2. Company Profile
Capabilities
Consultancy & OnDemand Solutions
Session Border Controller
SBC Components & Features
DoS Protection
Access Control – VPN Seperation
Topology Hiding & Privacy
Malicious SW Protection
Service DoS Protection
Fraud Preventing
Monitoring & Reporting
Conclusion
Agenda
3. CRENNO Technologies is established in
2009 last quarter of 2009
All Team members are Computer Engineers
Experience Assistances National & International Experiences and
R&D Assistances add power to CRENNO
Technologies
Company Profile
4. Network Capabilities Software Capabilities
Vendors Languages
Alcatel-Lucent JAVA – Glassfish App Server
Cisco .NET
AVAYA C-C++
Acme-Packet Experiences
Certifications Telco Software Development
CCNA Softswitch Development
CWNA SMS GW Development
Acme-Packet SBC Other Technologies
ACA Solaris UNIX
ORACLE
Capabilities
6. Protect The Service
GW SS
Service Provider Peer
Protect Service Provider Infrastructure
GW
Enterprise Access Protect SBC
MGCP CA
Session Border SIP PX
Service
Controller Provider
H.323 GK
Residential Access
MS
Session Border Controller will be used as;
Session Director (SD) – integrated session & media control
Contact Center Session Controller (SC) – session & border gateway control
Border Gateway (BG) – IP-IP packet gateway
AS IPPBX Session Router (SR) – SIP routing proxy & cluster server
Signaling Firewall (SF) – SIP signaling security & encryption
Session Border Controller
7. SBC Components & Features
DoS Protection
Access Control – VPN Seperation
Topology Hiding & Privacy
Malicious SW Protection Fraud
Prevention
DoS
Protection
Service DoS Prevention Access
Service DoS
Fraud Preventing
Control – VPN
Prevention Seperation
Monitoring & Reporting Malicious
SW
Topology
Hiding –
Protection Privacy
SBC Components & Features
8. SBC goals for DoS Protection
Staying ahead, not react to outages
Protect service provider at all costs
Enable service for largest possible population
Don’t impact type of service available
Don’t impact how service is used
Don’t require changes in other devices
Support heterogeneous (multi-vendor) networks
Don’t rely on external “control” protocols
Features
Protect SBC from DoS and other attacks
Dynamically handle device trust
Better service for trusted users
Automatically isolate attackers
DoS Protection
9. Access Control & VPN
Per application behaviors
Filter by specific devices or whole networks
Permit access to known devices or networks
Block traffic for applications not supported by SBC
Per user behaviors
Permit or deny access to anonymous users
Permit access to authorized/registered users
Dynamically accept or reject traffic based on device behavior
Media support
Only accept and forward for authorized sessions
Filtering & encryption: high performance, low latency, and scale
Access Control List filters
IPSec and TLS connections
Secure L2 and L3 VPN customers
Maintain security isolation between VPNs
Inter-VPN sessions
Monitor media for intra-VPN sessions
Signaling-only VPNs
Media-only VPNs
Access Control-VPN Seperation
10. Topology Hiding & Privacy
Hide entire topology
Prevent directed attacks
Confidentiality
Anonymize all user information
Privacy and confidentiality
If desired by service provider
Protect from eavesdroppers
End users
Service provider infrastructure
High performance
High capacity and low-latency
Performance unaffected by encryption
TLS (Transport Layer Security)
IPSec (IP Security)
SRTP (Secure Real-Time Transport Protocol)
Topology Hiding & Privacy
11. Malicious Software Protection (Virus, Worms, Malware )
Security issues are very complex and multi-dimensional
Attack sophistication is growing while intruder knowledge is decreasing
Security investments are business insurance decisions
Life – DoS attack protection
Health – SLA assurance
Property – service theft protection
Liability – SPIT & virus protection
Degrees of risk
Misconfigured devices
Operator and Application Errors
Peering
Growing CPE exposure to Internet threats
Malicious SW Protection
12. SBC Service Infrastructure DoS Protection
Hide service infrastructure topology
Layer 1-4 topology hiding + NAT
Layer 5-7 topology hiding, privacy, + NAT
Prevent infrastructure attacks
SBC DoS protection implicitly protects service infrastructure
RTP media policed to session-based codec value
Prevent infrastructure overloads
Per-infrastructure device signaling overload control
Multiple load balancing strategies and call gapping
Prevent attacks from service provider
SBC DoS protection works in both directions
All networks are untrusted networks
Service DoS Protection
13. SBC Fraud Prevention
Authenticate and authorize users
External policy control (COPS/SOAP) for authorization and CAC
Numerous access control features provide basic authentication + authorization
Enforce service contract per-user/device
Prevent piggy-back usage
Session signaling messages verified to be session consistent
Early-media blocking for fraud prevention
RTP media policed to session-based codec value
Hardware encryption acceleration for IPSec and TLS
Record audit trails
Call detail records created and exported
RTP media QoS measurements monitored + recorded
Media pinhole for ended or stranded calls automatically closed
Fraud Prevention
14. SBC Monitoring & Reporting
Monitor for security breaches
Access control + DoS filters, counters, etc. recorded and viewable
Notify operations personnel of attacks and overloads
SNMP Traps generated for attacks, authorization failures, overload events
Secure monitoring & management access
EMS platform available: secured with IPSec or SSL
Separate, external management interface with SSH, SFTP, ACLs
Create audit trails
Packet capture of raw packets for analysis
RTP media QoS measurements monitored + recorded
Call detail records created and exported via RADIUS
EMS records security logs
Monitoring & Reporting
15. CRENNO is a Telecommunication Software Company
This feature brings both;
Network Side Businesses
Software Development Businesses
CRENNO has a deep knowledge of Acme-Packet Session Border
Controllers.
For Telecommunication Companies, SBC is a must.
For Other Companies need to grow their voice network, SBCs are
need to secure themselves.
Acme-Packet SBC is the leading SBC in the market
CRENNO Technologies’ vision is growing in both market within the
scope
Conclusion