NOVA V-GATE (Next Generation VoIP Application Firewall),
is the need for a secure VoIP infrastructure! NOVA V-GATE (New Generation VoIP Firewall) is a must for secure VoIP infrastructure!

Most attacks targeting the VoIP infrastructure make use of the signaling technologies. SIP is the most common signaling protocol used for VoIP communications. Therefore, an application level firewall is required to protect the system. Netaş VoIP Firewall was designed in order to fulfill this requirement. Netaş VoIP Firewall is not a solution that only detects anomalies and prevents attacks, but also detects and prevents VoIP frauds such as toll fraud, premium rate services.

Nova V-GATE is a modular and high-performance VoIP application level firewall for corporations that provide and use new generation IP based communication services. It is designed against attacks that lead to great damage, including damages that cause deactivation as well as revenue and reputation loss. Nova V-GATE attack prevention system protects servers providing VoIP communication against known and unknown attacks. It is the first domestic firewall preventing broader range of attacks compared to its international competitors and includes different detection and prevention methods for toll frauds.

Today communication service providers suffer from various attacks and fraud methods and Nova V-GATE detects and prevents these without any drop in voice traffic. The known threats are prevented with almost real-time signature and rule based algorithms, while unknown threats are detected and prevented with machine learning and statistical data analysis methods developed with the partnership Boğaziçi University. It’s simple and convenient interfaces, flexible alarm and integration competence and strong reporting skills assures service providers and corporate customers using Nova V-GATE that voice communication is performed securely and prevents revenue losses.

Some of the highlights of our solution are as follows:

  • Real-time package monitoring and management
  • Traffic and toll fraud detection system
  • Detection and prevention of known and signature-based attacks such as DoS / DDoS, Brute Force, Call Tear Down, Fuzzing
  • Intervention with calls using VoIP Intrusion Detection System (IDS) and proactive VoIP Intrusion Prevention System (IPS)
  • VoIP Monitoring feature to examine the flow of traffic on the server
  • Operational Management with Policy Rule Editor
  • Protect multiple SIP Servers with a single system
  • Whitelist listing of trusted users
  • Automatic fault diagnosis and self-recovery

V-GATE is a modular, transparent, high performance VoIP firewall aimed towards protecting VoIP systems from high costly, damaging attacks by preventing known and unknown application-layer attacks such as toll fraud, premium rate services, Dos/DDoS/TDoS, brute force, fuzzing.

Operational Features Supported
  • SNMP V1, V2C, V3
  • Syslog
  • Email Events
  • By Pass Support
  • Max Packet Delay Assurance
  • Group User Definitions
  • Active directory support automatic failure diagnosis system and recovery process

Threat Protection
  • DoS and DDoS Attacks
  • Group Based DDoS Attacks
  • Buffer Overflow Attacks
  • User Enumeration Attacks
  • Malformed Message and Fuzzing Attacks
  • Brute Force Attacks Block Reconnaissance
  • Teardown Attacks
  • Block and Verify Anomalous Behavior

Firewall / Operational Functionalities
  • Stateful Inspection
  • SIP Packet Filtering
  • Access Control List
  • Signaling Control (SIP only)
  • Management/Configuration options: Web GUI (HTTP, HTTPS)
  • Security Rules and Profiles
  • VoIP Traffic Classification Rules
  • Dynamic Whitelist/Blacklist
  • Policy Rule Editor

IDS/IPS (Intrusion Detection and Prevention System)
  • Packet based IDS/IPS
  • Call based IDS/IPS
  • Call Theft and Toll Fraud Protection
  • Behavioral Learning - Anomaly Detection
  • System Modelling - Critical Parameter Control

VoIP Monitoring
  • Monitoring any SIP
  • Signaling Ports
  • Call Detail Record Based
  • Reporting
  • IDS Viewer
  • Security, Attacks and Events
  • Reporting
  • Network Performance Reporting
  • Call Performance Reporting

Sample Monitoring Parameters
  • SIP Call Setup Duration
  • SIP Call Answer Duration
  • SIP Call Duration
  • Server CPU Usage
  • Server Memory Usage
  • V-GATE Processes CPU Usage
  • V-GATE Processes Memory Usage
  • Packet Delay
  • Packet Count and Size

1. IPS and IDS

NOVA V-GATE has SIP Intrusion Detection System (IDS) and a SIP Intrusion Prevention System (IPS).

The IDS will detect intrusion attempts made against the SIP Server and issue a detection result based on the thresholds and rules provided by the V-GATE Administrator via the V-GATE User Interface.

The IPS will generate an IPS rule based on the detection result generated by the IDS. This rule will be applied to all incoming calls, resulting in a reject or drop verdict based on the IDS rule. The V-GATE Administrator can modify and disable the verdict via the RESTful web-service interface. Depending on the IDS rule, the IPS is also able to terminate ongoing calls if required.

2. Fuzzing Detection and Prevention

NOVA V-GATE has fuzzing detection and prevention module. Related detection methods can be configured from its WEB based User Interface.

3. Policy Controller

Policy Controller module is designed to provide a rule based system in V-Gate to apply different firewall rules for SIP endpoints. This module has a web interface for creating firewall rules and making decision with created rule structures. Each Rule is defined to look for a specific source, destination, call direction, type of call, call attributes, and/or specific call times. A call must match all of the parameters in the Rule before it is considered to match the Rule. When all of the parameters of a Rule match, the module decides to allow or terminate.

4. DoS/DDoS Detection and Prevention

Prevents DoS/DDoS attacks to SIP-based systems using SIP Methods including INVITE, REGISTER, OPTIONS, CANCEL, BYE.

5. SIP Anomaly Detection and Prevention

SIP Anomaly Detection Module aims to prevent protocol specific attacks that can affect the SIP server protected by the V-Gate.

  • User Enumeration Detection: Detects and prevents attempts that aim to determine the usernames of SIP accounts on the server.
  • Brute Force Detection: Detects and prevents attempts that are made to discover the passwords of a SIP accounts.
  • Teardown Detection: Detects and prevents unauthorized termination of calls by third party attackers.

6. Group Profiling

Generic group based profiling submodules aim to create IP or user based groups for applying firewall rules in a flexible manner. It will be used by modules such as sip anomaly detection, policy controller, IDS and fuzzing.

Screenshots and
How to Use

Click to button below to see the interfaces of the product.



Click to button below to get more details about the product.


NOVA Presentation Film

You are secure with "Cyber Security Solutions" and "Pentest Services" by NETAS! But how? Click to watch now...