SlideShare a Scribd company logo

5G mission diary: Houston, we have a problem

Download as PPTX, PDF
P
PositiveTechnologies

In 2020, many telecommunication companies will debut their first commercial 5G networks. The 5G mission has become a hot-button topic for the entire telecom community. But these networks have inherited many threats from their 3G and 4G forebears. Long-known weaknesses in security protocols and algorithms have been baked into new 5G systems. This creates a perfect storm for threat actors to target 5G security weaknesses using their old tricks. Watch the webinar recording, where PT experts Paolo Emiliani, Head of Pre-Sales Engineering team, and Jun Kim, Managing Director, Korea, help you to navigate the tricky path to 5G deployment and: explain new 5G trust and service delivery models assess the evolving 5G threat landscape and privacy issues explore realms of 5G protection with a focus on real-life cases discuss new and emerging 5G threats affecting telecom infrastructure and end devices explain why roaming protection in 5G is a game-changer underline essential mitigation techniques for 5G security Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/

Technology
1 of 49
5G mission diary: "Houston, we have a problem"
Today’s “Houston base” Global PreSale Head Paolo Emiliani – paolo.emiliani@positive-tech.com  Telecommunication Engineer  Broadband/Distributed Network Designer (DWDM technology)  Works and having fun in pre-sale engineering team @ Positive Technologies, since 2012  5G & IoT Security Analyst Managing Director, Korea Jun Kim – Jun.Kim@positive-tech.com  Network Security Solution SW Engineer  Mobile phone SW Engineer  Ringback Tones Mobile service, Sr. Program Manager (RealNetworks, Inc.)  Working, having fun in a team of eager security @ Positive Technologies, since 2014  App Security & 5G Security Analyst
Positive Technologies Diverse security expertise Web Banking ERP Telecom IoT ICS 18 years of experience in security development and research 200+ zero-day vulnerabilities discovered yearly Recognised global security driving force + others
Positive Technologies GSMA Fraud and Security Group (FASG) (virtual) meeting #17 (2-4 June 2020) Meeting Theme: Facing the New World Examining mobile cyber security and risk management concerns in vertical applications of mobility: from heavy industry to agriculture positive-tech.com
Agenda & topics to cover  New 5G Trust and service delivery models  5G Threat landscape and Privacy issue  5G Protection with real-life cases  5G Roaming Protection – game changer  Essential mitigating techniques for 5G security
New 5G Trust and Service Delivery Models
New 5G Trust  Securing a network with no borders:  5G networks are complex  5G introduces an entire new characteristic  5G Security must be flexible  So Zero Trust is Essential:  5G is transformational  There is no such thing as a “secure system”
New 5G Trust - Evolution in trust model  New Trust Model and Identity Management: Service User Network NetworkUser Service Trust Trust Trust TrustTrust 4G Network 5G Network
New 5G Trust  Building trust in 5G:  Key differentiator: Trust and Security  Attract more customers  Inspire loyalty everything will — and must — start and end with trust
Mobile generations history Mobile generation years features Speed 1G 1980’s Analog, Voice only 14,4Kbps 2G 1990’s Digital, Data with voice, mms, Web browser Up to 115kbps 3G 2000’s Videocall, wi fi Up to 14,4Mbps 4G 2011-12 HD streaming, High speed internet wi fi 100Mbps-1Gbps 5G 2020’s It – Services Convergence Up to 20Gbps
5G actual definition / roll out Far East, Usa Europe Roll out 3GPP Specification 3GPP is the mobile communication specification group 3GPP SA3 is the working group that develops security specifications
5G SBA Service Based Architecture
So why 5G needs network slices?
5G Enhanced Subscriber privacy AMF SEAF S E P P S E P P SIDF UDR AUSF UDM ARPF Home NetworkServing Network - Home network Pub key is store in USIM
 Cloud, virtualization, anything-as-a-service:  Reduce costs, deploy and optimize services more rapidly vs Increase dependency on secure software  Decoupling software and hardware means that software can no longer rely on the security attributes of dedicated hardware  Telecom network Application Programming Interfaces (APIs)  Mixing of provider with third-party applications, shared and dedicated hardware platforms  Strong self-contained & isolation caracteristics are necessary Wrapping up – 5G delivery models
5G Threat landscape and Privacy issue
5G Threat landscape 5G Security Requirements New Service (Use Cases) New Networking Technologies NFV/SDN, slicing, etc Action AnalysisAssets Analysis 5G Threats Analysis LTE Security Requirement + Enhancements Actor Analysis
5G Threat landscape Now - 4G, 3G or even 2G Mostly bare metal networks, with security measures primarily based upon - 3GPP defined mechanisms - Perimeter security, Network zoning and Traffic separation - Secure operation and maintenance - Reactive Security Measures - Network Element Security 5G Security landscape - Complex ecosystem with multiple stakeholders requires trusted and trouble-free interaction between them - Migration to NFV/SDN introduces new security challenges - Need for flexible security measures depending on use case - Growing influence of availability and integrity of network service on human security or even life
5G Threat landscape 4G 5G MME S-GW P-GW PCRF IMS Application servers HSS Edge Cloud Edge Cloud Edge Cloud Central Cloud AMF SMF UDM AUSF NEF UPF
5G Threat landscape - Assets Asset Definition is starting point of Threats analysis: Network Side  Core Network  Multi-access Edge Computing  Radio Access Network (RAN)  Physical Infrastructure  NFV, SDN Subscriber Side  User equipment (UEs)  User/device identity  User session  Application data - In storage, on network, in memory  APIs - Applications  Virtualisation  Management and orchestration  APIs - Interoperability
5G Threat landscape - Actors Who could be the attackers: Internal side  Fake Administrator  Privileged persons on inside  User - intentional  User - accidental External side  Government Actors  Cyber criminals  Hacktivists  Competitors  Former authorized user
5G Threat landscape - Actions What actors could do: Action Type  Spoofing Identify [Authentication] Impersonating something or someone else  Tampering [Integrity] Modifying data or code  Repudiation [Non-repudiation] Claiming to have not performed an action  Information Disclosure [Confidentiality] Exposing information to unauthorized user  Denial of service [Availability] Deny or degrade service to users  Elevation of Privilege [Authorization] Gain capabilities without proper authorization  Lateral Movement [Least Privilege] Gain access by crossing control boundary
5G Threat landscape - Threats So what threats we are facing: Same as in 4G  Fake access network node  IMSI Catching/SUPI (SUCI) Catching  Session hijacking  Signaling fraud on roaming networks New or more critical in 5G  Abuse by rogue cloud service provider  Memory scraping in SDN  Network virtualization bypassing  False or rogue MEC gateway  (Edge) API exploitation Abuse of lawful interception  Abuse of remote access  Lateral movement in the core network
5G Threat landscape – Surface 1 4 3 2 2 Access networks threats4 Core network threats1 Virtualization threats2 Multi-access edge computing threats3 4 5G Threats = Traditional IP-Based + Insecure legacy + New technologies
5G Threat landscape – NR Mobile Access points could move from the least scrutinised interface by hackers to the most, as the barrier to entry is lowered & at the precise time when traffic is set to explode.. 5G has to deliver a massive increase in connections for IoT (e.g. Massive MIMO). This requires more bandwidth. With higher millimetre wavelengths requiring a move to more small local base stations. Utilization other non non-cellular access (e.g.WiFi6) to supplement coverage. Again short range devices. Both drive more smaller, simpler, less physically secure 5G access points. The Internal Battle Lines
5G Threat landscape – Core NW  Exploitation of misconfigured systems and networks  Manipulation of network traffic and information gathering  API and control functions exploitation  Abuse of remote access  Abuse of third party hosted network functions  Lateral movement  Malicious flooding of core network components  Registration of malicious network functions
5G Threat landscape – Virtualize  Abuse on DCI (Data Centers Interconnect protocols)  Abuse of virtualized host  Network virtualization bypassing  Abuse of cloud resources
5G Threat landscape – NFVI Virtualized environments underpin 5G so core security.
5G Threat landscape – Cloud Application Plane VNF VNF VNF NETWORK Node/SDN/MANO VNFI / Hypervisor Blade / Server • Malware Injection Attack • Rogue VM • API Exploitation e.g., Fuzzing • SDN Surface • Network Manipulation • Traffic diversion/redirect • Injection attacks • Untrusted evacuation • VM escape • Rogue SW update • Hardware focus attacks (e.g. DDoS) • Exploiting known vulnerabilities • App manipulation • Password guessing • Buffer overflow • Privilege escalation • VNF impersonation • Route BGP/VRF injection • Traffic sniffing • Data model injections • VMI DKSM attacks • Memory / Side channel attacks • Storage attacks • External threats – Attacker can use a vulnerability in the user’s VM to take a control of it. • Threats from a cloud provider – Attacker can use a cloud misconfiguration for escalation of privileges or information disclosure. • Threats from another tenant – Attacker can run an escalation of privileges to escape their VM and take a control over the host and/or other tenants.
5G Threat landscape – MEC Main security Issues Remote Location + Limited size. Diverse technologies, services and suppliers (hybrid cloud) Attack Vectors DoS MitM API threats Inconsistent Security Policies VM Manipulation Privacy Leakage Unknowns!
5G Threat MEC Security Problems Faced by MEC ? Infrastructure Network (4G/5G, IoT, Wi-Fi, Ethernet) Physical Security Physical I/O Security Container Security Network Security VN Security Mirror Security API Security Data Security Security reinforcement Access Security Interface Security Traffic Security Access Security Police Security Networking Security Anti- DDos Data Security Interface Security API Security Data-plane gateway MEP APP Security Isolation APP lifecycle security Infrastructure Networks Physical facility layer Virtual facility layer Service Platform layer App security Management security Authentication management Authorization management Security Audit Security compliance Security Configuration baseline Security Incident response MEC  Physical security risk  Edge Cloud security risk  User-plane data security risks  MEC platform security risks  ME APP security risks  ME orchestration and management risks
IoT & Supply Chain Hack of IoT Subsystem directly affects not only the service but potentially MNO wider issue as more 3rd parties interact more closely to the telecom infrastructure. Issue for all industries and so all IoT verticals 5G will support Applicable to 3rd, 4th party suppliers and partners Source of considerable research for Positive Technologies over the last 18 months
Legacy 5G NSA roaming issues Statistic are conducted on many countries of all continents GTP
5G SA Roaming – The IPX Conundrum. Direct TLS +’s Simple, Secure -’s IPX not directly involved so not Value Added Services PRINS (PRotocol for N32 INterconnect Security) +’s IPX Value Added Services, Secure -’s More Complex with policies and certificates to keep under control. Outsource SEPP Functionality to IPX +’s Outsourced so less effort for operator -’s Security not in operators control, Roaming partner cannot ensure source How will SEPP be deployed?
ENISA- 5G Threats & issues wrap up https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks Malicious code or software Exploitation of flaws in the architecture, design and configuration of the network Denial of service Abuse of Information Leakage Abuse of remote access to the network Exploitation of software, and/or hardware vulnerabilities Abuse of authentication Lawful interception function abuse Data breach, leak, theft and manipulation of information Unauthorized activities / network intrusions Identity fraud / account or service Spectrum sensing Compromised supply chain, vendor and service providers Abuse of virtualization mechanisms Signaling threats Manipulation of network configuration / data forging Nefarious activity / abuse of assets Threat Eavesdropping / Interception / Hijacking Disasters Unintentional damages (accidental) Outages Failures / malfunctions Legal Physical attacks
Underline essential mitigation techniques for 5G security
5G consolidation of technologiesof security
Top challenges to address for MNO’s in 5G Security Migration from static bare metal architecture to NFV / Virtual / Cloud MNO’s transformation from 4G and 5G-NSA to 5G-SA : Virtualization Security, Cloud security 1. 3. Edge computing means Applications & exposed API security MNO's core network interfaces security with partner networks/VAS providers to be controlled/secured Handling backward compatibility with interconnected older network generations During 5G-NSA old 3-4G interconnections (SS7, Diameter/GTP). 2.
5G Threats modelling methodology • Per context threats analysis • Per segment Impact analysis • Cross context specific analysis • How to achieve this..
Positive Technologies helps to address networks threats  Ensure application of baseline security requirements  Reinforce available capabilities and implementation of security measures in existing 5G solutions  Review or development of guidelines and best practices on network security  Ensure secure 5G network operation, management and monitoring  Increase the security of virtualized networks  Ensure strict access controls Professional servicesProducts
5G Full Security..requires e2e (full)visibility 4 3 2 2 Access networks threats4 Core network threats1 Virtualization threats2 Multi-access edge computing threats3 4 1
Complete Telecom Operator Security Introduce security testing Network Architecture and Implementation Audit / Testing Start monitoring Impossible to prevent all network threats: detection is the key Implement Protection Deploy appropriate protection mechanism and get the most out of available solutions Assess Monitor Protect Auditing provides the essential visibility to fully understand your ever changing network risks. Continual real time monitoring is essential to measure network security efficiency and provide rapid detection and mitigation. Completely secure your network by addressing both generic vulnerabilities and the threats that actually effect you as an ongoing process.
Products Core network protection  Signaling firewalling  Control plane threat detection  Discovery of malicious activities in internal traffic  Information security policy compliance  API integrity control & protection  Investigation of attacks
Professional services Active security testing  Roaming interconnections  OSS/BSS components  Virtualization infrastructure  Access network  Device and firmware  Fuzz testing  Api testing
Products Function Example of asset or infrastructure component protected Products used Signaling firewalling Core network, subscribers, billing TAD Next-Generation Signaling Firewall Control plane threat detection Core network, subscribers, billing TAD Intrusion Detection System (Threat intelligence telecom) Discovery of malicious activities in internal traffic TMN components, OSS/BSS, remote access/vpn, NFVI, Hypervisors, containers management subsystems etc Telecom Network Attack Discovery (Threat intelligence IT) Information security policy compliance TMN components, OSS/BSS, remote access/vpn, NFVI, MANO Hypervisors, containers management subsystems etc Telecom Network Attack Discovery (Threat intelligence IT) API attacks mitigation MEC, VAS partners Telecom Network Attack Discovery API Secure protection Investigation of attacks All mentioned above TAD Intrusion Detection System Telecom Network Attack Discovery
Service catalog Testing Asset or infrastructure component to assess Type of assessment applicable Roaming interconnections All Core network nodes exposed via SS7, Diameter, GTP, PFCP, HTTP/2 interfaces SS7 security assessment Diameter security assessment GTP security assessment GSMA FS.11, FS.19, and IR.82 compliance testing Anti-Fraud Security Assessment OSS/BSS components TMN components, OSS/BSS, remote access/vpn OSS/BSS security assessment External penetration testing Virtualization infrastructure NFVI, Hypervisors, containers management subsystems, VMs, containerized applications/services Virtualization infrastructure security assessment Access network gNobeB, fronthaul network, EU access, SecGW 5G RAN security assessment External penetration testing Device and firmware security assessment (aka Supply chain) Device and firmware reverse Any type of device or firmware/software in the network Device and firmware security assessment (aka Supply chain) Fuzz testing Any type of network function with exposed interfaces Fuzz testing of protocols network protocols and interfaces Pentest, Impact Test API / Applications API / Web / application pentest and impact evaluation
Recap  We’ve seen many risks inherited to extension of surface to be treated within context specifications, NFV, API, IOT, Applications o Simple configuration and security house keeping again shown to be a threat o 5G’s technology consolidations needs fully inclusive cyber security approach o E2E visibility & threat modelling per context are the keys for optimal visibility  Legacy protocols continue to be a risk in 5G NSA and potentially SA  Hackers methods are developing, security cannot be “deploy and forget”  As threat boarders multiply, many third parties companies software, device, communications need to be constantly monitored and controlled All Reports and White papers are available from the Positive Technologies website: https://positive-tech.com End to End Telecom Network Security
Take a comprehensive security approach: positive-tech.com/products/ positive-tech.com/services/ Learn more about telecom security: positive-tech.com/articles/ New Webinar program Positive in media: Learn More from our experts with more at positive-tech.com contact@positive-tech.com @positive-tech Positive Technologies
Thank you @positive-tech Positive Technologies

Recommended

Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 

Recommended

Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Global Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendorsGlobal Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendorspaul young cpa, cga
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
On the verge of fraud
On the verge of fraudOn the verge of fraud
On the verge of fraudPositiveTechnologies
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
5G Security Training
5G Security Training5G Security Training
5G Security TrainingTonex
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G securityRanjitUpadhyay4
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex TrainingBryan Len
 
160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architectureLan & Wan Solutions
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Ari Zoldan
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版Ploynatcha Akkaraputtipat
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
Best 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenBest 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenSecurity Gen
 
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern OperationsSecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern OperationsSecurityGen1
 

More Related Content

What's hot

5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Global Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendorsGlobal Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendorspaul young cpa, cga
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
5G Security Training
5G Security Training5G Security Training
5G Security TrainingTonex
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G securityRanjitUpadhyay4
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex TrainingBryan Len
 
160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architectureLan & Wan Solutions
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Ari Zoldan
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 

What's hot (20)

SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!
 
Global Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendorsGlobal Security threats from 5G leads to new selection of 5G vendors
Global Security threats from 5G leads to new selection of 5G vendors
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
 
On the verge of fraud
On the verge of fraudOn the verge of fraud
On the verge of fraud
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allott
 
5G Security Training
5G Security Training5G Security Training
5G Security Training
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security Services
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
 
160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPS
 
Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)Alcatel Wimax Whitepaper (quantumwimax.com)
Alcatel Wimax Whitepaper (quantumwimax.com)
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 

Similar to 5G mission diary: Houston, we have a problem

Best 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenBest 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenSecurity Gen
 
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern OperationsSecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern OperationsSecurityGen1
 
5G Security Program -Case Studies
5G Security Program -Case Studies 5G Security Program -Case Studies
5G Security Program -Case Studies Security Gen
 
5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdfSecurity Gen
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityslametarrokhim1
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesSecurityGen1
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesSecurityGen1
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersCisco Security
 
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGen
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGenEnhance Your Network Security with NGFW Firewall Solutions by SecurityGen
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGenSecurityGen1
 
Mastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to SuccessMastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to SuccessSecurityGen1
 
Unraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient CommunicationUnraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient CommunicationSecurityGen1
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network securityAnkit Anand
 
A New Trust Model for 5G Networks
A New Trust Model for 5G NetworksA New Trust Model for 5G Networks
A New Trust Model for 5G NetworksPaul Bradley
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
Elevating Network Security through NGFW Firewalls.pdf
Elevating Network Security through NGFW Firewalls.pdfElevating Network Security through NGFW Firewalls.pdf
Elevating Network Security through NGFW Firewalls.pdfSecurityGen1
 
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall Innovation
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall InnovationChrono Defend: Time-Traveling Safeguards through NGFW Firewall Innovation
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall InnovationSecurityGen1
 
NGFW - An Updated Overview
NGFW - An Updated Overview NGFW - An Updated Overview
NGFW - An Updated Overview Security Gen
 

Similar to 5G mission diary: Houston, we have a problem (20)

Best 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenBest 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGen
 
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern OperationsSecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
 
5G Security Program -Case Studies
5G Security Program -Case Studies 5G Security Program -Case Studies
5G Security Program -Case Studies
 
5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided security
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security Services
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service Providers
 
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGen
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGenEnhance Your Network Security with NGFW Firewall Solutions by SecurityGen
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGen
 
Mastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to SuccessMastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to Success
 
Unraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient CommunicationUnraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient Communication
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
A New Trust Model for 5G Networks
A New Trust Model for 5G NetworksA New Trust Model for 5G Networks
A New Trust Model for 5G Networks
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
 
Elevating Network Security through NGFW Firewalls.pdf
Elevating Network Security through NGFW Firewalls.pdfElevating Network Security through NGFW Firewalls.pdf
Elevating Network Security through NGFW Firewalls.pdf
 
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall Innovation
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall InnovationChrono Defend: Time-Traveling Safeguards through NGFW Firewall Innovation
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall Innovation
 
NGFW - An Updated Overview
NGFW - An Updated Overview NGFW - An Updated Overview
NGFW - An Updated Overview
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

5G mission diary: Houston, we have a problem

  • 1. 5G mission diary: "Houston, we have a problem"
  • 2. Today’s “Houston base” Global PreSale Head Paolo Emiliani – paolo.emiliani@positive-tech.com  Telecommunication Engineer  Broadband/Distributed Network Designer (DWDM technology)  Works and having fun in pre-sale engineering team @ Positive Technologies, since 2012  5G & IoT Security Analyst Managing Director, Korea Jun Kim – Jun.Kim@positive-tech.com  Network Security Solution SW Engineer  Mobile phone SW Engineer  Ringback Tones Mobile service, Sr. Program Manager (RealNetworks, Inc.)  Working, having fun in a team of eager security @ Positive Technologies, since 2014  App Security & 5G Security Analyst
  • 3. Positive Technologies Diverse security expertise Web Banking ERP Telecom IoT ICS 18 years of experience in security development and research 200+ zero-day vulnerabilities discovered yearly Recognised global security driving force + others
  • 4. Positive Technologies GSMA Fraud and Security Group (FASG) (virtual) meeting #17 (2-4 June 2020) Meeting Theme: Facing the New World Examining mobile cyber security and risk management concerns in vertical applications of mobility: from heavy industry to agriculture positive-tech.com
  • 5. Agenda & topics to cover  New 5G Trust and service delivery models  5G Threat landscape and Privacy issue  5G Protection with real-life cases  5G Roaming Protection – game changer  Essential mitigating techniques for 5G security
  • 6. New 5G Trust and Service Delivery Models
  • 7. New 5G Trust  Securing a network with no borders:  5G networks are complex  5G introduces an entire new characteristic  5G Security must be flexible  So Zero Trust is Essential:  5G is transformational  There is no such thing as a “secure system”
  • 8. New 5G Trust - Evolution in trust model  New Trust Model and Identity Management: Service User Network NetworkUser Service Trust Trust Trust TrustTrust 4G Network 5G Network
  • 9. New 5G Trust  Building trust in 5G:  Key differentiator: Trust and Security  Attract more customers  Inspire loyalty everything will — and must — start and end with trust
  • 10. Mobile generations history Mobile generation years features Speed 1G 1980’s Analog, Voice only 14,4Kbps 2G 1990’s Digital, Data with voice, mms, Web browser Up to 115kbps 3G 2000’s Videocall, wi fi Up to 14,4Mbps 4G 2011-12 HD streaming, High speed internet wi fi 100Mbps-1Gbps 5G 2020’s It – Services Convergence Up to 20Gbps
  • 11. 5G actual definition / roll out Far East, Usa Europe Roll out 3GPP Specification 3GPP is the mobile communication specification group 3GPP SA3 is the working group that develops security specifications
  • 12. 5G SBA Service Based Architecture
  • 13. So why 5G needs network slices?
  • 14. 5G Enhanced Subscriber privacy AMF SEAF S E P P S E P P SIDF UDR AUSF UDM ARPF Home NetworkServing Network - Home network Pub key is store in USIM
  • 15.  Cloud, virtualization, anything-as-a-service:  Reduce costs, deploy and optimize services more rapidly vs Increase dependency on secure software  Decoupling software and hardware means that software can no longer rely on the security attributes of dedicated hardware  Telecom network Application Programming Interfaces (APIs)  Mixing of provider with third-party applications, shared and dedicated hardware platforms  Strong self-contained & isolation caracteristics are necessary Wrapping up – 5G delivery models
  • 16. 5G Threat landscape and Privacy issue
  • 17. 5G Threat landscape 5G Security Requirements New Service (Use Cases) New Networking Technologies NFV/SDN, slicing, etc Action AnalysisAssets Analysis 5G Threats Analysis LTE Security Requirement + Enhancements Actor Analysis
  • 18. 5G Threat landscape Now - 4G, 3G or even 2G Mostly bare metal networks, with security measures primarily based upon - 3GPP defined mechanisms - Perimeter security, Network zoning and Traffic separation - Secure operation and maintenance - Reactive Security Measures - Network Element Security 5G Security landscape - Complex ecosystem with multiple stakeholders requires trusted and trouble-free interaction between them - Migration to NFV/SDN introduces new security challenges - Need for flexible security measures depending on use case - Growing influence of availability and integrity of network service on human security or even life
  • 19. 5G Threat landscape 4G 5G MME S-GW P-GW PCRF IMS Application servers HSS Edge Cloud Edge Cloud Edge Cloud Central Cloud AMF SMF UDM AUSF NEF UPF
  • 20. 5G Threat landscape - Assets Asset Definition is starting point of Threats analysis: Network Side  Core Network  Multi-access Edge Computing  Radio Access Network (RAN)  Physical Infrastructure  NFV, SDN Subscriber Side  User equipment (UEs)  User/device identity  User session  Application data - In storage, on network, in memory  APIs - Applications  Virtualisation  Management and orchestration  APIs - Interoperability
  • 21. 5G Threat landscape - Actors Who could be the attackers: Internal side  Fake Administrator  Privileged persons on inside  User - intentional  User - accidental External side  Government Actors  Cyber criminals  Hacktivists  Competitors  Former authorized user
  • 22. 5G Threat landscape - Actions What actors could do: Action Type  Spoofing Identify [Authentication] Impersonating something or someone else  Tampering [Integrity] Modifying data or code  Repudiation [Non-repudiation] Claiming to have not performed an action  Information Disclosure [Confidentiality] Exposing information to unauthorized user  Denial of service [Availability] Deny or degrade service to users  Elevation of Privilege [Authorization] Gain capabilities without proper authorization  Lateral Movement [Least Privilege] Gain access by crossing control boundary
  • 23. 5G Threat landscape - Threats So what threats we are facing: Same as in 4G  Fake access network node  IMSI Catching/SUPI (SUCI) Catching  Session hijacking  Signaling fraud on roaming networks New or more critical in 5G  Abuse by rogue cloud service provider  Memory scraping in SDN  Network virtualization bypassing  False or rogue MEC gateway  (Edge) API exploitation Abuse of lawful interception  Abuse of remote access  Lateral movement in the core network
  • 24. 5G Threat landscape – Surface 1 4 3 2 2 Access networks threats4 Core network threats1 Virtualization threats2 Multi-access edge computing threats3 4 5G Threats = Traditional IP-Based + Insecure legacy + New technologies
  • 25. 5G Threat landscape – NR Mobile Access points could move from the least scrutinised interface by hackers to the most, as the barrier to entry is lowered & at the precise time when traffic is set to explode.. 5G has to deliver a massive increase in connections for IoT (e.g. Massive MIMO). This requires more bandwidth. With higher millimetre wavelengths requiring a move to more small local base stations. Utilization other non non-cellular access (e.g.WiFi6) to supplement coverage. Again short range devices. Both drive more smaller, simpler, less physically secure 5G access points. The Internal Battle Lines
  • 26. 5G Threat landscape – Core NW  Exploitation of misconfigured systems and networks  Manipulation of network traffic and information gathering  API and control functions exploitation  Abuse of remote access  Abuse of third party hosted network functions  Lateral movement  Malicious flooding of core network components  Registration of malicious network functions
  • 27. 5G Threat landscape – Virtualize  Abuse on DCI (Data Centers Interconnect protocols)  Abuse of virtualized host  Network virtualization bypassing  Abuse of cloud resources
  • 28. 5G Threat landscape – NFVI Virtualized environments underpin 5G so core security.
  • 29. 5G Threat landscape – Cloud Application Plane VNF VNF VNF NETWORK Node/SDN/MANO VNFI / Hypervisor Blade / Server • Malware Injection Attack • Rogue VM • API Exploitation e.g., Fuzzing • SDN Surface • Network Manipulation • Traffic diversion/redirect • Injection attacks • Untrusted evacuation • VM escape • Rogue SW update • Hardware focus attacks (e.g. DDoS) • Exploiting known vulnerabilities • App manipulation • Password guessing • Buffer overflow • Privilege escalation • VNF impersonation • Route BGP/VRF injection • Traffic sniffing • Data model injections • VMI DKSM attacks • Memory / Side channel attacks • Storage attacks • External threats – Attacker can use a vulnerability in the user’s VM to take a control of it. • Threats from a cloud provider – Attacker can use a cloud misconfiguration for escalation of privileges or information disclosure. • Threats from another tenant – Attacker can run an escalation of privileges to escape their VM and take a control over the host and/or other tenants.
  • 30. 5G Threat landscape – MEC Main security Issues Remote Location + Limited size. Diverse technologies, services and suppliers (hybrid cloud) Attack Vectors DoS MitM API threats Inconsistent Security Policies VM Manipulation Privacy Leakage Unknowns!
  • 31. 5G Threat MEC Security Problems Faced by MEC ? Infrastructure Network (4G/5G, IoT, Wi-Fi, Ethernet) Physical Security Physical I/O Security Container Security Network Security VN Security Mirror Security API Security Data Security Security reinforcement Access Security Interface Security Traffic Security Access Security Police Security Networking Security Anti- DDos Data Security Interface Security API Security Data-plane gateway MEP APP Security Isolation APP lifecycle security Infrastructure Networks Physical facility layer Virtual facility layer Service Platform layer App security Management security Authentication management Authorization management Security Audit Security compliance Security Configuration baseline Security Incident response MEC  Physical security risk  Edge Cloud security risk  User-plane data security risks  MEC platform security risks  ME APP security risks  ME orchestration and management risks
  • 32. IoT & Supply Chain Hack of IoT Subsystem directly affects not only the service but potentially MNO wider issue as more 3rd parties interact more closely to the telecom infrastructure. Issue for all industries and so all IoT verticals 5G will support Applicable to 3rd, 4th party suppliers and partners Source of considerable research for Positive Technologies over the last 18 months
  • 33. Legacy 5G NSA roaming issues Statistic are conducted on many countries of all continents GTP
  • 34. 5G SA Roaming – The IPX Conundrum. Direct TLS +’s Simple, Secure -’s IPX not directly involved so not Value Added Services PRINS (PRotocol for N32 INterconnect Security) +’s IPX Value Added Services, Secure -’s More Complex with policies and certificates to keep under control. Outsource SEPP Functionality to IPX +’s Outsourced so less effort for operator -’s Security not in operators control, Roaming partner cannot ensure source How will SEPP be deployed?
  • 35. ENISA- 5G Threats & issues wrap up https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks Malicious code or software Exploitation of flaws in the architecture, design and configuration of the network Denial of service Abuse of Information Leakage Abuse of remote access to the network Exploitation of software, and/or hardware vulnerabilities Abuse of authentication Lawful interception function abuse Data breach, leak, theft and manipulation of information Unauthorized activities / network intrusions Identity fraud / account or service Spectrum sensing Compromised supply chain, vendor and service providers Abuse of virtualization mechanisms Signaling threats Manipulation of network configuration / data forging Nefarious activity / abuse of assets Threat Eavesdropping / Interception / Hijacking Disasters Unintentional damages (accidental) Outages Failures / malfunctions Legal Physical attacks
  • 38. Top challenges to address for MNO’s in 5G Security Migration from static bare metal architecture to NFV / Virtual / Cloud MNO’s transformation from 4G and 5G-NSA to 5G-SA : Virtualization Security, Cloud security 1. 3. Edge computing means Applications & exposed API security MNO's core network interfaces security with partner networks/VAS providers to be controlled/secured Handling backward compatibility with interconnected older network generations During 5G-NSA old 3-4G interconnections (SS7, Diameter/GTP). 2.
  • 39. 5G Threats modelling methodology • Per context threats analysis • Per segment Impact analysis • Cross context specific analysis • How to achieve this..
  • 40. Positive Technologies helps to address networks threats  Ensure application of baseline security requirements  Reinforce available capabilities and implementation of security measures in existing 5G solutions  Review or development of guidelines and best practices on network security  Ensure secure 5G network operation, management and monitoring  Increase the security of virtualized networks  Ensure strict access controls Professional servicesProducts
  • 41. 5G Full Security..requires e2e (full)visibility 4 3 2 2 Access networks threats4 Core network threats1 Virtualization threats2 Multi-access edge computing threats3 4 1
  • 42. Complete Telecom Operator Security Introduce security testing Network Architecture and Implementation Audit / Testing Start monitoring Impossible to prevent all network threats: detection is the key Implement Protection Deploy appropriate protection mechanism and get the most out of available solutions Assess Monitor Protect Auditing provides the essential visibility to fully understand your ever changing network risks. Continual real time monitoring is essential to measure network security efficiency and provide rapid detection and mitigation. Completely secure your network by addressing both generic vulnerabilities and the threats that actually effect you as an ongoing process.
  • 43. Products Core network protection  Signaling firewalling  Control plane threat detection  Discovery of malicious activities in internal traffic  Information security policy compliance  API integrity control & protection  Investigation of attacks
  • 44. Professional services Active security testing  Roaming interconnections  OSS/BSS components  Virtualization infrastructure  Access network  Device and firmware  Fuzz testing  Api testing
  • 45. Products Function Example of asset or infrastructure component protected Products used Signaling firewalling Core network, subscribers, billing TAD Next-Generation Signaling Firewall Control plane threat detection Core network, subscribers, billing TAD Intrusion Detection System (Threat intelligence telecom) Discovery of malicious activities in internal traffic TMN components, OSS/BSS, remote access/vpn, NFVI, Hypervisors, containers management subsystems etc Telecom Network Attack Discovery (Threat intelligence IT) Information security policy compliance TMN components, OSS/BSS, remote access/vpn, NFVI, MANO Hypervisors, containers management subsystems etc Telecom Network Attack Discovery (Threat intelligence IT) API attacks mitigation MEC, VAS partners Telecom Network Attack Discovery API Secure protection Investigation of attacks All mentioned above TAD Intrusion Detection System Telecom Network Attack Discovery
  • 46. Service catalog Testing Asset or infrastructure component to assess Type of assessment applicable Roaming interconnections All Core network nodes exposed via SS7, Diameter, GTP, PFCP, HTTP/2 interfaces SS7 security assessment Diameter security assessment GTP security assessment GSMA FS.11, FS.19, and IR.82 compliance testing Anti-Fraud Security Assessment OSS/BSS components TMN components, OSS/BSS, remote access/vpn OSS/BSS security assessment External penetration testing Virtualization infrastructure NFVI, Hypervisors, containers management subsystems, VMs, containerized applications/services Virtualization infrastructure security assessment Access network gNobeB, fronthaul network, EU access, SecGW 5G RAN security assessment External penetration testing Device and firmware security assessment (aka Supply chain) Device and firmware reverse Any type of device or firmware/software in the network Device and firmware security assessment (aka Supply chain) Fuzz testing Any type of network function with exposed interfaces Fuzz testing of protocols network protocols and interfaces Pentest, Impact Test API / Applications API / Web / application pentest and impact evaluation
  • 47. Recap  We’ve seen many risks inherited to extension of surface to be treated within context specifications, NFV, API, IOT, Applications o Simple configuration and security house keeping again shown to be a threat o 5G’s technology consolidations needs fully inclusive cyber security approach o E2E visibility & threat modelling per context are the keys for optimal visibility  Legacy protocols continue to be a risk in 5G NSA and potentially SA  Hackers methods are developing, security cannot be “deploy and forget”  As threat boarders multiply, many third parties companies software, device, communications need to be constantly monitored and controlled All Reports and White papers are available from the Positive Technologies website: https://positive-tech.com End to End Telecom Network Security
  • 48. Take a comprehensive security approach: positive-tech.com/products/ positive-tech.com/services/ Learn more about telecom security: positive-tech.com/articles/ New Webinar program Positive in media: Learn More from our experts with more at positive-tech.com contact@positive-tech.com @positive-tech Positive Technologies