Signalling security vulnerabilities in SS7 and Diameter networks have been well documented, and most operators have already taken some form of action to protect their networks and subscribers. However, these measures vary greatly in method and efficiency, and while more and more operators are monitoring their networks, reports of attacks are on the rise. The truth is that the majority of operators have still not deployed full signalling firewall solutions in their networks. This is thankfully changing, 2019 is set to mark a tipping point where many operators are expected to move away from stop-gap signalling solutions and make investments in signalling firewalls. With plenty of options on the market, identifying the criteria for choosing the best solution can be a difficult task. To help you narrow down your options we have outlined seven important considerations for picking the correct signalling firewall solution for your network.
1. Cover the basics – be compliant with GSMA guidelines
The GSMA has published a set of guidelines for addressing SS7 and Diameter security, including recommendations on firewalls (GSMA FS.11 and GSMA FS:19). The guidelines are the result of a joint effort between leading security experts from mobile operators and telecom security vendors in the GSMA Fraud and Security Group (FASG). Together they represent the primary reference point for signalling network security in the telecom industry. The recommendations are an invaluable standard for evaluating signalling firewall options and exist to allow operators to make an informed decision. Thus the first step in ensuring that you are adequately protecting your network is to make sure you pick a signalling firewall that adheres to the GSMA guidelines.
2. Protect yourself from new threats
While a signalling firewall solution that complies with the GSMA recommendations is definitely recommended, adherence to the guidelines unfortunately does not guarantee comprehensive protection. In addition to the signalling attacks that the GSMA guidelines primarily addresses, malformed packet attacks are a new and growing class of attack which have been demonstrated to cause high impact security breaches. Malformed packet attacks in SS7 and Diameter signalling networks have the potential to take complete control over Network Elements allowing remote interception, user tracking, persistent denial of service, traffic modification and even complete collapse of the network. Watch our two webinars Hijacking Network Elements over SS7 – A New Type of Attack and SS7 and Diameter – Exploit Delivery Over Signalling Protocols for more on how these attacks threaten signalling networks. To guarantee that your network is protected from as many different threat scenarios as possible, ensure that the firewall solution you opt for can protect against all known attack types.
3. Maximize the impact of your investment
The right security measures in your network will protect you against disaster scenarios and safeguard your revenue streams. Nevertheless, investments in security infrastructure does not always have a direct and obvious impact on the bottom line. Competing resources mean that operators need to ensure that their investments make the greatest impact possible. When quantifying risk according to real world attack scenarios, SS7 still represents by far the largest potential attack surface followed by Diameter. Together they represent the highest chance of attacks successfully penetrating a network via signalling links. Prioritizing SS7 and Diameter security in your firewall investment will ensure that you spend your money where it will make a difference today, whilst safeguarding the revenue streams you will rely on tomorrow.
4. Ensure you are getting a telco grade product
Reliability is one of the most important aspects of any telco network, thus it stands to reason that the reliability of the security solution must also be telco grade. The five nines indicator can be considered a standard in the telecom industry and should be expected of any signalling firewall security solution. In addition, high availability and redundancy where vendor hardware is always backed up should also be provided as standard.
5. Go with an endorsed industry leader
Although a majority of operators have yet to deploy a full signalling firewall solution, there are some that have. The collective knowledge of these operators is an invaluable gauge for assessing the options on the market. The Roaming Consulting Company (ROCCO) has published an independent report in which they have compiled feedback from fifty-seven Mobile Network Operators on twenty-two signalling firewall vendors. The report grades each vendor across a broad range of KPIs including performance, value and leadership. This report is an important resource for making a signalling firewall choice and it is always a good idea to draw on the wisdom of experienced industry peers.
6. Pick a partner that is one step ahead of the game
As the security community identifies new threats and builds more advanced tools to protect against them, malicious players continue to find new ways of penetrating these defenses. This cycle requires security vendors to not only provide updates to their security solution, but to also do that at the earliest possible stage to limit possible threats. In order to offer a top-of-the-line product that ensures maximum security of the network, the vendor must be ahead of the game by proactively seeking out new vulnerabilities rather than retroactively trying to patch them after the harm has been done. Deciding on a signalling firewall solution should be the first step of a partnership with the vendor and operators should make efforts to seek out partners that are active in signalling security research. Vendors that place emphasis on R&D, present at security events and have a track record of contributing to responsible disclosure programs such as the GSMA Coordinated Vulnerability Disclosure Program will arguably be better positioned to add value to the partnership by also protecting against future threats.
7. Think green
In a world where the environmental impact of business has become increasingly important to both businesses themselves and to the customers that they serve, operators also need to consider the environmental credentials of the vendors that they work with. In the telecom industry, individual instances of power-hungry network infrastructure have become the proverbial elephants in the room, but solutions such as network function virtualization and consolidated SS7 and Diameter firewall deployments give operators a chance to steer the industry in the right direction. By considering qualities such as these and by acknowledging internationally recognized and reputable Corporate Social Responsibility accreditations of vendors, operators themselves can play an important role in contributing to a sustainable future.
The necessity in effectively securing the network against signalling attacks is increasingly being recognized both by operators and subscribers. It is promising to see a trend where the telecom industry is taking action against these vulnerabilities by opting for full signalling firewall solutions. With many signalling firewall options available on the market this guide should help you make the best choice for your network. Read more about Symsoft’s signalling firewall here
For an in depth look at signalling network vulnerabilities read our whitepaper, Signalling Threats; SS7 and Beyond