Integrated system security features protect the system and the client registrations for security infringements and associated liabilities


Security in Carrier Grade VoIP systems is an important factor in a professional VoIP environment. Unexpected and unwanted system infringements can cause financial damage, and may also cause irreparable reputational damage. Aarenet developed the Triple-A System Security Suite to protect the system and limit the potential damage to the system and to the Service Provider.

Aarenet Triple-A System Security Suite is a set of active and passive system and application related security features. The first set of features have the task to prevent or limit any hostile access to the system. The second set of features have the task to limit any liability and cost of the associated VoIP service. This means that even if the system is accessed, the associated damage can be kept to a minimum. The Aarenet Security Suite is categorized in three feature groups. The Secure Limiter function was designed to block fraudulent access attempts to the SIP Clients’ accounts. The Security Protect function analyses the egress and ingress IP traffic for anomaly and the Security Connect function will limit unallowed access attempts into the system. The Aarenet Triple-A Security System Suite forms a strong secured base of a contemporary Carrier Grade VoIP system security.


As a first line of defence, the number of usable voice channels can be limited per subscriber account. This will prevent unwanted simultaneous calls to be made in parallel in the case of a subscriber account take-over. In parallel, Aarenet’s TOPSTOP functionality can be configured to limit the maximum total charges of a subscriber account during a defined accounting period. If a certain threshold charge has been reached, system generated emails are sent to the Network Operation Control centre and associated actions can be initiated. Finally, time controlled block sets will block certain destinations during defined time frames.


Accessing any core system component starts with the use of secure credentials. The Aarenet VoIP system will screen all system login credentials and report weak passwords. Configurable list of blocked directory numbers (black list) prevents calls to costly destination and service numbers. New to the Security Suite is the ability to detect destination anomaly and call pattern anomaly. Without infringing on any personal data, the voice traffic pattern is analysed and in the case of anomaly threshold detection, notification will be sent to relevant support personnel. The Service Provider’s Customer Service department can contact the end-users to assure that the usage is legitimate and not a consequence of any fraud account usage.

Account access limitation and registration monitoring will slow down any hostile access attempt and provide a time frame to prepare counter measures


The Secure Connect Suite accepts account access only from a predefined set of IP address ranges (single, multiple, address range) and secures the system against any non-controlled access. Account access fail attempts (DoS, password attack) will lead to account blocking and subsequent messages being send to the service centre.

The support of multiple IP subnets (private and public) allow the Service Providers to serve End-users within a private IP network. Up to 64 private IP subnets are supported.


In all new system deployments, the Aarenet Triple-A Security Suite is installed in the background. The Secure Limit feature with Top-stop feature and Time Controlled Block Sets is activated as standard and limits any potential damage. Optionally, the Security Protect and Connect features can be licensed and activated. Aarenet will develop further advanced security features within the different categories.