network and create openings for attackers from ravi teja's blog

Mobile Network Operators specifically and telecom operators, in general, must gather, process, and store customer data to operate efficiently. Privacy concerns have triggered onerous regulations like GDPR in several locations. An inability to understand these laws or poor implementation can curb the flow of data and curtail the operator’s overall view of their network. Obviously, this can trigger inefficiencies for the network and create openings for attackers to go undetected and pose a threat to the privacy and security of citizen’s data.

Such a failure to consider consumer privacy, regardless of legislative requirements, can also result in stiff fines, penal action, and even a brand-killing backlash, as seen with the LocationSmart service in the US.

As those in the telecom sector know, a signaling exchange establishes/maintains a communication channel or session on mobile telecommunications networks and assigns resources and manage networks universally. 2/3G leverages SS7 and SIGTRAN, while 4G depends on Diameter. All generations employ SIP and GTP. Several essential services, such as short messaging service (SMS), are managed by these protocols.

While tried, tested and trusted, many of these protocols are dated. They were often applied without an authority model but depended on implicit trust within a closed industry. Now look at the inherent insecurity of this approach in the context of the role in operating several network functions, and it will be clear that any security threats identified against these services will have a high impact. Many will remember that in 2017 an incident in Washington DC, close to the White House, saw attackers use a fake base station and SS7 access to obtain subscriber information.

More info: What Is Managed Firewall Services

Previous post     
     Next post
     Blog home

The Wall

No comments
You need to sign in to comment

Try Nasseej Now ...

Try Nasseej Now ...