Posts tagged ‘security’

Your Data is talking – It’s Time to Listen and Engage!

Guest blog written by Oded Sela, Technical Director EMEA, International Sales at Allot Communications

CSPs are under constant pressure to be proactive all the time, since they need to stay ahead of the competition and are facing challenges on a daily base. But first and foremost, they need to keep their subscribers happy – not an easy task!

What is the secret sauce that they can use for success? Simple: they must analyse and optimise!  Why is analysing so important? Analytics will help operators to find the right optimisation for improving the QoE (Quality of Experience) of their subscribers. It also enables creating and activating optimal use cases, which boosts the bottom line. Furthermore, it allows a CSP to stand out in the crowd, increasing its ARPU and revenues!

(more…)

The Fine Art of Protecting Subscribers Including Our Kids – Network-based Solutions Anyone?

Benjamin Franklin said there were only two things certain in life: death and taxes. Well, I would like to add a third one: online threats.

Operators are facing the daunting task of keeping their subscribers (and their own networks!) safe from a slew of cyber threats that are getting more and more complex. Fraudsters use a combination of backdoor methods, engaging unwitting cooperation from innocent, targeted users.

(more…)

Dynamic Multi-Layered Defense – Part II – Why LTE networks are less secure than their 3G predecessors

Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks

Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks

As I discussed in my first blog, the issue of security for mobile networks, subscribers, devices and applications, is undergoing significant changes with the move to an IP-based technology. In this post, we’ll look at technology trends that are contributing to these new security challenges.

For several reasons, LTE networks are less secure than previous generations. First of all, because they are all-IP networks. The newest security front is between eNodeBs and EPC (evolved packet core). There is no protection there for user information privacy and man-in-the-middle attacks. Only a relatively few mobile operators are deploying IPSec VPN to protect user data and enhance authentication.

(more…)

Next Generation Service Provider Security: Dynamic Multi-Layered Defense for LTE Networks – Part 1

Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks

Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks

With Apple’s iCloud’s coming under the spotlight in recent days for recent high profile data thefts, Leonid Burakovsky Sr. Director, Strategic Solutions for F5 Networks takes a timely look at security in LTE networks.

The concept of security for service providers is undergoing significant changes. Several key trends are contributing to this change: as it relates to business, to technology and who is attacking.

Historically, the main sources of operators’ revenue were voice and SMS. More recently, data revenue is the new star, together with the forays toward new services and service monetization such as mobile commerce, banking, mobile health, and others.

The need for tight security is clear, for example, in the mobile health ecosystem that would require end-to-end security mechanisms including the participating operator’s network. Or for example, mobile commerce, which is currently running over SMS, and obviously can’t function without comprehensive security mechanisms including the network as part of the overall ecosystem.

But do we truly the trust these ecosystems today?

(more…)

Prepare Today for Tomorrow’s Security Attack: How Automated Threat Response Strategies Increase Protection & Decrease Risk

Dwayne Ruffin, Chief Market Development Executive at CSG Invotas

Dwayne Ruffin, Chief Market Development Executive at CSG Invotas

This post is by Dwayne Ruffin, Chief Market Development Executive at CSG Invotas.

One of my colleagues likes to say that cybersecurity starts at the top.  That is to say, security is not just a challenge for IT teams alone. A cyber attack is an attack on an organisation’s reputation, its relationship with consumers, and its revenue. We all know that consumer trust builds over time but can be wiped out in an instant and take a lifetime to rebuild.

Let’s face it, high-profile data breaches make front page news regularly these days, and the more we read about cyber attacks, the more we recognise the responsibility organisations have to protect the customer data in their systems.

But that protection is far easier said than done. The popularity of 4G LTE technology has greatly expanded the opportunities for cyber attacks and the need for improved security strategies across the board—a need further complicated by the exponential extension of the digital ecosystem through increased mobile device use. More and more payment information and other sensitive data are shared with organisations of all kinds, which leaves more and more points of contact at risk and in need of defence.

(more…)

Telecom’s walled gardens are falling apart

Telemaco Melia,  Business Development Manager at Kudelski Security

Telemaco Melia,
Business Development Manager at Kudelski Security

The latest advances in wireless cellular technologies are bringing to our connected life a renewed appetite for content consumption. The availability of smarter and ever powerful end-user devices combined with the proliferation of mobile applications are pushing mobile network operators to race for newer and faster mobile networks leveraging the freshly standardized fourth generation Long Term Evolution (4G LTE) network. 4G LTE networks started to go live late 2011 and as of today more than 140 networks are operational worldwide, forecasting to hit 240 worldwide operators by the end of 2013 (according to Global mobile Suppliers Association). With uplink speeds up to 100Mbits and downlink speeds up to 50Mbits, 4G LTE offers to end-users high data rate communications at low, medium and high mobility. 4G LTE is set to be the reference standard for cellular communications unifying the quite fragmented worldwide technology landscape.

(more…)

LTE Means Rethinking Security in the All-IP World

This is a guest post by Frank Yue, technical marketing manager for the Service Provider vertical at F5 Networks.

This is a guest post by Frank Yue, technical marketing manager for the Service Provider vertical at F5 Networks.

As communications service providers (CSPs) continue to build and deploy 4G LTE networks, they are finding that they need to understand some critical concepts as they move from circuit switched 2G and 3G networks to all IP packet switched networks.  Of these, IP security rides high on that list of technologies to master. The Internet has become an open environment susceptible to malicious activity. If your assets are not secured, you are guaranteed to be attacked and compromised by one or more unscrupulous organisations. 

They may do it for financial gain, selling the stolen data to parties, as a paid service, for your competitors to disrupt your business, or even just for personal enjoyment because they found that they could compromise your infrastructure. We may not use resources such as the M61 Vulcan shown in the picture, it is important to develop and implement the proper security tools to protect the latest wireless networks.

Growth in the Data Plane

While many CSPs already have solutions in place to protect parts of the packet data network (PDN) infrastructure, they often do not understand how the implementation of a 4G LTE network architecture changes the security requirements. The S/Gi interface, or the part of the network connecting the mobile subscribers to the Internet will have a significant increase in data volumes as more LTE enabled mobile devices are used. In addition, with the increased speeds available, we expect to see 4G wireless technologies competing with fixed-line data services such as DSL and cable. This will change the type of content seen and the mobile CSP will need to develop enhanced policies to manage and secure these services.

f5_pic

Another concern is that LTE expects the mobile devices to be IPv6 enabled, while much of the PDN is still expected to be using IPv4 technologies for some time.  This requires the ability to translate IPv6 addresses to IPv4 addresses using a carrier-grade NAT (CGNAT) technology, while maintaining a proper security infrastructure. This includes the ability to protect the pool of IPv4 addresses being used in the CGNAT solution and all of the devices’ communications being translated.

Packets in the Control Plane

More significantly, the control plane of the LTE network will change from a circuit-switched network to an IP-based architecture.  Diameter, SIP and DNS are the primary protocols that will be used to manage the control plane as the CSPs start implementing voice over LTE (VoLTE).  Securing and managing this infrastructure will be critical to the services delivered to the subscribers and protecting their privacy.  The Home Subscriber Service (HSS) and Policy Charging and Rules Function (PCRF) depend on Diameter, an open standardised protocol used on IP networks, while the Call Session and Control Function (CSCF) systems and Application Servers (AS) within the IP Multimedia Subsystem (IMS) utilise another public standardised communication technology called Session Initiation Protocol (SIP).

f5_pic2

Figure 1. The complexity of the IMS network architecture

It is important to note that third-party applications developed by independent people in addition to the subscribers and their LTE device will have direct access to the IMS network components through the SIP protocol. This means that potential malicious or poor programming will have the ability to directly affect and access the control plane of the LTE network and be able to disrupt it or obtain unauthorised access to private information such as subscriber profiles, unless proper security measures are put in place.

The CSPs need to understand the implications of migrating to an IP network infrastructure and how the packet-based network must be managed significantly differently from the legacy circuit-switched environment. Proper planning and testing is required to successfully build a robust and secure 4G LTE network. It is important to leverage the existing work done on IP networks over the past 20 years, utilise the knowledge of your colleagues and vendors. Apply the proper availability and security practices learned from these resources to design the next generation wireless networks.

To speak with F5 look out for them on the exhibition floor at the LTE World Summit, the premier 4G event for the telecoms industry, taking place on the 24th-26th June 2013, at the Amsterdam RAI, Netherlands. Click here to download a brochure for the event.

F5 have been nominated in the Best LTE Core Network Element category at the LTE Awards 2013, taking place at the 25 June 2013, De Duif, Amsterdam, Netherlands. 

Tag Cloud

%d bloggers like this: