Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CRENNO Technologies Network Consultancy & Session Border Controller Solutions


Published on

CRENNO Technologies solutions in Session Border Controllers on NGN/IMS Networks Market

  • Be the first to comment

CRENNO Technologies Network Consultancy & Session Border Controller Solutions

  1. 1. CRENNO Technologies Network Security Consultancy & Acme-Packet SBC
  2. 2.  Company Profile  Capabilities  Consultancy & OnDemand Solutions  Session Border Controller  SBC Components & Features  DoS Protection  Access Control – VPN Seperation  Topology Hiding & Privacy  Malicious SW Protection  Service DoS Protection  Fraud Preventing  Monitoring & Reporting  Conclusion Agenda
  3. 3. CRENNO Technologies is established in 2009 last quarter of 2009 All Team members are Computer Engineers Experience Assistances National & International Experiences and R&D Assistances add power to CRENNO Technologies Company Profile
  4. 4.  Network Capabilities  Software Capabilities  Vendors  Languages  Alcatel-Lucent  JAVA – Glassfish App Server  Cisco  .NET  AVAYA  C-C++  Acme-Packet  Experiences  Certifications  Telco Software Development  CCNA  Softswitch Development  CWNA  SMS GW Development  Acme-Packet SBC  Other Technologies  ACA  Solaris UNIX  ORACLE Capabilities
  5. 5.  Network Types & Security  Wireless Networks  Wireline Networks  Voice Networks  Network Security (Session Border Controller)  Services & Solutions  Design / Integration / Installation  Consultancy / Optimization  Support / Education  Network Equipments’ Load, Performance, Stability Testing  Network Software Development Consultancy & OnDemand Solutions
  6. 6. Protect The Service GW SS Service Provider Peer Protect Service Provider Infrastructure GW Enterprise Access Protect SBC MGCP CA Session Border SIP PX Service Controller Provider H.323 GK Residential Access MS Session Border Controller will be used as; Session Director (SD) – integrated session & media control Contact Center Session Controller (SC) – session & border gateway control Border Gateway (BG) – IP-IP packet gateway AS IPPBX Session Router (SR) – SIP routing proxy & cluster server Signaling Firewall (SF) – SIP signaling security & encryption Session Border Controller
  7. 7.  SBC Components & Features  DoS Protection  Access Control – VPN Seperation  Topology Hiding & Privacy  Malicious SW Protection Fraud Prevention DoS Protection  Service DoS Prevention Access Service DoS  Fraud Preventing Control – VPN Prevention Seperation  Monitoring & Reporting Malicious SW Topology Hiding – Protection Privacy SBC Components & Features
  8. 8. SBC goals for DoS Protection  Staying ahead, not react to outages  Protect service provider at all costs  Enable service for largest possible population  Don’t impact type of service available  Don’t impact how service is used  Don’t require changes in other devices  Support heterogeneous (multi-vendor) networks  Don’t rely on external “control” protocols Features  Protect SBC from DoS and other attacks  Dynamically handle device trust  Better service for trusted users  Automatically isolate attackers DoS Protection
  9. 9. Access Control & VPN Per application behaviors Filter by specific devices or whole networks Permit access to known devices or networks Block traffic for applications not supported by SBC Per user behaviors Permit or deny access to anonymous users Permit access to authorized/registered users Dynamically accept or reject traffic based on device behavior Media support Only accept and forward for authorized sessions Filtering & encryption: high performance, low latency, and scale Access Control List filters IPSec and TLS connections Secure L2 and L3 VPN customers Maintain security isolation between VPNs Inter-VPN sessions Monitor media for intra-VPN sessions Signaling-only VPNs Media-only VPNs Access Control-VPN Seperation
  10. 10. Topology Hiding & Privacy Hide entire topology  Prevent directed attacks  Confidentiality Anonymize all user information  Privacy and confidentiality  If desired by service provider Protect from eavesdroppers  End users  Service provider infrastructure High performance  High capacity and low-latency  Performance unaffected by encryption TLS (Transport Layer Security) IPSec (IP Security) SRTP (Secure Real-Time Transport Protocol) Topology Hiding & Privacy
  11. 11. Malicious Software Protection (Virus, Worms, Malware ) Security issues are very complex and multi-dimensional  Attack sophistication is growing while intruder knowledge is decreasing Security investments are business insurance decisions  Life – DoS attack protection  Health – SLA assurance  Property – service theft protection  Liability – SPIT & virus protection Degrees of risk  Misconfigured devices  Operator and Application Errors  Peering  Growing CPE exposure to Internet threats Malicious SW Protection
  12. 12. SBC Service Infrastructure DoS Protection Hide service infrastructure topology  Layer 1-4 topology hiding + NAT  Layer 5-7 topology hiding, privacy, + NAT Prevent infrastructure attacks  SBC DoS protection implicitly protects service infrastructure  RTP media policed to session-based codec value Prevent infrastructure overloads  Per-infrastructure device signaling overload control Multiple load balancing strategies and call gapping Prevent attacks from service provider  SBC DoS protection works in both directions  All networks are untrusted networks Service DoS Protection
  13. 13. SBC Fraud Prevention Authenticate and authorize users  External policy control (COPS/SOAP) for authorization and CAC  Numerous access control features provide basic authentication + authorization  Enforce service contract per-user/device Prevent piggy-back usage  Session signaling messages verified to be session consistent  Early-media blocking for fraud prevention  RTP media policed to session-based codec value  Hardware encryption acceleration for IPSec and TLS Record audit trails  Call detail records created and exported  RTP media QoS measurements monitored + recorded  Media pinhole for ended or stranded calls automatically closed Fraud Prevention
  14. 14. SBC Monitoring & Reporting Monitor for security breaches  Access control + DoS filters, counters, etc. recorded and viewable Notify operations personnel of attacks and overloads  SNMP Traps generated for attacks, authorization failures, overload events Secure monitoring & management access EMS platform available: secured with IPSec or SSL  Separate, external management interface with SSH, SFTP, ACLs Create audit trails  Packet capture of raw packets for analysis  RTP media QoS measurements monitored + recorded  Call detail records created and exported via RADIUS  EMS records security logs Monitoring & Reporting
  15. 15.  CRENNO is a Telecommunication Software Company  This feature brings both;  Network Side Businesses  Software Development Businesses  CRENNO has a deep knowledge of Acme-Packet Session Border Controllers.  For Telecommunication Companies, SBC is a must.  For Other Companies need to grow their voice network, SBCs are need to secure themselves.  Acme-Packet SBC is the leading SBC in the market  CRENNO Technologies’ vision is growing in both market within the scope Conclusion
  16. 16. twitter/crenno