Integrated system security features protect the system and the client registrations for security infringements and associated liabilities.
Security in Carrier Grade VoIP Systems is of utmost importance. Unexpected and unwanted system infringements can cause financial damage, and may also cause irreparable reputational damage to a Service Provider.
Aarenet Security Suite is a set of active and passive system and application related security features. The Security Suite is categorized in three feature groups. The Secure Limiter function was designed to block fraudulent access attempts to the SIP Clients’ accounts. The Security Protect function analyses the egress and ingress IP traffic for anomaly and the Security Connect function will limit unallowed access attempts into the system.
As a first line of defence, the number of usable voice channels can be limited per subscriber account. This will prevent unwanted simultaneous calls to be made in parallel in the case of a subscriber account take-over. In parallel, Aarenet’s top stop functionality can be configured to limit the maximum total charges of a subscriber account during a defined accounting period. If a certain threshold charge has been reached, system generated emails are sent to the Service Providers NOC and associated actions can be initiated. Finally, time controlled block sets will block certain destinations during defined time frames.
Accessing any core system component starts with the use of secure credentials. The Aarenet VoIP system will screen all system login credentials and report weak passwords. Configurable list of blocked directory numbers (black list) prevents calls to costly destination and service numbers. New to the Security Suite is the ability to detect destination anomaly and call pattern anomaly. Without infringing on any personal data, the voice traffic pattern is analysed and in the case of anomaly threshold detection, notification will be sent to Service Provider’s NOC. Service Providers personnel can contact the end-users to assure that the usage is legitimate and not a consequence of any fraud account usage.
The Secure Connect Suite accepts account access only from a predefined set of IP address ranges (single, multiple, address range) and secures the system against any non-controlled access. Account access fail attempts (DoS, password attack) will lead to account blocking and subsequent messages being send to the Service Providers NOC. The support of multiple IP subnets (private and public) allow the Service Providers to serve End-users within a private IP network. Up to 64 private IP subnets are supported.