Security

Nowadays, telecommunication networks are the linchpins of an interconnected and digitalised world. Secure communication plays a pivotal role in the process. After all, more and more mission-critical processes depend on contemporary networks. Therefore, rising connectivity in industry and critical infrastructure, as well as the surge in the threat from cyber crime, place stringent demands on communications networks’ cyber security.

Syserso Networks has comprehensive security solutions for customers’ public and private communication networks.
What’s more, we can offer robust advice when it comes to cyber security, risk analyses to identify security breaches, help with creating security management systems, implementing secure communications networks to the ISO 27001 standard. And last but not least, we can also offer our 24/7 management security services via our Security Operation Center (SOC).

Syserso Networks is a member of the Alliance for Cyber Security

Security solutions for IT and OT networks

Security operation centre (SOC)

We are there for you and your customers around the clock. Take advantage of our NOC/SOC and our expertise for your network operation, even outside regular working hours. Reduce costs and remain competitive.

Attack detection system

Attackers who get past firewalls and IDS systems or internal perpetrators are almost impossible to detect without suitable tools, but they always leave traces! With caplon©, security and operations teams can recognize these traces at an early stage and react quickly.

Anomaly detection in telecontrol networks

Anomaly detection lets you know what’s going on in your network at any time.

Security solutions for transport networks

Secure gateways

Secure communication with remote sites.

Encryption solutions for layers 1, 2
and 3

Protect transport paths effectively.

Security solutions for VoIP

Anti-DDoS for VoIP

Protect your infrastructure by applying Syserso Networks’ Anti-DDoS concepts.

Anti-fraud management​

Telephone fraud is hard to spot and often only detected once it’s occurred. Come and find out about our anti-fraud solutions and prevent fraud from happening.

Customer location function​

If SIP account data gets into the wrong hands,
fraudsters can easily make use of it. The connectivity session location and repository function (CLF) reliably prevents this from happening.

Topology hiding​

The SIP protocol discloses a lot of internal and private information, for example IP addresses in various headers that revela an SIP communications path. Syserso Networks’ solutions conceal this information reliably.

VoIP data encryption​

The SIP protocol is indispensable in today’s VoIP networks. To keep communications confidential, the data streams and media need to be encrypted. And this is where Syserso Networks’ Session Border Controller (SBC) services come in.

Anti-DDoS for VoIP

A DDoS attack (distributed denial of service) is an attempt to flood a company or carrier’s telefony service with messages from various sources so that it can’t cope and is no longer available to users.

The goal is to combat DDoS attacks outside the network so that they don’t even reach the service itself and compromise user security. In a VoIP environment, session border controllers are required to seal off the core network with the application services, or the enterprise network from the access networks to prevent any crashes. This is done by rejecting any unqualified session request and ultimately only forwarding a defined number of qualified requests to the core network that do not exceed the core’s capacity.

Our partners’ solutions

Cirpack

Anti-fraud management

Learned telephone behaviour can help detect telephony fraud. Thanks to its anti-fraud solutions based on an IN platform or VoIP monitoring system, Syserso Networks makes it possible to spot and prevent cases of fraud based on a set of rules.

Our partners’ solutions

Telsis – IN platform

consistec – VoIP monitoring

Customer location function

If SIP account data gets into the wrong hands, criminals can easily use it to commit fraud. The connectivity session location and repository function (CLF) reliably prevents this from happening.

Our partners’ solutions

Telsis

Topology hiding

There is a risk of IP addresses and network structures from customers’ own core infrastructure being disclosed to third parties, if this infrastructure is not properly protected.

The SIP protocol discloses a lot of this information, e.g.
  • SDP shows IP addresses and ports from which media data is sent.
  • The contact header field shows an endpoint’s IP address
  • Via, route and record route headers show the whole path of an SIP message exchange
It’s important to conceal or remove the information from these SI elements to make life as hard as possible for criminals.

Our partners’ solutions

Cirpack

VoIP data encryption

The SIP protocol (session initiation protocol) is based on the HTTP (hypertext transfer protocol). Therefore, it’s very flexible to extend and easy to read. This makes it easy to read and listen in at any point during the transmission.

Another advantage of SIP is that it separates session and media negotiation, enabling huge flexibility in terms of the payload supported. This separation means that the two data streams can be encrypted separately from one another. You can encrypt SIPS via the TLS protocol (similarly to HTTP), also called SIPS, and encrypt the media stream (voice data) via the SRTP protocol too.

To guarantee secure encryption, both data streams (so session and media) must be encrypted at the same time. Symmetrical encryption methods are used in the interests of performance and the resources required. To do so, the media stream’s symmetrical keys are exchanged via the SDP (session description protocol) in the SIP signalling and would therefore be vulnerable to attack via an unencrypted SIP.

The TLS’s equally symmetrical keys are also replaced at the beginning of the session, but in this case the SSL certificates also take action so that the symmetrical keys are securely encrypted and replaced with the SSL certificates’ asymmetric keys.

TLS and SRTP involve encryption between two SIP points. When SIP terminal equipment 1 communicates with SBC – softswitch – SBC – SIP terminal equipment 2, these are already four separate sections, each of which require encryption. Therefore, encryption is often only carried out between terminal equipment and SBC.

Measurements were carried out in an experimental setup (The Impact of TLS on SIP Server Performance, 2010), which showed that using TLS can reduce the performance of a software-based SIP softswitch by a factor of up to 17 compared to traditional SIP-over-UDP.

Our partners’ solutions

Cirpack

Anomaly detection in telecontrol networks

Know what’s going on in your network.

Monitor your SCADA infrastructure with the help of sensors that listen to and analyse traffic at the key points in your network.

SCADA anomaly detection systems work without any feedback to the operational network – there is no impact on network traffic. Key functions of a SCADA AD system are as follows:
  • Consistent recording of all activity on the network
  • Vulnerability is detected
  • Irregular devices are detected throughout the network
  • Configuration erros in network devices are recognised
  • Telecontrol protocols are monitored for plausbility</
  • Alarms are issued in the case of suspicious network traffic/
Syserso Networks offers customised SCADA anomaly detection systems for any size of network.

Our partners’ solutions

Rhebo

Secure gateways

Syserso Networks offers secure gateways in its security portfolio to enable secure communication of sites with telecontrol technology (SCADA). The devices enable IPsec-encrypted data transmission to the exchange, provides firewall functionality and can communicate via various media. As a result, secure gateways can effectively protect remote sites with just one small device from all types of cyber security threats.

Our partners’ solutions

RAD

Encryption solutions for layers 1, 2 and 3

Our partners’ solutions

Layer 1

Layer 2

Layer 3