download the Free edition directly from the Downloads tab. If you need help during installation you can post your questions on the support forum. (Telium support staff check and respond to forum questions at least once per week).

If you require access to the advanced features of the Unlimited edition we offer a monthly subscription license, as well as a trial package (if your host won't have internet access). The trial package consists of an Unlimited license and two hours of support to help you get up and running. (We cannot issue licenses outside of these options.) To purchase this package contact Telium using the Contact | Ask Online feature and provide details of what you need.
Phone and email support is reserved for paying customers only. If you are doing a proof of concept (POC) then we recommend downloading the Free Edition of SecAst and purchasing 4 hours of Telium support for your POC, which will allow us to assist you to any extent you require. If your POC is succesful, then this investment can carry forward to your production environment since there is no difference between the Free and Commercial Editions of SecAst in terms of setup and configuration. If the Free Edition meets your needs and you are just looking for some help or advice during installation and configuration, then please visit the support forums. You might find the answers to your questions are already there.
In order to keep SecAst's price to a minimum, the product can be licensed by the "simultaneous call". So if your PBX will never have more than 5 calls in progress at once, then you need only purchase 5 simultaneous calls; if your PBX will have 20 calls in progress at once, then you need to purchase 20 simultaneous calls. If your call volume will reach 50 calls in progress at once, then you can purchase the Unlimited edition instead, and not have to worry about lines / call volumes.

Note that calls from attackers count as lines too (until they are identified as such and blocked by SecAst). If you run a small office PBX and are targeted by 5 attack calls at the exact same time as you have 5 legitimate calls in progress, then you must ensure you have a 10 simultaneous call license.
No, SecAst comes pre-compiled for most major Linux distributions and architectures. However, depending on the age/distribution of your Linux OS you may have to find/compile/install prerequisite packages to ensure compatability.
Yes, if you like. The license price includes support (see the editions page), but not setup for you. If you are having difficulty during installation, you can contact us for help. The Unlimited edition includes remote access (e.g. SSH) support for more hands-on problem resolution.

If you would like us to setup the software for you, you will need to purchase additional support hours. The average time to install SecAst is 2 hours (resulting in an operational product). The average time to configure SecAst is also 2 hours (resulting in security configured for your environment), and includes follow-ups for 1 week to adjust or fine-tune any settings. At 4 hours of support the product will be fully installed, configured, and tested in your environment, and fine-tuned to your user needs.

Please note that this estimate is based on direct (SSH) access. If we need to use a remote desktop (eg: RDP, Webex, Teamviewer) to an SSH console then estimated times will increase by 100%. If we need to use a remote desktop to a Java console / SSH emulator, then we generally discourage remote setup (due to lost/duplicate keystrokes, etc), or increase estimated time by 200%. These increasing estimates are based on historical installation times, and reflect a decreasing ability to multitask or use automated scripts in our installation, etc.
Yes, details on the number of incidents and duration of support is available on the Editions tab above. Note that included support is for SecAst only. If you require assistance with security design, Asterisk design, firewall concepts, etc. then this support is available at the hourly rates specified on the editions tab.
Yes - just be sure to pick a license activation type that suits the platform you are running on. If your hardware changes daily/weekly then pick the USB dongle activation, cloud activation, or VLS activation option. If it changes once per year then any activation type will work (just email us if you need a new license following a server failure, etc.).

We have re-activated machines for customers (who chose hardware fingerprint activation) following major hardware changes and always try to be fair and reasonable. If you have purchased a 25 simultaneous call licence and after a couple of years a motherboard fails we will likely reactivate without question. If you have purchased a 5 simultaneous call license and need 3 new activations after 1 month we will likely not reactivate. We try hard to be reasonable and fair - but also need to prevent license fraud.

So please ensure that you activate SecAst only once it is installed on the final platform of your choice, and that you pick the activation type that's right for you.
Yes. If you use SecAst in a HAast cluster, then SecAst will transfer all of the above to ensure the active peer can pick up where the standby (failing) peer left off.
The subtle differences between Linux distributions make it difficult for a single binary to work on all distributions. To address this, Telium compiles SecAst on the most popular platforms and architectures. If you don't see your distribution / architecture on the download page, then Telium will create a custom compilation for you - if you are purchasing at least 5 Unlimited licenses (or their equivalent lines). In the case of non-PC hardware (eg: Rasbery Pi), there may be an additional fee for compilation.

SecAst supports most modern Linux distributions, including RedHat/CentOS 6 or later, Ubuntu 12 or later, and Debian Squeeze or later. As for other distrbutions, if they natively include Qt5 libraries then they are likely supported.
Yes, even an intermediate Linux admin can install SecAst. Installation involves editing some settings, linking files, and installing packages using yum/apt-get. Depending on the age of your Linux distro you may have to search for missing packages, or even compile a dependent package. Overall, our detailed instructions should help an intermediate admin get SecAst up and running.

If you wish we can complete the entire installation and configuration for you; just purchase 4 hours of assistance (typical installation and configuration). If you are new to Linux but want to try installation yourself we recommend using the Red Hat / CentOS Linux distribution as it has the most mature support environment, precompiled packages, etc.
In order to allow SecAst optimal visibility of attack information and hackers, SecAst should be placed directly behind the firewall. If your Asterisk servers have a direct connection to the internet, then SecAst should be installed on those servers, or SecAst can be setup on its own server as a proxy in front of your Asterisk server(s). If you place SecAst inside your network (e.g. behind another Asterisk server), then you severely restrict the attack information available to SecAst and disable a number of important detection features.
All editions are actually the same binary file, so they operate identically; however, some capacity limits have been introduced and features have been removed to create a lower priced / free product offerings. Details of what features are available in each edition are listed on the Editions tab above.
Yes - The SecAst activation code is tied to your hardware, so you can safely upgrade your OS or Asterisk and then re-use your existing activation code. If you are within your maintenance period then you can also download and install the latest version of SecAst at no extra charge.
Our business hours are Monday to Friday, 9am to 5pm Eastern time. Our support hours mirror our business hours, but 24/7 support is available on a contract basis (priced based on the systems under contract). Our support reps will respond to support requests, product information requests, and licensing requests outside of business hours on a best effort basis. Support is not available during statutory holidays or periods of company shutdown, with the exception of contracted 24/7 support.
Yes! Sometimes your needs are just a bit outside the core functionality of SecAst, and the handlers offered by SecAst don't meet your needs. We would be happy to quote a change to SecAst to customize it to your needs. If you are purchasing 20 or more Unlimited licenses (or equivalent line licenses) we may include some changes/enhancements to SecAst as part of the base license price. If you are an integrator/reseller looking for compatibility with 3rd party hardware/software, please contact us for more details.
If you are using the Free edition of SecAst or a subscription then yes. If you are using the Flex or Unlimited editions and have a permanent license then no (we would go out of business if we did that). We do include free upgrades while your copy of SecAst is covered by a maintenance agreement. If you wish to upgrade your copy of SecAst outside of the maintenance agreement period then you would have to repurchase a full verion of SecAst. We do however offer a 10% discount when upgrading an existing license (i.e. using the same hardware as we have on file for that license).
It depends. If your copy of SecAst currently has a maintenance agreement in place (i.e. you want to extend your agreement), then yes. Otherwise you can no longer purchase a maintenance agreement, and instead would have to purchase a new license. If you are considering a maintenance agreement for the purpose of upgrades, view FAQ 2116 above.
Yes! We want to know about it, and we want to fix it. If we have not discovered this bug yet, then we will also give you a no-charge maintenance agreement covering upgrades to the new version - even if your maintenance agreement expired years ago. If we have already discovered this bug, then we will let you know and you would have to upgrade under a maintenance agreement to get the latest version (See FAQ 2116 & FAQ 2117)
Yes. Each permanent license comes with a 3 month maintenance agreement. This allows for support as well as free upgrades during that period. If you wish to extend the maintenance agreement period then you must purchase an annual maintenance agreement (while the licensed copy is still covered by an agreement). If you let your agreement expire then you will have to repurchase SecAst. (See FAQ 2117) Note that subscription licenses include a maintenance agreement.
SecAst has been designed to work with Asterisk 1.4 through Asterisk 16. Once the next Asterisk version grows in popularity it will be certified compatible as well. Note that some SecAst features depend on Asterisk functionality only available in later versions.
Yes. In fact the installation guide includes specific steps and screenshots for how to configure SecAst with configuration generators/distros like FreePBX®. SecAst is certified to work with FreePBX® 2.1 or later, Issabel® / Elastix® 4.0 or later, Thirdlane® 7.0 or later, PIAF® 2.0 or later, Genesis ISS®, and various other smaller distributions. As noted in FAQ 2109, the underlying Linux version must include support for Qt5.
Yes. Based on experience, we offer a discount once you've shown that you actually resell our product. We have 3 discount levels, the first is reached when you purchase a total of 10 Unlimited license (or the equivalent of 250 Flex lines). We only make additional reseller information available after you have reached this first volume level. If you purchase all 10 CU licenses (or 250 CF lines) at once, we will apply a first tier reseller credit towards that purchase.
To avoid competing with resellers we do not generally apply discounts to end-user sales. Please contact support@telium.io for more information.
SecAst makes use of a variety of products/libraries, all of which are properly licensed for inclusion in the SecAst product. This product includes Qt5 libraries created by Digia Oyj, Valimotie 21, 00380 Helsinki Finland Tel. +358 10 313 3000, available from www.digia.com. This product includes GeoLite2 data created by MaxMind, available from www.maxmind.com.
SecAst is written entirely in C and C++. The distributed package includes some shell (BASH) scripts to ease integration with different Linux distributions.
Yes. Licenses are perpetual and transferable between individuals or corporations (but are not transferable between devices if using hardware fingerprint activation).
Yes. You can always add more lines to an existing SecAst installation while it is covered by a maintenance agreement. Just contact us (see above) and let us know the license number and the number of *additional* lines you wish to purchase. Note that your line cost may increase to cover the cost of a prorated maintenance agreement up to the end of the existing maintenance agreement period. If your SecAst maintenance agreement has expired, then you will have to purchase a new license with the total number of lines necessary. (See FAQ 2117)
You are welcome to use the Telium forums, where you'll find answers to many questions. You can also post questions which can be answered by other users or by the Telium support group on a best effort basis. (We check the forums at least once per week to ensure questions are answered).

For direct and immediate support you can also purchase professional services (support) by the hour from the BUY tab above.
We welcome all resellers/integrators and look forward to distributing the product through your organization. However, based on experience we only place customers into the 'reseller' category once they have actually sold a large volume of our software. Until then, you are welcome to familiarize yourself with the product through the Free edition, and purchase support by the hour as necessary. (See FAQ 2122 for more information)
As we add new features to SecAst the difference between the Flex and Unlimited editions will continue to grow. If you lost a feature as a result of us moving a feature to the Unlimited edition, then will we upgrade your license to the Unlimited edition at no charge. You will never lose a feature you paid for!
SecAst is an acronym for Security Add-on for SIP Telephony, but must people refer to it as Security for Asterisk. SecAst is pronounced 'See-Kast'.
SecAst is available for resale by integrators, for inclusion in their products and services, etc. High volume integrators are permitted to rebrand the product, but Telium retains the rights to the products, licensing, and updates.
First of all, you should be aware that Fail2Ban is not a security system. Fail2ban is a generic tool that reads log files and then adds IP addresses to the local iptables. Fail2ban has no ability to detect hacking, suspicious packets, suspicious dial patterns, etc. Fail2ban only blocks an IP if Asterisk records a failure to login. Digium warns users not to use Fail2Ban as a security measure; see http://forums.asterisk.org/viewtopic.php?p=159984

SecAst uses event information from the Asterisk AMI, data from the network interface card, SIP data (including dialing digits, rate of dialing, etc), and more to create a profile of each user/device and identify potential hacking and fraud. SecAst uses proprietary databases of phone numbers used in fraud, known source IP addresses of telecom hackers or intrusion attempts, and all IP addresses mapped to cities/regions/countries/continents worldwide to dramatically reduce the risk of fraud or intrusion. SecAst also uses heuristic detection (like Antivirus software) to identify behavioural patterns indicative of hacking attempts, or indicative of calls being made using stolen credentials. SecAst continually monitors endpoint activities (even after registration) to protect the PBX and stop fraud.
You can't. Disclosing the patterns we use for detection simply gives hackers a guide of what to avoid. Even SecAst logs will not precisely disclose what action(s) triggered a heuristic pattern detection.
The geofencing data is licensed from a 3rd party. Historically their data has been updated on a monthly basis.
New intrusion signatures and geographic IP data are made available through program updates. It is not possible to update just the signatures or geographic IP database seperately.
Likely yes - since SecAst is a 100% software solution running on the Asterisk server. If you create your cluster using High Availability for Asterisk (HAast) from Telium, then the cluster will transfer banned IP lists, settings, etc. between servers for optimal continuity following a failover. As well, when using SecAst with HAast you need only buy one SecAst license to cover your entire cluster.
Telium understands the importance of protecting the corporate network, and is pleased to connect to your secure environment using VPN. However, Telium cannot install custom VPN software for every client (there are a large number of open source and proprietary VPN clients out there). By default Telium will connect using any Microsoft Windows supported VPN protocol (PPTP/L2TP/IPSec/IKEv2) or shared Cisco VPN protocol. If you need Telium to connect using any other protocol (or using a client tied to your VPN concentrator), then we must install your preferred VPN client in a virtual machine built just for you. So if you can't use any of the above protocols or you cannot port forward from your public IP, then you must purchase an additional 2 hours of support to cover our costs to create a support virtual machine just for you.
If your Asterisk servers are clustered using HAast (High Availability for Asterisk) from Telium then no - you will receive a second SecAst license at no charge ($0) for your standby PBX. If you are running any other type of clustering or backup software then you would have to purchase a regular priced license for the second server running SecAst.
Yes, our software and our licensing system support virtual machines and containers. Since a VM/container is too generic for our software to fingerprint (for hardware fingerprint activation), choose one of the other 3 activation types that best suits your needs. Note that if you use a container then you must have access to the underlying physical host.
Yes. SecAst is fully compatible with Amazon Web Services and other public cloud services.
We have three types of distributor/partnership programs. The first is a reseller program which includes discounted products, additional support, training, etc. The second is an ODM/whitelabel program for device manufacturers to include our high availability, security, and telematics software with their devices. The third is a services alliance program where professional service companies can include the skills and capacity of our organization with their own when proposing / delivering services to clients. Minimum product volumes / service fees are a prerequisite for all programs. For further information please email/call.
Yes. Using the telnet interface to SecAst you can issue commands to communicate with Telium's Fraud Database. Use the 'help frauddb' command to see the exact syntax. Note that you must have a valid maintenance agreement in place to access the Fraud Database. If your maintenance agreement has expired, then SecAst will continue to operate normally but without use of the Fraud Database.
No. Our reseller agreements require that any discounts offered direct to customers be extended automatically to reseller purchases. So extending a sale for one customer means we must issue rebates to all resellers for all sales for the same extended period (and that cost can become considerable for us).
Yes. The unlimited edition of SecAst includes access to the SecData online databases, and SecAst will automatically check every number dialed and every device connected to the PBX against the SecData databases. Any matches in the database will be returned to SecAst as a risk score, which can be used to disconnect a call or ban the device. Access to the SecData databases is only available while your maintenance agreement is active.
Telium supports most major Linux distributions and architectures, and appreciates that there are many differing opinions on the 'best distribution'. However, if you are new to Linux and looking for the easiest way to get up and running, then we recommend Red Hat version 7 (or the free equivalent called CentOS version 7). RH7/CentOS7 is a mature and stable operating system, and is the most popular Linux distribution within the Asterisk community. Major configuration generators (eg: FreePBX®, PIAF®, etc) also use RH7®/CentOS7® (but may rebrand it under their own name). All prerequisite packages for SecAst are readily available for RH7 which also makes installation simpler.
SecAst includes 500 queries per month of both the Fraudulent Phone Number database and the Hacker IP Address database. This is equivalent to the 'small' business plan listed on the SecData product pages. Users can increase this limit by purchasing a SecData access plan separately.
SecAst commercial edition users can access the SecData service only while they have a maintenance agreement in place. To extend access to SecData, users can either extend their maintenance agreements or purchase the SecData service separately.
No. Discount pricing is only available when buying a large volume of licenses. Even though you are a reseller, buying 1 license means you are purchasing at retail quantities and we cannot discount the price. However, if you have at least one Telium Certified Engineer on staff, then you do qualify for a discount even for a single license.
Activation is a way for software vendors to turn on the features you have paid for in the software you have purchased, and a way to prevent software theft (or pirating). In order to offer the greatest possible flexibility to customers, and minimize inconvenience, Telium offers four different types of activation: Hardware fingerprint (just like Microsoft does with Windows), USB dongle, Cloud, and Volume License Server. You can find out more information on how these four activation methods work here: telium.io/activation
Yes, just be sure you understand what that means. The maintenance agreement allows you to receive ongoing support for your purchase, and to apply updates downloaded from our website. If you only buy one maintenance agreement, then only 1 of your 10 licenses is eligible for support, and only 1 of your 10 licenses will accept software updates (once the included maintenance period expires you will not be able to install updated software since the license will not be accepted, or if you do update the software then it will operate as the free edition).
By default SecAst uses 256-bit DES encryption for communication between nodes. However, OEM editions (including editions sold to military, government, and security partners) may include 256-bit AES encryption. The 256-bit AES encryption is only available upon request, and only as part of an OEM edition.
In general we recommend that you save the SecAst package file you download from the Telium website at time of installation. However, so long as you have a maintenance agreement in place, you should be able to download the latest package file and install it. If for some reason you need the old package file (and your maintenance agreement is still active), we will try to restore an old package file from a backup for you. Please note that we do not archive every release of every product, so we can't guarantee that we will find exactly what you are looking for.

If you do not have an active Maintenance Agreement, then we will still do our best to help you. In such a case we would charge for 4 hours of support time to find a particular (or closest) release package, restore it from an old backup, and place it on an FTP server for you. There is no guarantee that the package we restore will be exactly the one you want, or that it will meet your needs, or even that your license will be compatible. This type of work is on a best effort basis.
If you have engaged Telium professional services then we are happy to make recommendations on third party hardware/software. However, if we do not have a signed engagement letter, then we have legal exposure from recommending equipment without having completed due diligence on your needs. A signed engagement letter includes provisions to limit Telium's liability / exposure, and without this protection we cannot provide any advice.
We are happy to subcontract or jointly bid on projects. Before Telium applies any effort towards writing a whole/portion of a proposal, we must ensure that our portion is substantial, and the rewards justify project and partner risk. If your organization has never worked with Telium before then we may suggest a simple subcontract relationship for the work you would like us to undertake. If we have successfully partnered in the past then Telium is more likely to undertake the cost and risk of joint bidding a project.
Once a product (e.g. SecAst) license is issued it is permanent (i.e. cannot be revoked). For this reason we require prepayment for all licensed products.

If you have been accepted into Telium's reseller or OEM program, then you may qualify for payment terms. Minimum order quantities, minimum purchase history, and confirmation as an established OEM/VAR are required for acceptance into these programs. Please contact your Telium account manager for more information.
Yes. We offer a subscription service for SecAst which allows you to rent the software. You pay by the month for your copy of SecAst to remain activated. You can also chose your plan (commitment period) as monthly or annual, which changes the monthly fee.
It depends on what you mean by "secure", and how many PBX's is "many". Consider these four scenarios:
1. The simplest solution is to use cloud activation, that's compatible with all VM's and scales easily regardless of how many PBX's.
2. If "secure" means no access to the internet, then using a USB dongle may be most appropriate.
3. if you cannot connect a USB dongle to the VM, then consider a network USB device or Volume License Server (VLS).
4. If "many" means more than 10 PBX's, then a VLS VM or appliance is most appropriate.

Please contact the Telium support group if you want further details or want to discuss which activation solution would work best for you.
Your USB Dongle is like any other physical asset in your IT department, so you should insure it for loss/fire/theft/etc., for the full value of the software. Once paired, a dongle will continue to work for whomever holds it.

We can replace one or more dongles, but their price will be the full amount of the software (less a 10% discount for replacing an existing installation).

If your USB dongle was damaged in a fire you can send it to us and we will ask the manufacturer to extract the serial number (a $250 charge). If the serial number can be confirmed then we will issue a replacement dongle at no charge (other than shipping). However, if it's badly damaged this may be a waste of your money.
Your volume license server (VLS) is like any other physical asset in your IT department, so you should insure it for loss/fire/theft/etc., for the full value of all software linked to that VLS. A VLS will continue to work for whomever holds it, so its value is determined by the number and types of licenses linked to it.

We can replace one or more licenses linked to a stolen VLS, but their price will be the full amount of the software (less a 10% discount for replacing an existing installation).

If your VLS was activated using a USB Dongle then see FAQ 2323 for another recovery option.
Many clients deploy Telium products into secure environments with extensive restrictions. This includes health care, military, government, emergency services, and other environments. Telium fully supports deploying into these environments and offers a variety of solutions to accommodate these scenarios: https://telium.io/en/activation-in-secure-environments/
If you purchase professional services as part of your project, your account will be credited with the number of hours of service purchased (at the rate in effect at the time of purchase). This credit remains active for 12 months.

After 12 months any outstanding balance will be forfeit. For this reason we recommend purchasing only the number of hours required during the subsequent 12 month period. Please note that if you enter into a separate contract with Telium then the terms of that agreement may supersede the above.
In order to offer the best possible value we try to balance expediency with price. In the event that your need is urgent we can help:

1. Payment: Wire transfer (SWIFT) offers the lowest cost method of payment (approximately $20 for the sender). It can take between 3 and 21 business days to arrive. If you need faster payment then PayPal (which includes credit card) may be preferable, as payment is normally confirmed within 2 hours. However, you will incur a 3%-5% processing fee (as charged by PayPal).
2. Shipping: USB dongles are shipped by postal service at no charge to you. It can take between 1 and 3 weeks for dongles to arrive depending on the destination country. If you require your dongles more quickly we can ship then by courier (usually 2 business days until they arrive). However, you will incur a shipping fee (as charged by the courier) which can range from $150 to $350 depending on destination country.
3. Activation: If you wish to begin full feature testing before USB dongles arrive we can provide temporary cloud based licenses. These licenses can remain active for up to 90 days.

Please ensure you leave sufficient time in your project schedule for the shipping and payment method you choose.
The licensing product we incorporate in SecAst is fully compatible with Azure and AWS (and other cloud providers). This means that you can scale your instance up/down, move it to a new host, add storage, etc. and your license will remain activated.

Assuming you have chosen "Hardware Fingerprint" activation, the fingerprint is based on your instance ID and network MAC address. So just be sure you don't delete your instance (which will cause you to get a new instance ID), or delete your network interface / ENI (which will cause you to get a new MAC address).

In the event that you change your instance ID or MAC address, your license will be invalidated (deactivated). In this case you would have to purchase an entirely new license (full price). Remember that hardware fingerprint licenses remain active forever, so requesting a 'replacement' license bypasses all fraud prevention. We cannot give you a free or discounted replacement for a license which you have invalidated. (Our license service provider will not give us a free replacement license either).

Although rare, Amazon or Microsoft sometimes change the Instance/MAC format or reporting method (which may cause the license to be refused). This is not a problem, we can generate an updated license at no charge (assuming you have a maintenance agreement in place for the cluster). If you use a fingerprint license on a cloud provider we suggest you keep your maintenance agreement active on your license so that we can generate a new license if needed. AWS last made such a change in 2016.

Yes. The price is $200 to purchase one/two USB dongles in advance. This covers primarily the labor to create keys, cost to ship them, cost of materials (keys, packaging), and pickup charge by the carrier. You can also return the USB dongles if unused. You would have to cover the shipping costs, and upon receipt you would be credited $30/dongle, which would be applied to your account. If the total credit on your account is $500 or above, we can optionally send you a refund check or EFT.
The SecAst product can be returned for a full refund. In order to qualify for refund the following three criteria must be met: 1. A license/dongle has not been issued. 2. No support services have been consumed in association with the SecAst product. 3. No more than 60 days have passed since the SecAst product was purchased (i.e. PO issued or invoice paid, whichever comes first). If the product qualifies for refund, then any associated maintenance agreement purchased at the same time also qualifies for refund.

Please note that once Telium issues a license for any of its software products, those products can run forever with that license code. So return of a SecAst license does not prevent a customer from continuing to run the software indefinitely. To avoid fraud Telium cannot issue refunds for any software product once a license has been issued.

Refunds are issued by wire transfer, to the same account which paid for the original order. In order to avoid fraud, a refund will only be issued once our financial institution has confirmed that the received payment has cleared (which can take up to 90 days for international payments). Please contact your account representative (or customer support) for a Return Merchandise Authorization (RMA) number and return instructions.