Ss7 vulnerabilities and attack exposure
Yüklə 5,08 Mb. Pdf görüntüsü
|
| Category 1
Category 2 Category 3 SendRoutingInfo SendRoutingInfoForLCS SendIMSI AnyTimeInterrogation AnyTimeSubscriptionInterrogation AnyTimeModification ProvideSubscriberInfo InsertSubscriberData DeleteSubscriberData UnstructedSS-Notify SendRoutingInfoForSM UpdateLocation RestoreData ProcessUnstructuredSS-Request InterrogateSS RegisterSS EraseSS PurgeMS Mt-ForwardSM Mo-ForwardSM List of messages covered in this report 17 Traffic filtering systems provide thorough protection against attacks that use first category messages� As for second category messages, the risk of such attacks is twice as low� Figure 18� Percentage of successful attacks by message category 2015 2017 2016 0% Category 3 Category 2 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 81% 84% 84% 86% 90% 74% Category 1 34% 23% 2% The situation with the third category is different� Unfounded blocking of such messages can affect the service for a subscriber in roaming� For example, blocking the legitimate registration of a subscriber in the visited network by mistake can leave him or her without a phone connection in roaming; this means less profit and probably even customer loss� Detecting illegitimate requests is a challenge� It is recommended to filter messages using lists of trusted and prohibited sources provided by roaming partners, though it is not easy to put it in practice because of the necessity to constantly update such lists� Operators take a cautious approach to blocking such messages, as they fear causing network disruption� However, mes- sages of this category allow intruders to implement all types of threats, from net- work and subscriber data disclosure through to subscriber traffic interception, fraud, and subscriber availability disruption� It is most simple to protect against attacks that use messages of the first and sec- ond categories� For this, network equipment and signaling traffic filtering need to be set up for correct analysis of incoming messages� The risk of attacks that use first category messages was minimized in 2017� Figure 19� Percentage of successful attacks by message categories, depending on the presence of a signaling traffic filtering and blocking system 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Category 3 Category 2 87% 65% 84% 44% 23% 0% Category 1 No signaling traffic filtering and blocking system Signaling traffic filtering and blocking system in place SS7 VULNERABILITIES AND ATTACK EXPOSURE REPORT 18 To ensure a higher level of protection against all messages covered in this report, a comprehensive approach to information security is required� First of all it is impor- tant to analyze the security of a signaling network, for it allows detecting current vulnerabilities caused by changes in the network and equipment configuration and assessing information security risks� Moreover, to keep security configurations up-to-date, detect threats in good time, and take appropriate measures, it is recommended to ensure continuous moni- toring and analysis of messages that cross the network border� GSMA recommen- dations specify the use of a monitoring and attack counteraction system� 1 Special threat detection systems, which can perform intellectual analysis in real time, help to meet this requirement� This enables detecting illegitimate activity on external hosts at an early stage and sending this information to the traffic filtering system to increase its efficiency (for example, to update the list of prohibited hosts)� It also allows detecting network equipment configuration errors and notifying the opera- tor's employees of the need to modify the configuration� Ensuring security is a process that is not limited to one-time measures (audits or protection tool implementation): Positive Technologies specialists use this motto in protecting signaling networks of their clients� For more information, visit the company's website, leave your question in the contact form, or send an email to info@ptsecurity�com� In the next section, we will look at the results of using the threat detection and re- sponse system in mobile operator networks, try to find out whether existing secu- rity measures are sufficient to counteract intruders in real-time conditions, and how the use of the threat detection and response system can ensure network security� 1 SG�11� SS7 Interconnect Security Monitoring Guidelines� Auditing provides the essential visibility to fully understand your ever changing network risks. Yüklə 5,08 Mb. Dostları ilə paylaş:
|