Uploaded bykeerthanaviswa123
PPTX, PDF10 views

MEC the vulnerable entities in a 5G network

MEC is one of the vulnerable entities in a 5G network, as it gets deployed at the edge of the network. The risk can be minimized by deploying endpoint protection software in the MEC host. MEC applications and services can be protected and secured by configuring and enforcing application or service specific policies. For example, configuring role-based access control for administrators managing the MEC applications and services. In addition, implement monitoring to provide enhanced visibility of the MEC applications, MEC services and the MEC infrastructure components.

Embed presentation

Download to read offline
Mitigating the Threats Unit V
Introduction • Mitigating the threats can be done by protecting 4 main platforms of 5G • Protecting the MEC infrastructure • Protecting the Core Network • Protecting the Virtualized Infrastructure • Protecting the CPE and Small Cell devices
Protecting the MEC infrastructure • MEC is one of the vulnerable entities in a 5G network, as it gets deployed at the edge of the network. • The risk can be minimized by deploying endpoint protection software in the MEC host. • MEC applications and services can be protected and secured by configuring and enforcing application or service specific policies. • For example, configuring role-based access control for administrators managing the MEC applications and services. • In addition, implement monitoring to provide enhanced visibility of the MEC applications, MEC services and the MEC infrastructure components.
Protecting the MEC infrastructure (Contd..) • For example, • Keeping track of activities of various logged-in administrators • Collection of system resource utilization and system performance snapshots at various time intervals etc., • As MEC is open to several third parties for running their own custom applications, it is better to deploy firewalls for DDOS protection, malware protection and API protection.
Protecting the Core Network
Protecting the Core Network • Core network can be protected by using several mechanisms. • Micro segmentation is one of the emerging trends in the security landscape. • Micro segmentation helps in protecting the core network, allowing administrators to control the communication between different components in the core network. • Micro segmentation allows policies to be configured at different levels such as Virtual Machine (VM) level, Operating System (OS) level, application level and at the flow-level. • Data exchanged over the network can be protected by encrypting data using traditional methods such as IPSEC and VPN.
• NAT allows network administrators to isolate select internal networks and prevents access to those networks from the external world. • Network administrators can deploy CGNAT (Carrier Grade NAT) functions to isolate networks. • In addition, service providers can deploy firewalls to protect the network and implement monitoring of the end-to-end core network functions.
Protecting the Virtualized Infrastructure • 5G brings-in additional complexity to the operations teams, in deploying, managing and securing the network infrastructure - as several 5G components are deployed in a virtualized infrastructure. • In order to protect, the Virtualized Network Functions (VNFs), service providers have to turn-on DNS level security features to block bad domains and bad talkers from accessing the network. • Network operations teams must deploy security software that blocks compromised VNFs, prevents VM hopping and blocks container image packages with vulnerabilities. • In addition, Virtualized Infrastructure components must be continuously monitored for added protection.
Protecting the CPE and Small Cell devices • In 5G, several equipment such as the Customer Premise Equipment (CPE) and Small Cells are deployed closer to the user or at the user premise. • In such cases, encryption of sensitive data stored in non-secure physical locations is a must. • All the CPE or Small Cell devices connecting to the service provider’s 5G network should validate firmware and software packages cryptographically at the time of booting. • When vulnerable software packages are detected, the security teams must be alerted, and the software must be rolled back to a trusted version.
• The devices can provide a Trusted Executive Environment (TEE) to isolate resident applications on the devices, by leveraging hardware capabilities. • Each device connecting to the network should authenticate itself at the time of connecting to the network. • This can be achieved through certificate-based authentication. • Service providers can pre-provision device credentials in the certificate and install them on the device, before shipping the device to the field. • In addition, device location can be continuously tracked by embedding a GPS chipset in the device. The location of the device can be validated during the connection establishment process.

More Related Content

PPTX
5G Security Training by TelcoLearn - 5G Security
bysanjaynolkha
 
PDF
FRntelecommminucation xdxzV sdf vzxdgfbOG_38-6.pdf
byblueteam1405
 
PDF
Network Security Roadmap have some perception of provided security
byslametarrokhim1
 
PDF
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
bySecurityGen1
 
PDF
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
bySecurityGen1
 
PDF
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
bySecurityGen1
 
PDF
Unveiling SecurityGen's Advanced 5G Security Services
bySecurityGen1
 
PDF
Address 5G Vulnerabilities with SecurityGen's Expert Solution
bySecurity Gen
 
5G Security Training by TelcoLearn - 5G Security
bysanjaynolkha
 
FRntelecommminucation xdxzV sdf vzxdgfbOG_38-6.pdf
byblueteam1405
 
Network Security Roadmap have some perception of provided security
byslametarrokhim1
 
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
bySecurityGen1
 
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
bySecurityGen1
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
bySecurityGen1
 
Unveiling SecurityGen's Advanced 5G Security Services
bySecurityGen1
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
bySecurity Gen
 

Similar to MEC the vulnerable entities in a 5G network

PPTX
Adoption of Next-Generation 5G Wireless Technology for “Smarter” Grid Design;...
byAlidu Abubakari
 
PDF
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
bySecurityGen1
 
PPTX
Security course: exclusive 5G SA pitfalls and new changes to legislation
byPositiveTechnologies
 
PDF
Security_for_5G_Mobile_Wireless_Networks (1).pdf
by4nm18is123SunidhiSir
 
PDF
Load Balanced Attack Defense System with Lightweight Authentication and Modif...
byijcncjournal019
 
PDF
Load Balanced Attack Defense System with Lightweight Authentication and Modif...
byIJCNCJournal
 
PDF
Quick Quote App Portfolio
byNexus Publishing
 
PPTX
5G mission diary: Houston, we have a problem
byPositiveTechnologies
 
PDF
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
bySecurityGen1
 
PDF
SecurityGen's Pioneering Approach to 5G Security Services
bySecurityGen1
 
PDF
Securing the 5G growth story with NFVi.pdf
bySecurity Gen
 
PDF
Securing the 5G growth story with NFVi (1).pdf
bySecurity Gen
 
PDF
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
bySecurityGen1
 
PDF
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
byIRJET Journal
 
PDF
Building a chain of trust from the device to the cloud in 5G
byPaul Bradley
 
DOCX
5G_Upload.docx
bySun Technologies
 
PDF
Cor review2018-a
byNexus Publishing
 
PDF
Gemalto Review: 5G Feature
byNexus Publishing
 
PDF
What are the 5G network security issues?
byAntenna Manufacturer Coco
 
PDF
What are the 5G network security issues?
byAntenna Manufacturer Coco
 
Adoption of Next-Generation 5G Wireless Technology for “Smarter” Grid Design;...
byAlidu Abubakari
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
bySecurityGen1
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
byPositiveTechnologies
 
Security_for_5G_Mobile_Wireless_Networks (1).pdf
by4nm18is123SunidhiSir
 
Load Balanced Attack Defense System with Lightweight Authentication and Modif...
byijcncjournal019
 
Load Balanced Attack Defense System with Lightweight Authentication and Modif...
byIJCNCJournal
 
Quick Quote App Portfolio
byNexus Publishing
 
5G mission diary: Houston, we have a problem
byPositiveTechnologies
 
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
bySecurityGen1
 
SecurityGen's Pioneering Approach to 5G Security Services
bySecurityGen1
 
Securing the 5G growth story with NFVi.pdf
bySecurity Gen
 
Securing the 5G growth story with NFVi (1).pdf
bySecurity Gen
 
SecurityGen's OSS/BSS Solutions: Navigating the Complexity of Modern Operations
bySecurityGen1
 
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
byIRJET Journal
 
Building a chain of trust from the device to the cloud in 5G
byPaul Bradley
 
5G_Upload.docx
bySun Technologies
 
Cor review2018-a
byNexus Publishing
 
Gemalto Review: 5G Feature
byNexus Publishing
 
What are the 5G network security issues?
byAntenna Manufacturer Coco
 
What are the 5G network security issues?
byAntenna Manufacturer Coco
 

Recently uploaded

PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
How to Evaluate a High Performance Database
byScyllaDB
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 

MEC the vulnerable entities in a 5G network

  • 1.
  • 2.
    Introduction • Mitigating thethreats can be done by protecting 4 main platforms of 5G • Protecting the MEC infrastructure • Protecting the Core Network • Protecting the Virtualized Infrastructure • Protecting the CPE and Small Cell devices
  • 3.
    Protecting the MECinfrastructure • MEC is one of the vulnerable entities in a 5G network, as it gets deployed at the edge of the network. • The risk can be minimized by deploying endpoint protection software in the MEC host. • MEC applications and services can be protected and secured by configuring and enforcing application or service specific policies. • For example, configuring role-based access control for administrators managing the MEC applications and services. • In addition, implement monitoring to provide enhanced visibility of the MEC applications, MEC services and the MEC infrastructure components.
  • 4.
    Protecting the MECinfrastructure (Contd..) • For example, • Keeping track of activities of various logged-in administrators • Collection of system resource utilization and system performance snapshots at various time intervals etc., • As MEC is open to several third parties for running their own custom applications, it is better to deploy firewalls for DDOS protection, malware protection and API protection.
  • 5.
  • 6.
    Protecting the CoreNetwork • Core network can be protected by using several mechanisms. • Micro segmentation is one of the emerging trends in the security landscape. • Micro segmentation helps in protecting the core network, allowing administrators to control the communication between different components in the core network. • Micro segmentation allows policies to be configured at different levels such as Virtual Machine (VM) level, Operating System (OS) level, application level and at the flow-level. • Data exchanged over the network can be protected by encrypting data using traditional methods such as IPSEC and VPN.
  • 7.
    • NAT allowsnetwork administrators to isolate select internal networks and prevents access to those networks from the external world. • Network administrators can deploy CGNAT (Carrier Grade NAT) functions to isolate networks. • In addition, service providers can deploy firewalls to protect the network and implement monitoring of the end-to-end core network functions.
  • 8.
    Protecting the VirtualizedInfrastructure • 5G brings-in additional complexity to the operations teams, in deploying, managing and securing the network infrastructure - as several 5G components are deployed in a virtualized infrastructure. • In order to protect, the Virtualized Network Functions (VNFs), service providers have to turn-on DNS level security features to block bad domains and bad talkers from accessing the network. • Network operations teams must deploy security software that blocks compromised VNFs, prevents VM hopping and blocks container image packages with vulnerabilities. • In addition, Virtualized Infrastructure components must be continuously monitored for added protection.
  • 9.
    Protecting the CPEand Small Cell devices • In 5G, several equipment such as the Customer Premise Equipment (CPE) and Small Cells are deployed closer to the user or at the user premise. • In such cases, encryption of sensitive data stored in non-secure physical locations is a must. • All the CPE or Small Cell devices connecting to the service provider’s 5G network should validate firmware and software packages cryptographically at the time of booting. • When vulnerable software packages are detected, the security teams must be alerted, and the software must be rolled back to a trusted version.
  • 10.
    • The devicescan provide a Trusted Executive Environment (TEE) to isolate resident applications on the devices, by leveraging hardware capabilities. • Each device connecting to the network should authenticate itself at the time of connecting to the network. • This can be achieved through certificate-based authentication. • Service providers can pre-provision device credentials in the certificate and install them on the device, before shipping the device to the field. • In addition, device location can be continuously tracked by embedding a GPS chipset in the device. The location of the device can be validated during the connection establishment process.