Signaling network vulnerabilities exposed, protection strategies for operators - Webinar December 2015
•Transferir como PPTX, PDF•
1 gostou•805 visualizações
In the wake of recent highly publicized cyberattacks and the increased threat of data exploitation, with the growing demand for protecting network security, Xura participated in a live external webinar with Erik K Linask, Senior Editor,TMCnet. Our security expert Ilia Abramov discussed recent publications in the press related to the signaling network vulnerabilities and explored SS7 fraud that threatens mobile network security and subscriber privacy. He identified the risks, determined protection scenarios and highlighted important security considerations for LTE signaling network planning.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Signaling network vulnerabilities exposed, protection strategies for operators - Webinar December 2015
Semelhante a Signaling network vulnerabilities exposed, protection strategies for operators - Webinar December 2015 (20)
Último
Último (6)
Signaling network vulnerabilities exposed, protection strategies for operators - Webinar December 2015
- 1. Signaling network vulnerabilities exposed: protection strategies for operators Ilia Abramov Product Director
- 2. || SS7 network security takes the stage 2 • December 2014 Annual Chaos Communication Congress event held in Hamburg • SS7: Locate Track Manipulate • Mobile self-defence • SS7 Map – Mapping vulnerability of international mobile roaming infrastructure Featured 3 presentations on SS7 security • Location and tracking of mobile users • Denial of Service attacks • Eavesdropping via man in the middle attack – 2G and 3G • Traffic diversion • De-anonymization • Fraud • Spam Demonstrated attacks though SS7 interconnects: XURA SIGNALING FRAUD MANAGEMENT
- 3. | Is there a problem? We Think So… XURA SIGNALING FRAUD MANAGEMENT
- 4. || Anatomy of signaling exploitation 2 Illegal access to operator HLR (SRI, Femto cell, ATI, etc.) Impact • Loss of subscriber privacy • Loss of revenue by the MNO (location tracking service) Faking of the subscriber profile (multiple ways) Impact • Loss of subscriber privacy • Subscriber churn • Legal exposure of MNO up to revoking of license Faking of the subscriber profile (multiple ways) Impact • Loss of subscriber privacy • Impact on A2P revenue due to compromised 2 layer authentication Faking of the network element addressing Impact • Attack on the other operator network • Revenue impact (e.g. fake SMSC) • Exposure of own network element in the other operator attack SMS interception Location tracking of the subscribers Voice Call interception Spoofing of the network elements XURA SIGNALING FRAUD MANAGEMENT
- 5. || Nothing is safe beyond your network border 1 • Impersonation • Service abuse • Call interception • DoS attack • Location tracking, • Subscriber profile faking Attacker Goals: • FemtoCell (IMSI harvesting) • Crypto cracking XURA SIGNALING FRAUD MANAGEMENT
- 6. || Attack motivation XURA SIGNALING FRAUD MANAGEMENT6 Confidential data Private and business conversations Messaging and data Most valuable asset is INFORMATION! DoS attack on subscriber Enforced service degradation Service interruption IRSF calls Messaging fraud Grey Routes Financial
- 7. | XURA SIGNALING FRAUD MANAGEMENT7 Anatomy of the signaling attacks IMSI Obtain Subscriber IMSI Fake Fake subscriber profile HLR HSS MSC MME HLR VLR i Receive call SMS Data SRI-SM ATI Attacks on subscriber private communication Main attack action
- 8. || Mitigation: Technical measures 8 FASG Keeping one’s network safe is an ongoing task of determining & blocking attacks, to be done by signalling experts Can only be automated partially SS7 firewall SMS Home Routing/Firewall Monitor to see what kind of attacks your networks is exposed to See the SS7 Monitoring Guidelines, authored by RIFS Filter at the network edge Diameter Edge Agent (DEA) at the edge to the IPX Network XURA SIGNALING FRAUD MANAGEMENT
- 9. | XURA SIGNALING FRAUD MANAGEMENT9 IMSI Harvesting HLR phishing HLR/HSS All security measures make sense SRI for SM ATI Home Routing STP filtering IMSI Impossible to have full IMSI protection However
- 10. | XURA SIGNALING FRAUD MANAGEMENT10 Native Network integration Real-Time monitoring Traffic Control & Enforcement Efficient security enforcement Signalling Fraud Management Detects signalling flow irregularities Implements signalling policies Provides operator with detailed insight Prevents faking
- 11. | Signaling challenges in LTE & VoLTE XURA SIGNALING FRAUD MANAGEMENT11
- 12. | XURA SIGNALING FRAUD MANAGEMENT12 Potential IP vulnerabilities rise in Telco industry SS7 SIGTRAN EPC Diameter IMP SIP
- 13. | Issue Risk Cost Prepaid Abuse High High Denial of Service (area) High High VoIP Originated SS7 Injection Medium High Financial/charging fraud High High Privacy Theft Medium Medium IoT intrusion High High XURA SIGNALING FRAUD MANAGEMENT13 Attack dimensions and Impact Diameter attacks occur in multiple dimensions
- 14. | XURA SIGNALING FRAUD MANAGEMENT14 Protecting EPC signaling network Ensures 1st hop protection Challenge: administration nightmare Does protect from signalling attacks Enable secure transport for the interconnects Check packet compliancy Enforce Diameter message dictionary to the applications Selectively filter any protocol extensions Perform address consistency validation Validate protocol consistency Collect interconnect signaling data Analyze detected inconsistencies Identify the sources Engage with roaming partners Monitor and Act
- 15. | Protect Legacy SS7/SIGTRAN network •Focus on interconnect first •GSMA Recommendation •Signaling Firewall •Signaling flow monitoring and analytics Secure design of EPC •Ensure external connectivity via secure DEA •Enable transport security •Enforce protocol consistency •Implement Protocol level enforcement •Signaling flow monitoring and analytics Ensure signaling perimeter control & monitoring •Monitoring and analysis •Protocol enforcement capabilities XURA SIGNALING FRAUD MANAGEMENT15 Signaling network protection strategy
- 16. | You partner in signaling security XURA SIGNALING FRAUD MANAGEMENT16 Understanding of signalling network architecture and principles Years of reliable carrier grade signalling service Guaranteed confidentiality!Revenue assurance Network audit and penetration testing Enforcement of security policies and real-time monitoring
- 17. | XURA SIGNALING FRAUD MANAGEMENT17 Get in touch Email contactxura@xura.com Check out http://www.xura.com/our- services/digital- communications/security Complimentary white papers
Notas do Editor
- Looking at the attacks, they are not directly representing revenue leakage, but rather impose a significal risk of loss of valuable customers, Legal charges and even exposure to the local regulator. Brand name damage and stimulate adoption of OTT services as preferred way of communication.
- These are not bugs of the protocol, but rather exploitation of the capabilities. In good hands it does what it does. But in the bad hands, the tool can be harmful. 3GPP designed core protocol according to the requirements, but the environment was considered friendly and therefore requirements were not focusing on security aspects. While GSM radio links are quite well protected.
- Location to mention
- Start story from the back
- GSMA work to be mentioned.
- Implement attack preventive steps. Not only 1st step, but it has to go further to prevention mechanisms of faking and spoofing Detects and prevents identity theft Detects and prevents faking and spoofing Provides insights into the traffic patterns Detect traffic anomalies Exposes attackers and their targets Prevents logical DoS attacks Important: User friendly configuration and management interface (intuitive)
- Transfer: One might think that switching off circuit switched networks will also solve the problem
- Although the a attack vectors change, the security measures still need attention. Man in the middle attack is excluded (IpSec)