Control Signaling Validation

THE PROBLEM

Passing through signaling without validation is posing serious security risks to your infrastructure. Hackers embed malicious code in signaling send to the servers (SIP or DNS) and can quickly cripple a whole infrastructure. A few critical nodes are the lifeline of the service availability – they have to be protected well. The solution is to screen the requests by an Application Layer Gateway (ALG) solution. However, many ALGs are disturbing the communications by poor functioning ALGs.

SOLVING THE PROBLEM

Firewalls requires intimate knowledge of the protocols to validate it’s content and are therefore a natural replacement for dedicated ALGs. For DNS a stateful firewall is required to inspect and validating DNS packets. The firewall then offers protection from malformed packets and overload situations, and acts as an enabler for more advanced features like Wildcard FQDN Objects and DNS Intelligence.

Telephony and Multimedia applications rely heavily on IMS servers and SIP signaling. SIP Signaling is based on plain text and is easily misused by hackers sending malformed packets. A stateful firewall has to provide protection for critical voice and messaging services by acting as a b2b user agent Control all SIP transactions intimately. It can block malformed packets and overload attempts, perform Flow Access Control with conditional IP rules and authenticate request (Access Allowed/Denied). It also enables

THE RESULT

With a service-domain firewall including control signaling validation provides a higher level of protection for DNS and IMS servers. It enables to intimately screen the content of the signaling and validate it for authenticity. The soliton will also mitigate overload situations and provides opportunity to reduction of cost by eliminating the need for dedicated signaling gateways or back-2-back user agents.

Higher level of protection

Reduction of cost

Business continuity

Check all our Use Cases! Download the booklet

DOWNLOAD BOOKLET ALL USE CASES

Products

The following Clavister products are capable of providing this use case.

Clavister NetShield S10 Pro

Clavister NetShield P40 Pro

Clavister NetShield Virtual Series

Solutions & Customers

The following solutions and customers benefit from this use-case:

SGi/Gi Firewalling – Core Security

Protecting the core network for mobile and fixed service providers

Protection of Legacy Systems

Protecting older un-updatable but critical systems from vulnerabilities

CASPUR

Clavister provides security for super-computing facility

Clavister Cyber Security Market Survey 2022

What is security delivered as a cloud service?

Professional Services

Delivering high performance security for digital transformation

25 Years of European Cyber Security

Want to get started?