Embed Size (px)
Citation preview
Agenda
Why Cyber Security?
Products, Projects and Services
Why Cyber Security? Telecom?
COMMUNICATION OVER IP CONTINUES TO GROWWITH NEW TECHNOLOGIES AND SERVICES...- IPv4 addresses run out and IPv6 being used- 4G days going on and 5G is planned to be a live in 2020 – no circuit switch
support any more- VoIP (packet switched network) usage being increased- The secure VoIP is the main point due to the nature of the IP network
topology and VoIP systems
• Cost Savings – setup, operation and support• Rich Media Services• Phone portability – no location based• Service Mobility• Integration and collaboration with other
applications• User control interface• No geographical boundary• Rich features
* Due to vulnerability of IP networks and VoIP systems, more fraud attempts on VoIP
PSTN + GSM VoIP
Why Cyber Security? VoIP? Global VoIP Traffic
*Stattistica 2014,http://www.statista.com/statistics/267183/forecast-for-the-worldwide-voip-traffic
Secure VoIP Important
Why Cyber Security? 2013 Estimated Fraud Losses
Total Loss
$46.3 Billion
VoIP Hacking
$3.62 Billion
VoIP Traffic Theft
Communications Fraud Control Association (CFCA Report) 2013, http://cfca.org/pdf/survey/Global%20Fraud_Loss_Survey2013.pdf
Fuzzing
Password Cracking
Denial of Service
Voice Quality Disruption
Information Theft
Malware Attacks
Eavesdropping
Toll Fraud
Why Cyber Security? VoIP Frauds Occurred…
Hacker attacks - %25 on Voice Systems
According to Control Phreak 2012 report;
AT&T PABX customers hacked and - traffic ended to Somali, Cost Fraud: 1 milyon $ (minutes 22$, 4 days) – 9 June 2012- international premium-rate services calls - Cost Fraud: 2 milyon $ - 28 November 2011
In Russia, during elections, advertisement announcements in the calls - 9 December 2011
Toll Fraud More than 2,200 company in ABD, Cost Fraud: 55 milyon $
Attacks to VoIP and UC systems, more than 20,000 in a year
Agenda
Why Cyber Security?
Products, Projects and Services
Products, Projects and Services Products
VoIP Security Scanner
1. The first multifunctional national VoIP Vulnerability Assessment Tool2. Expert system report presents detailed reports of security measures against vulnerabilities3. Protocol compatibility and stress tests4. VoIP traffic generation and automatic service tests5. Fuzzing tests using Genetic Algorithm and ABNF6. Flexible and modular structure
VoIP Application Firewall
1. The first national application level firewall solution2. Attack detection and prevention with deep instantaneous statistical data analysis,3. Dynamic filtering, automatic rules update, and policy rule editor4. Detecting critical system parameters and anomaly detection with traffic monitoring method5. Detection and prevention against attacks such as toll fraud, DDoS, fuzzing, call forwarding fraud6. Anomaly detection in big-data using learning algorithms architecture
Medya Security Platform
1. Secure communication (voice, video, message and file tansfer, signature)2. Encrypted communication3. Windows, Android and iOS support4. Two scenarios support - Lawful intercept scenario - Not intercept scenario5. Device independent6. Smart card use7. 13 Patent
VoIP Application Firewall
Products, Projects and Services VoIP Application Firewall
InternetService Providers IP Firewall
VoIP Application Firewall
Internal and External VoIP Network Securitywith NOVA V-GATE ile
SBC / SIP Server
Products, Projects and Services VoIP Security in Unified Communication
VoIP Server Web & EmailServer
DNS Server DatabaseServer
ApplicationServer
< Router >
< Firewall >
< Switch >
< Firewall >
< Switch >
Call Forwarding Fraud
Traffic Call GeneratorThe fraudsters gain access to an enterprise PBX or the IVR of a voice mail system. They can then configure call forwarding to an expensive long distance destination to profit from a revenue sharing deal.
The frauder has a revenue sharing deal with the high cost destination and recevies payment.
Products, Projects and Services
Products, Projects and Services One Ring and Cut (Wangiri) Fraud
The fraudster sets up calls to voice subscribers, but hangs up after one ring.
Curious subscribers see a missed call on their phones, and return the call, not realizing that the number is actually a high cost destination. (This fraud can be realized with SMS message.)
Service provider routed call to high cost destination.
Products, Projects and Services Vishing, “Voice-Phishing, ANI Spoofing
The fraudster pretends as a legitimate business to attempt to gather customer data such as credit balance from someone.
Products, Projects and Services Security Threats Prevented by V-Gate
Your Services (Call, Forwarding eg.) Denial of Service Delay Used by others
Your Data (User profiles, service info
eg.) Theft Replace
Your Quality of Services (Traffic
management, delays, pricing eg.)
Slowdown in voice and video services Capacity Problems Misinformation and
billing problems
%100 inhouse
VoIP Security ScannerAnd Security Report
Products, Projects and Services VoIP & Web Pentest Services
Security threat simulation tools and modules
Reconnaissance Distributed Denial of ServiceFuzzing Man In the MiddleBulk Call Generation (from spoofed IDs), Stress and Capacity Tests
We give pentest services with our own products.
Attack and Penetration Testing
Analyze The Results
Generate System Report
Define the Aim
Determine the Scope
Collect Information
Detect Vulnerabilities
RECONNAISSANCE MAPPING DISCOVERY EXPLOID REPORTING
Products, Projects and Services Why NOVA V-SPY?VoIP Device Reconnaissance Determining whether
they workSoftware Version
Control Sytem Info
System Capturing Attacks Pentest Changing the configuration of system equipment
Resistance test against traffic routing frauds
Denial of ServiceCall ((IP, port and user) generator
from single point or the distribution points
System resistance test with fuzzing messages
Security test with protocol message chain
System Capacity and Stress Tests
Security controls of systems
System durability tests with stress tests
Decision support for operational management
%100 inhouse
Media Security Platform
Products, Projects and Services Secure Communication
Android applicationWebRTCSecure voice and video communicationSecure messagingSecure screen sharingAlgorithm skipping (Blowfish, AES256…)Key skippingDiffie-HellmanSmartcard13 PatentsLawful intercept (For Public Users)SPiDR compatible
Products, Projects and Services Why NOVA MSP?Device
Independent Android MSP Web client
IOS (near time)
Secure Communicati
onEncryption Algorithms Smart Card Session based
Communication
%100 inhouse The source code sharing where necessary
Custom Based Development
THANK YOU
www.novacybersecurity.com
