Due to vulnerability of IP networks companies are facing more fraud attempts and threats on VoIP networks.
You are safe with Netas Nova Cyber Security Product Family
3. Why Cyber Security? Telecom?
COMMUNICATION OVER IP CONTINUES TO GROW
WITH NEW TECHNOLOGIES AND SERVICES...
- IPv4 addresses run out and IPv6 being used
- 4G days going on and 5G is planned to be a live in 2020 – no circuit switch
support any more
- VoIP (packet switched network) usage being increased
- The secure VoIP is the main point due to the nature of the IP network
topology and VoIP systems
4. • Cost Savings – setup, operation and support
• Rich Media Services
• Phone portability – no location based
• Service Mobility
• Integration and collaboration with other
applications
• User control interface
• No geographical boundary
• Rich features
* Due to vulnerability of IP networks and VoIP
systems, more fraud attempts on VoIP
PSTN + GSM VoIP
Why Cyber Security? VoIP? Global VoIP Traffic
*Stattistica 2014,http://www.statista.com/statistics/267183/forecast-for-the-worldwide-voip-traffic
Secure VoIP Important
5. Why Cyber Security? 2013 Estimated Fraud Losses
Total Loss
$46.3Billion
VoIP Hacking
$3.62Billion
VoIP Traffic Theft
Communications Fraud Control Association (CFCA Report) 2013,
http://cfca.org/pdf/survey/Global%20Fraud_Loss_Survey2013.pdf
Fuzzing
Password Cracking
Denial of Service
Voice Quality Disruption
Information Theft
Malware Attacks
Eavesdropping
Toll Fraud
6. Why Cyber Security? VoIP Frauds Occurred…
Hacker attacks - %25 on Voice Systems
According to Control Phreak 2012 report;
AT&T PABX customers hacked and
- traffic ended to Somali, Cost Fraud: 1 milyon $ (minutes 22$, 4 days) – 9 June 2012
- international premium-rate services calls - Cost Fraud: 2 milyon $ - 28 November 2011
In Russia, during elections, advertisement announcements in the calls - 9 December 2011
Toll Fraud More than 2,200 company in ABD, Cost Fraud: 55 milyon $
Attacks to VoIP and UC systems, more than 20,000 in a year
8. Products, Projects and Services Products
VoIP Security Scanner
1. The first multifunctional national
VoIP Vulnerability Assessment Tool
2. Expert system report presents
detailed reports of security measures
against vulnerabilities
3. Protocol compatibility and stress
tests
4. VoIP traffic generation and
automatic service tests
5. Fuzzing tests using Genetic
Algorithm and ABNF
6. Flexible and modular structure
VoIP Application Firewall
1. The first national application level
firewall solution
2. Attack detection and prevention with
deep instantaneous statistical data
analysis,
3. Dynamic filtering, automatic rules
update, and policy rule editor
4. Detecting critical system parameters
and anomaly detection with traffic
monitoring method
5. Detection and prevention against
attacks such as toll fraud, DDoS, fuzzing,
call forwarding fraud
6. Anomaly detection in big-data using
learning algorithms architecture
Medya Security Platform
1. Secure communication (voice,
video, message and file tansfer,
signature)
2. Encrypted communication
3. Windows, Android and iOS support
4. Two scenarios support
- Lawful intercept scenario
- Not intercept scenario
5. Device independent
6. Smart card use
7. 13 Patent
10. Products, Projects and Services VoIP Application Firewall
Internet
Service Providers
IP Firewall
VoIP Application Firewall
Internal and External
VoIP Network Security
with NOVA V-GATE ile
SBC / SIP Server
11. Products, Projects and Services VoIP Security in Unified Communication
VoIP Server Web & Email
Server
DNS Server Database
Server
Application
Server
< Router >
< Firewall >
< Switch >
< Firewall >
< Switch >
12. Call Forwarding Fraud
Traffic Call Generator
The fraudsters gain access to an enterprise PBX or the IVR of a voice mail system.
They can then configure call forwarding to an expensive long distance destination to profit from a revenue
sharing deal.
The frauder has a revenue sharing deal
with the high cost destination and recevies payment.
Products, Projects and Services
13. Products, Projects and Services One Ring and Cut (Wangiri) Fraud
The fraudster sets up calls to voice
subscribers, but hangs up after one
ring.
Curious subscribers see a missed call on
their phones, and return the call, not
realizing that the number is actually a high
cost destination. (This fraud can be
realized with SMS message.)
Service provider routed call to high cost
destination.
14. Products, Projects and Services Vishing, “Voice-Phishing, ANI Spoofing
The fraudster pretends as a
legitimate business to attempt
to gather customer data such as
credit balance from someone.
15. Products, Projects and Services Security Threats Prevented by V-Gate
Your Services (Call,
Forwarding eg.)
Denial of Service Delay Used by others
Your Data (User
profiles, service info
eg.)
Theft Replace
Your Quality of
Services (Traffic
management, delays,
pricing eg.)
Slowdown in voice
and video services
Capacity Problems
Misinformation and
billing problems
%100 inhouse
17. Products, Projects and Services VoIP & Web Pentest Services
Security threat simulation tools
and modules
Reconnaissance
Distributed Denial of Service
Fuzzing
Man In the Middle
Bulk Call Generation (from spoofed IDs),
Stress and Capacity Tests
We give pentest services with our
own products.
Attack and Penetration Testing
Analyze The Results
Generate System Report
Define the Aim
Determine the Scope
Collect Information
Detect Vulnerabilities
RECONNAISSANCE MAPPING DISCOVERY EXPLOID REPORTING
18. Products, Projects and Services Why NOVA V-SPY?
VoIP Device
Reconnaissance
Determining
whether they work
Software Version
Control
Sytem Info
System
Capturing
Attacks
Pentest
Changing the
configuration of
system equipment
Resistance test
against traffic
routing frauds
Denial of
Service
Call ((IP, port and
user) generator from
single point or the
distribution points
System resistance
test with fuzzing
messages
Security test with
protocol message
chain
System Capacity
and Stress Tests
Security controls of
systems
System durability
tests with stress
tests
Decision support for
operational
management
%100 inhouse
20. Products, Projects and Services Secure Communication
Android application
WebRTC
Secure voice and video communication
Secure messaging
Secure screen sharing
Algorithm skipping (Blowfish, AES256…)
Key skipping
Diffie-Hellman
Smartcard
13 Patents
Lawful intercept (For Public Users)
SPiDR compatible
21. Products, Projects and Services Why NOVA MSP?
Device
Independent
Android MSP Web client IOS (near time)
Secure
Communication
Encryption
Algorithms
Smart Card
Session based
Communication
%100 inhouse
The source code
sharing where
necessary
Custom Based
Development