A big challenge for mobile network operators in the new, ever-evolving 5G era is the signaling security of the standardized protocols used in order to exchange data. Telecommunication companies face this challenge and have to be on the verge every time there is a potential hacker attack. What is the best way to approach these striking threats and even to be ready before it occurs?
In our webinar, Positive Technologies will offer you several breakthrough strategies on how to deal with security flaws in telecom.
Our expert will show you the evolution of protocol security, share insights into the potential activities of a hacker and give useful advice about compliance with security standards.
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
Mobile network operators are planning to invest heavily in coming years to implement the transition to stand-alone 5G. However, in likening to 5G with interconnected infrastructure, 5G SA is prone to protocol vulnerabilities that can allow the malicious actor to impersonate subscribers, disclose subscriber profiles and cause a denial of service (DoS).
What you'll learn:
- How to spot the various types of threats in the 5G stand-alone core
- Network misconfigurations that open doors to attacks on subscribers
- 5G SA protocol components that malicious actors actively target
- An effective security strategy for the avoidance of network disruption
CTO at Positive Technologies, Dmitry Kurbatov discusses what kind of security risks are associated with 5G telecommunications networks and to what extent thеse risks could be managed. Topics include:
• How the 5G core network will work, and how it differs from the current telecom infrastructure.
• Benefits that the innovative 5G slicing technology can bring, and what its security risks will be.
• What new protocols, interfaces, and infrastructure-enhancing technologies like network functions virtualization will take off in the near future.
• Compatibility concerns with 4G, 3G, and 2G networks. What does this mean for 5G?
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
For the past decades, SS7 protocol has been our closest neighbor to support the roaming infrastructure. However, with untrusted agents exploiting this protocol and the migration to 5G, many operators are at risk of security data breaches and the inability to switch to 5G secure infrastructure fast. Especially now, when major cybersecurity organizations (ENISA) include signaling security in their 5G networks threat landscape, SS7 protocol has to come into the spotlight during the design stage.
Our live webinar, hosted by our telecom experts Federico Aureli, Technical Security Specialist, and Milan Brezina, Telecom and SMS fraud expert, reveals the trending topics in SS7 security and explains:
- Why SS7 will stay a long time even in the era of 5G
- Why mobile operators should take into account SS7 weaknesses
- What SS7 protocol real-life fraud cases exist
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
Telecom security is way more than SIP-breaking some peripheral PBXs and raking a few thousands of dollars of free calls. From the formerly closed garden of SS7 to new all-IP telecom protocols such as Diameter and LTE protocols, the telecom domain faces now both the challenges of availability -one minute of downtime costs literally millions- and signaling vulnerabilities cutting down entire countries, causing massive frauds and the all new networking protocols. These new telecom protocols are rolled out in IP-centric fashion, with its myriad of standard IP security pitfalls and vulnerabilities, as well as very specific telecom vulnerabilities. The HLR is not only using TCP/IP for OAM and business workflow, but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. That means that now telecom are facing new security risks both in term of exposure and threats, with its Core Network being exposed to unsophisticated IP-centered attackers, and the continuous waves of telecom-centered defrauders. In this presentation, we'll demo the new technologies of 3G and LTE networks and how to attack and defend them. We'll also show what kind of exposure one telecom companies, Mobile Network Operators and SS7 providers shows to external attackers.
Intermediate: 5G Applications Architecture - A look at Application Functions ...3G4G
In this tutorial we look at the 5G Applications architecture. We discuss 5G applications, application functions and application servers and how they fit together in a 5G Service Based Architecture
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
A quick look at 5G System architecture in Reference point representation and in Service Based representation and also look at the different Network Functions (NFs) within the 5G System.
A detailed look at 5G security by experts from wenovator, Dr. Anand R. Prasad & Hans Christian Rudolph.
This webinar covers:
(1) 5G security
(2) Private networks security and
(3) Open vRAN security
To learn more about wenovator, visit their website: https://www.wenovator.com/
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
Security Page: https://www.3g4g.co.uk/Security/
5G Page: https://www.3g4g.co.uk/5G/
Security Blog Posts: https://blog.3g4g.co.uk/search/label/Security
Free Training Videos: https://www.3g4g.co.uk/Training/
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
Mobile network operators are planning to invest heavily in coming years to implement the transition to stand-alone 5G. However, in likening to 5G with interconnected infrastructure, 5G SA is prone to protocol vulnerabilities that can allow the malicious actor to impersonate subscribers, disclose subscriber profiles and cause a denial of service (DoS).
What you'll learn:
- How to spot the various types of threats in the 5G stand-alone core
- Network misconfigurations that open doors to attacks on subscribers
- 5G SA protocol components that malicious actors actively target
- An effective security strategy for the avoidance of network disruption
CTO at Positive Technologies, Dmitry Kurbatov discusses what kind of security risks are associated with 5G telecommunications networks and to what extent thеse risks could be managed. Topics include:
• How the 5G core network will work, and how it differs from the current telecom infrastructure.
• Benefits that the innovative 5G slicing technology can bring, and what its security risks will be.
• What new protocols, interfaces, and infrastructure-enhancing technologies like network functions virtualization will take off in the near future.
• Compatibility concerns with 4G, 3G, and 2G networks. What does this mean for 5G?
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
For the past decades, SS7 protocol has been our closest neighbor to support the roaming infrastructure. However, with untrusted agents exploiting this protocol and the migration to 5G, many operators are at risk of security data breaches and the inability to switch to 5G secure infrastructure fast. Especially now, when major cybersecurity organizations (ENISA) include signaling security in their 5G networks threat landscape, SS7 protocol has to come into the spotlight during the design stage.
Our live webinar, hosted by our telecom experts Federico Aureli, Technical Security Specialist, and Milan Brezina, Telecom and SMS fraud expert, reveals the trending topics in SS7 security and explains:
- Why SS7 will stay a long time even in the era of 5G
- Why mobile operators should take into account SS7 weaknesses
- What SS7 protocol real-life fraud cases exist
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
Telecom security is way more than SIP-breaking some peripheral PBXs and raking a few thousands of dollars of free calls. From the formerly closed garden of SS7 to new all-IP telecom protocols such as Diameter and LTE protocols, the telecom domain faces now both the challenges of availability -one minute of downtime costs literally millions- and signaling vulnerabilities cutting down entire countries, causing massive frauds and the all new networking protocols. These new telecom protocols are rolled out in IP-centric fashion, with its myriad of standard IP security pitfalls and vulnerabilities, as well as very specific telecom vulnerabilities. The HLR is not only using TCP/IP for OAM and business workflow, but also now being named an HSS, it uses IP-only protocols such as Diameter for its Core Network signaling operations. That means that now telecom are facing new security risks both in term of exposure and threats, with its Core Network being exposed to unsophisticated IP-centered attackers, and the continuous waves of telecom-centered defrauders. In this presentation, we'll demo the new technologies of 3G and LTE networks and how to attack and defend them. We'll also show what kind of exposure one telecom companies, Mobile Network Operators and SS7 providers shows to external attackers.
Intermediate: 5G Applications Architecture - A look at Application Functions ...3G4G
In this tutorial we look at the 5G Applications architecture. We discuss 5G applications, application functions and application servers and how they fit together in a 5G Service Based Architecture
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
A quick look at 5G System architecture in Reference point representation and in Service Based representation and also look at the different Network Functions (NFs) within the 5G System.
A detailed look at 5G security by experts from wenovator, Dr. Anand R. Prasad & Hans Christian Rudolph.
This webinar covers:
(1) 5G security
(2) Private networks security and
(3) Open vRAN security
To learn more about wenovator, visit their website: https://www.wenovator.com/
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
Security Page: https://www.3g4g.co.uk/Security/
5G Page: https://www.3g4g.co.uk/5G/
Security Blog Posts: https://blog.3g4g.co.uk/search/label/Security
Free Training Videos: https://www.3g4g.co.uk/Training/
Ericsson brings new updates to its 5G platform. Introducing 5G network services to support operators from preparation to 5G launch. Ericsson 5G services roadmap spans across three distinct phases, Prepare, Mobilize and Launch. Through our service offerings, Operators can now evolve their 4G network and smoothly start introducing 5G, reaching new heights on their journey to 5G.
Part 6: Standalone and Non-Standalone 5G - 5G for Absolute Beginners3G4G
An introductory training on 5G for newbies available on Udemy - http://bit.ly/udemy5G
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
Shared/unlicensed spectrum is important for 5G and is valuable for wide range of deployments from extreme bandwidth by aggregating spectrum, enhanced local broadband to Internet of Things verticals. 5G New Radio (NR) will natively support all different spectrum types and is designed to take advantage of new sharing paradigms. We are pioneering 5G shared spectrum today by building on LTE-U/LAA, LWA, CBRS/LSA and MulteFire.
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...Mavenir
Dean Bubley, Founder of Disruptive Analysis and well known industry analyst, and Aniruddho Basu, Mavenir SVP/GM of Global Emerging Business, showcase the future of Private LTE & 5G Networks. Presentation from the "Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enterprises" webinar.
This updated presentation/video looks at 5G Network Architecture options that have been proposed by 3GPP for deployment of 5G. It covers the Standalone (SA) and Non-Standalone (NSA) architecture. In the NSA architecture, EN-DC (E-UTRA-NR Dual Connectivity), NGEN-DC (NG-RAN E-UTRA-NR Dual Connectivity) and NE-DC (NR-E-UTRA Dual Connectivity) has been looked at. Finally, migration strategies proposed by vendors and operators (MNOs / SPs) have been discussed.
A detailed look at what is meant by private networks, why do we need them and why the sudden interest in them. Also discussed is the 3GPP defined 5G Non-Public Networks (NPN), they architecture, implementation, pros and cons. In addition RAN sharing and Campus Networks are also discussed with regards to where they fit in the private networks.
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
6G Training Course Part 9: Course Summary & Conclusion3G4G
After our successful launch of '5G for Absolute Beginners' course (http://bit.ly/5Gbegins) in 2020, we decided to create an introductory training course on 6G Mobile Wireless Communications technology. The course is ready and the best way to navigate it is via the Free 6G Training page at: https://bit.ly/6Gintro - this will ensure that you have the latest version of each video and also the most recent version of the 6G technologies videos as and they are added.
In this part we are providing a summary of the course and concluding with the next steps. Hopefully you found this course informative and useful. Do let us know what you thought and how do you think the 6G journey will proceed.
This course is part of #Free6Gtraining initiative (https://www.free6gtraining.com/)
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
6G and Beyond-5G Page: https://www.3g4g.co.uk/6G/
Free Training Videos: https://www.3g4g.co.uk/Training/
Free 6G Training Blog: https://www.free6gtraining.com/
What exactly is a private 5G network?
A private 5G network is a local area network (LAN) that will use 5G technology to create a private network with unified connectivity, optimized services, and secure communication methods in a specific area.
In fact, the concept of a private 5G network has been around since the 2G/3G/4G era, and it is not new to us. A private network is a professional network that provides network signal coverage in a specific area to provide communication services to specific users.
In short, a private network is a dedicated network that provides network communication services for specific users. The difference between a public network and a private network is mainly that a public network serves the general public, while a private network serves specific objects.
5G/NR wireless communication technology overview, architecture and its operating modes SA and NSA. Also an introduction to VoNR and other services overview of 5G network.
The key technologies of 5G namely MIMO and Network slicing are also explained.
3GPP Packet Core Towards 5G Communication SystemsOfinno
This presentation provides an overview of 3GPP packet core and 5G systems. Some enabler features are outlined, such as network slicing. This presentation was prepared for the 20th Annual International Conference on Next Generation Internet and Related Technologies Net-Centric 2017 that was held at George Mason University.
Introduction of PS Core Network Elements and little bit of EPC/LTE Network. This is introductory slides pack for a 10 class/slides set for detail introduction of 2G/3G and LTE PS Core Network.
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21Coleago Consulting
A review for telecoms regulators and operators of key global developments, insights, trends, and best international practices, to inform future spectrum policy and management and operator strategies.
Setting off the 5G Advanced evolution with 3GPP Release 18Qualcomm Research
In December 2021, 3GPP has reached a consensus on the scope of 5G NR Release 18. This is a significant milestone marking the beginning of 5G Advanced — the second wave of wireless innovations that will fulfill the 5G vision. Release 18 will build on the solid foundation set by Releases 15, 16, and 17, and it sets the longer-term evolution direction of 5G and beyond. This release will encompass a wide range of new and enhancement projects, ranging from improved MIMO and application of AI/ML-enabled air interface to extended reality optimizations and broader IoT support.
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
Telecom providers build, operate, and manage integrated voice and data networks, transmitting and storing vast amounts of sensitive data. With 5G bringing eMBB and expanding the service portfolio of businesses, this volume is set to see a manifold increase, making them a golden goose for hackers.
Active work on the cyberattack prevention side is an absolute must for operators, and threat intelligence is one of the important pillars of robust security.
In this webinar we have an interactive discussion of the most common weaknesses and threats in 4G and 5G networks, plus:
How to implement a smart «risk-driven» approach to security
How to detect traces of cybercrime in signaling networks and prevent suspicious activities in telecom networks
How to make your SOC telecom-oriented
CSIRT and CERT: when it’s time to bring in outside expertise
Mobile operators across the globe have already started to roll out their 5G. It is here to stay and so security should be kept it mind ensuring the industry learns from the lessons of previous generous networks.
In 2020 our PT Telecom Attack Discovery (PT TAD) 5G-ready next-generation signaling firewall scored no. 1 on the security market.* Want to find out the reasons behind this accolade, then watch the record of our webinar to learn about an effective approach towards signaling security in the era of 5G.
During the live session Positive Technologies’ experts - Kirill Puzankov, Product Manager and Jimmy Jones, security telecoms expert:
explained how to implement security for Core networks quickly, efficiently and with fewer efforts
showed a demo on how telecom operators could withstand an attack or malicious actions using our next-generation Telecom Attack Discovery signaling Firewall
provided statistics and key trends in signaling security.
* According to ROCCO Signalling Firewall Vendor Performance Report 2020. https://positive-tech.com/research/rocco-report-2020/
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
In 2020, many telecommunication companies will debut their first commercial 5G networks. The 5G mission has become a hot-button topic for the entire telecom community. But these networks have inherited many threats from their 3G and 4G forebears. Long-known weaknesses in security protocols and algorithms have been baked into new 5G systems. This creates a perfect storm for threat actors to target 5G security weaknesses using their old tricks.
Watch the webinar recording, where PT experts Paolo Emiliani, Head of Pre-Sales Engineering team, and Jun Kim, Managing Director, Korea, help you to navigate the tricky path to 5G deployment and:
explain new 5G trust and service delivery models
assess the evolving 5G threat landscape and privacy issues
explore realms of 5G protection with a focus on real-life cases
discuss new and emerging 5G threats affecting telecom infrastructure and end devices
explain why roaming protection in 5G is a game-changer
underline essential mitigation techniques for 5G security
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
Ericsson brings new updates to its 5G platform. Introducing 5G network services to support operators from preparation to 5G launch. Ericsson 5G services roadmap spans across three distinct phases, Prepare, Mobilize and Launch. Through our service offerings, Operators can now evolve their 4G network and smoothly start introducing 5G, reaching new heights on their journey to 5G.
Part 6: Standalone and Non-Standalone 5G - 5G for Absolute Beginners3G4G
An introductory training on 5G for newbies available on Udemy - http://bit.ly/udemy5G
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
Shared/unlicensed spectrum is important for 5G and is valuable for wide range of deployments from extreme bandwidth by aggregating spectrum, enhanced local broadband to Internet of Things verticals. 5G New Radio (NR) will natively support all different spectrum types and is designed to take advantage of new sharing paradigms. We are pioneering 5G shared spectrum today by building on LTE-U/LAA, LWA, CBRS/LSA and MulteFire.
Mavenir: Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enter...Mavenir
Dean Bubley, Founder of Disruptive Analysis and well known industry analyst, and Aniruddho Basu, Mavenir SVP/GM of Global Emerging Business, showcase the future of Private LTE & 5G Networks. Presentation from the "Why and How Private LTE & 5G Networks Are Rapidly Evolving for Enterprises" webinar.
This updated presentation/video looks at 5G Network Architecture options that have been proposed by 3GPP for deployment of 5G. It covers the Standalone (SA) and Non-Standalone (NSA) architecture. In the NSA architecture, EN-DC (E-UTRA-NR Dual Connectivity), NGEN-DC (NG-RAN E-UTRA-NR Dual Connectivity) and NE-DC (NR-E-UTRA Dual Connectivity) has been looked at. Finally, migration strategies proposed by vendors and operators (MNOs / SPs) have been discussed.
A detailed look at what is meant by private networks, why do we need them and why the sudden interest in them. Also discussed is the 3GPP defined 5G Non-Public Networks (NPN), they architecture, implementation, pros and cons. In addition RAN sharing and Campus Networks are also discussed with regards to where they fit in the private networks.
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
5G Page: https://www.3g4g.co.uk/5G/
Free Training Videos: https://www.3g4g.co.uk/Training/
6G Training Course Part 9: Course Summary & Conclusion3G4G
After our successful launch of '5G for Absolute Beginners' course (http://bit.ly/5Gbegins) in 2020, we decided to create an introductory training course on 6G Mobile Wireless Communications technology. The course is ready and the best way to navigate it is via the Free 6G Training page at: https://bit.ly/6Gintro - this will ensure that you have the latest version of each video and also the most recent version of the 6G technologies videos as and they are added.
In this part we are providing a summary of the course and concluding with the next steps. Hopefully you found this course informative and useful. Do let us know what you thought and how do you think the 6G journey will proceed.
This course is part of #Free6Gtraining initiative (https://www.free6gtraining.com/)
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
6G and Beyond-5G Page: https://www.3g4g.co.uk/6G/
Free Training Videos: https://www.3g4g.co.uk/Training/
Free 6G Training Blog: https://www.free6gtraining.com/
What exactly is a private 5G network?
A private 5G network is a local area network (LAN) that will use 5G technology to create a private network with unified connectivity, optimized services, and secure communication methods in a specific area.
In fact, the concept of a private 5G network has been around since the 2G/3G/4G era, and it is not new to us. A private network is a professional network that provides network signal coverage in a specific area to provide communication services to specific users.
In short, a private network is a dedicated network that provides network communication services for specific users. The difference between a public network and a private network is mainly that a public network serves the general public, while a private network serves specific objects.
5G/NR wireless communication technology overview, architecture and its operating modes SA and NSA. Also an introduction to VoNR and other services overview of 5G network.
The key technologies of 5G namely MIMO and Network slicing are also explained.
3GPP Packet Core Towards 5G Communication SystemsOfinno
This presentation provides an overview of 3GPP packet core and 5G systems. Some enabler features are outlined, such as network slicing. This presentation was prepared for the 20th Annual International Conference on Next Generation Internet and Related Technologies Net-Centric 2017 that was held at George Mason University.
Introduction of PS Core Network Elements and little bit of EPC/LTE Network. This is introductory slides pack for a 10 class/slides set for detail introduction of 2G/3G and LTE PS Core Network.
Mobile spectrum and network evolution to 2025 slides coleago - 24 mar 21Coleago Consulting
A review for telecoms regulators and operators of key global developments, insights, trends, and best international practices, to inform future spectrum policy and management and operator strategies.
Setting off the 5G Advanced evolution with 3GPP Release 18Qualcomm Research
In December 2021, 3GPP has reached a consensus on the scope of 5G NR Release 18. This is a significant milestone marking the beginning of 5G Advanced — the second wave of wireless innovations that will fulfill the 5G vision. Release 18 will build on the solid foundation set by Releases 15, 16, and 17, and it sets the longer-term evolution direction of 5G and beyond. This release will encompass a wide range of new and enhancement projects, ranging from improved MIMO and application of AI/ML-enabled air interface to extended reality optimizations and broader IoT support.
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
Telecom providers build, operate, and manage integrated voice and data networks, transmitting and storing vast amounts of sensitive data. With 5G bringing eMBB and expanding the service portfolio of businesses, this volume is set to see a manifold increase, making them a golden goose for hackers.
Active work on the cyberattack prevention side is an absolute must for operators, and threat intelligence is one of the important pillars of robust security.
In this webinar we have an interactive discussion of the most common weaknesses and threats in 4G and 5G networks, plus:
How to implement a smart «risk-driven» approach to security
How to detect traces of cybercrime in signaling networks and prevent suspicious activities in telecom networks
How to make your SOC telecom-oriented
CSIRT and CERT: when it’s time to bring in outside expertise
Mobile operators across the globe have already started to roll out their 5G. It is here to stay and so security should be kept it mind ensuring the industry learns from the lessons of previous generous networks.
In 2020 our PT Telecom Attack Discovery (PT TAD) 5G-ready next-generation signaling firewall scored no. 1 on the security market.* Want to find out the reasons behind this accolade, then watch the record of our webinar to learn about an effective approach towards signaling security in the era of 5G.
During the live session Positive Technologies’ experts - Kirill Puzankov, Product Manager and Jimmy Jones, security telecoms expert:
explained how to implement security for Core networks quickly, efficiently and with fewer efforts
showed a demo on how telecom operators could withstand an attack or malicious actions using our next-generation Telecom Attack Discovery signaling Firewall
provided statistics and key trends in signaling security.
* According to ROCCO Signalling Firewall Vendor Performance Report 2020. https://positive-tech.com/research/rocco-report-2020/
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
In 2020, many telecommunication companies will debut their first commercial 5G networks. The 5G mission has become a hot-button topic for the entire telecom community. But these networks have inherited many threats from their 3G and 4G forebears. Long-known weaknesses in security protocols and algorithms have been baked into new 5G systems. This creates a perfect storm for threat actors to target 5G security weaknesses using their old tricks.
Watch the webinar recording, where PT experts Paolo Emiliani, Head of Pre-Sales Engineering team, and Jun Kim, Managing Director, Korea, help you to navigate the tricky path to 5G deployment and:
explain new 5G trust and service delivery models
assess the evolving 5G threat landscape and privacy issues
explore realms of 5G protection with a focus on real-life cases
discuss new and emerging 5G threats affecting telecom infrastructure and end devices
explain why roaming protection in 5G is a game-changer
underline essential mitigation techniques for 5G security
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
Both mobile operators and cybercriminals make heavy use of the SS7 protocol on previous-generation networks.
SS7 is old and vulnerable to attacks, yet will underpin the advanced networks of tomorrow. Learning more about SS7 is mission-critical for securing increasingly complex environments.
Watch the webinar to learn all about the ins and outs of SS7 for a smooth transition to 5G!
Our premium SS7 Security Analysis Report serves as a valuable knowledge base for cybersecurity specialists and network experts as they prepare for the security challenges of 2020. To access the report, go to: https://positive-tech.com/research/ss7-network-security-analysis-2020/
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
5G will mark the transition to an entirely new era in connectivity. It will link together critical infrastructure elements, making security an absolute imperative. This comes as no surprise — regulators have been enhancing their control over telecom security for some time already, as seen in the UK and Europe. We believe that this growth in regulative powers is part of a global tendency — one that is forcing change on all MNOs with regards to network security.
Our webinar covers:
- Types of threats in the 5G standalone core that you should be aware of (based on our exclusive research)
- Building appropriate guidelines to maintain reliability and resilience
- Reinforcing security strategy as a new global tendency in telecommunications, including an overview of recent changes to legislation in the UK and Europe
Security Gen Ensures Robust Telecom Security with Comprehensive AssessmentsSecurityGen1
Trust Security Gen to lead the way in Telecom Security Assessments, providing businesses with a user-friendly and comprehensive solution. Our assessments are designed to identify vulnerabilities within your telecom infrastructure, offering a roadmap to fortify against potential threats. Security Gen's commitment to staying ahead of the curve ensures that businesses can adapt to the evolving landscape of telecom security challenges.
Unlock the Future: SecurityGen's 5G Standalone SolutionsSecurity Gen
Embrace the power of 5G standalone technology with SecurityGen's innovative solutions. Experience enhanced network performance, reliability, and security with SecurityGen's advanced 5G infrastructure
Enhance Your Network Security with NGFW Firewall Solutions by SecurityGenSecurityGen1
Safeguard your network infrastructure against emerging threats with SecurityGen's Next-Generation Firewall (NGFW) solutions. Designed to provide advanced threat detection and prevention capabilities, our NGFW firewall offers comprehensive security features to protect your organization's sensitive data and assets. With integrated intrusion detection and prevention systems, application control, and advanced threat intelligence, SecurityGen's NGFW firewall ensures robust protection against a wide range of cyber threats.
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecuritySecurityGen1
Security Gen introduces a new era of safety with our advanced Signaling Security solutions. In an ever-changing landscape, effective communication is key to maintaining security. Our user-friendly signaling systems are designed to provide instant alerts and notifications, enhancing situational awareness for businesses and individuals alike. Whether it's for emergency response or routine monitoring, Security Gen's signaling security ensures a swift and precise flow of information, creating a secure environment tailored to your specific needs.
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen1
SecurityGen takes a pioneering stance in the realm of 5G security, offering services that redefine the standards of digital protection. Our user-friendly solutions are meticulously crafted to address the unique challenges posed by the 5G landscape. SecurityGen's 5G Security Services encompass real-time threat monitoring, encryption protocols, and adaptive defense mechanisms to keep your network secure in the face of sophisticated cyber threats. By choosing SecurityGen, businesses can embark on their 5G journey with peace of mind, knowing that they have a reliable partner dedicated to staying ahead of the curve in cybersecurity.
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsSecurityGen1
In a world where communication via text messages is integral to our daily lives, SMS fraud has become a growing concern. That's where SecurityGen comes into play. Our state-of-the-art SMS fraud detection technology is designed to safeguard your mobile communications. Using advanced algorithms and real-time analysis, SecurityGen's solution identifies and blocks fraudulent SMS messages, protecting you from phishing scams, malware, and other security threats.
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...SecurityGen1
With the advent of 5G technology, the complexity of network security has increased exponentially. To address this challenge, specialized 5G security services have emerged to provide tailored solutions to protect your network infrastructure. These services encompass a range of offerings, including threat intelligence, risk assessment, firewall management, intrusion detection, and incident response. 5G security services go beyond traditional security measures, taking into account the unique characteristics of 5G networks such as virtualization, network slicing, and edge computing.
Elevating Network Security through NGFW Firewalls.pdfSecurityGen1
With Cyber Guardian, network administrators gain full control and visibility over their network traffic. The NGFW firewall
functionality allows for granular control of applications, users, and content, enabling precise policy enforcement. Whether it's restricting access to certain websites or managing bandwidth allocation for specific applications, Cyber Guardian empowers administrators to tailor security measures to the unique requirements of their network.
Chrono Defend: Time-Traveling Safeguards through NGFW Firewall InnovationSecurityGen1
As the digital landscape expands exponentially, a paradigm shift in cybersecurity has emerged – the NGFW (Next-Generation Firewall) heralds a new era of safeguarding data in the quantum realm. Drawing inspiration from the mysterious world of quantum mechanics, the NGFW Firewall Nexus is a technological marvel that harnesses the power of quantum computing to decode and decrypt threats at a speed that defies classical computing limits. Its encryption algorithms are the equivalent of a digital lock that can only be unlocked by the right quantum key, rendering cyber intruders powerless.
However, this massively connected environment created by 5G and edge-based
computing presents a new and highly vulnerable threat landscape with potentially more
significant security risks to consider as cloud, data and IoT threats merge. Adversaries will
be able to spread malware via IoT networks, disrupt core functions and use routers as IoT
botnets to launch DDoS attacks. In this scenario, protecting the legacy LTE network will be
as crucial as the standalone 5G networks – as while a few 5G networks will be built from
scratch; most will need to integrate and interoperate with existing technologies and
infrastructure. All this means that traditional, rule-based security systems will no longer be
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesSecurityGen1
As the world transitions into the era of 5G technology, it brings with it transformative advancements in communication and connectivity. However, this rapid evolution also ushers in a new realm of concerns – 5g vulnerabilities. While 5G promises lightning-fast speeds, ultra-low latency, and the ability to connect a multitude of devices, it also introduces a broader attack surface for cybercriminals. The complex architecture of 5G, including its reliance on virtualization, software-defined networking, and a multitude of interconnected components, presents challenges in ensuring robust security.
SecurityGen takes a proactive stance in securing tomorrow's networks today with the unveiling of its advanced 5G security services. As the technological fabric of our society weaves itself with 5G capabilities, SecurityGen anticipates and addresses potential security gaps. Our services encompass not only state-of-the-art technological defenses but also strategic risk management, ensuring that organizations step into the 5G era fortified against a myriad of cyber threats.
Address 5G Vulnerabilities with SecurityGen's Expert SolutionSecurity Gen
Don't let 5G vulnerabilities compromise your network security. SecurityGen offers advanced solutions to mitigate and address 5G vulnerabilities, ensuring the integrity and reliability of your network infrastructure.
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
Security in wireless network is one of the prime concern in todays Information Age, where information is an asset not only to an organisation but also to an individual. Security to a great extent is able to protect the network from various unauthorized attacks. On the other side implementation of security mechanisms also causes an overhead in terms of increased load in the network. Further the increased load in the network paves path to congestion which degrades the performance of the wireless network. In this paper we try to highlight various challenges pertaining to security in mesh networks and the ways of reducing security threats. We propose an improved version of AODV which has a congestion avoidance mechanism. We also use a security technique called PGP for enhanced security of Mesh network. Mankiran Kaur | Jagjit Kaur"Security Technique and Congestion Avoidance in Mesh Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-1 | Issue-6 , October 2017, URL: http://www.ijtsrd.com/papers/ijtsrd4690.pdf http://www.ijtsrd.com/engineering/computer-engineering/4690/security-technique-and-congestion-avoidance-in-mesh-network/mankiran-kaur
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Similar to Signaling security essentials. Ready, steady, 5G! (20)
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
Telecom fraud is booming at an alarming rate worldwide to become a major source of revenue loss for mobile operators. According to the CFSA, mobile operators lost $28 billion to fraud in 2019. SIM swapping has again become a hot-button topic in the telecom industry. This worrying trend is provoking disputes between banks and telecoms and causing harm all around.
Our security experts Sergey Puzankov and Milan Březina show how to perform and protect from different attacks in the telecom world, including:
- SIM swapping
- A2P SMS termination with security bypass
- OTP SMS interception
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20PositiveTechnologies
Most operators plan to deploy 5G by relying on previous-generation 4G LTE networks with Non-Standalone architecture. The problem is that this approach will leave 5G subscribers with all the security issues of previous-generation networks.
Learn how to safely and systematically bring mobile networks up to 5G. In this webinar, Pavel Novikov, Head of the Telecom Security Research Team, discusses:
- Which new risks will appear with 5G deployment
- Why the 5G security architecture by itself is not enough to keep networks safe
- Why any 5G-only security efforts will be pointless
- How to protect 5G networks
How to stay aware of fraud and to prevent negative business-related consequences?
Our first webinar in Spanish is held by Giovani Henrique, Managing Director for Latin America, who discusses the business-oriented specifics of fraud mitigation using cybersecurity techniques. At this webinar, Giovani Henrique:
• Covers the types of fraud attacks
• Establishes detection techniques
• Gives recommendations on how to keep the competitive advantage and prevent revenue losses during the remote work
• Outlines the key statistical data over the market for Latin America
The key is to know your enemy!
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
Signaling security solutions are critical for protecting core networks. Telecom fraud these days can take many forms, from pervasive spam to gray routing and SIM farming.
The good news is that it's possible to identify threats and attack scenarios for a solid knowledge of the potential risks. Doing so requires approaching the issues seriously and being aware of the ways to mitigate vulnerabilities.
Watch the webinar to learn the types of SMS fraud attacks and detection techniques. With them, telecom companies can keep threats out and prevent revenue losses.
Do you want to stay ahead of fraud and be protected without fear of costly failure?
The key is to know your enemy!
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
In his 45-minute presentation, our expert demonstrates how an intruder can use new SS7 vulnerabilities to bypass security tools. You will find out why it is possible, how network equipment reacts to malicious traffic, and what can be done to secure telecom networks.
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
The newly discovered mobile threat Simjacker appears to be "a not-so-new" to the world of cybersecurity. Back in 2014, Positive Technologies reported the vulnerabilities in the mobile SIM cards and attacks that can be done via SMS. Now we prepared a presentation that outlines the overview of Simjacker threat and shows what steps are a must-do to handle it in time.
This presentation shows the insights of the successful maintenance and development of the designed tool for the Diameter protocol, raises awareness about other security protocols, and is of service to those who find protocol vulnerabilities daunting.
Nowadays mobile networks are the most dynamic part of critical communication infrastructures and the key instrument used to perform daily activities ranging from voice and text messaging to providing signaling for emergency services and critical infrastructure.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
2. Agenda
1/4 of presentation
V
Introduction about me and Positive Technologies
V
V
Security guidelines
V
Inherited and new security issues in 5G & IoT
The never ending battle
3. Who I am
Started as Telecommunication and Airlines system Engineer in 1996
System & Network Engineer in 2000
Broadband/Distributed Network Designer
(deployment of one of biggest private network based on DWDM technology)
Switched to security in 2010
Working, having fun in a team of eager security friends
@ Positive Technologies, since 2012
IoT Security Analyst
Signaling System 7
(SS7) security report
Vulnerabilities of
mobile Internet (GPRS)
2014 2016
Primary security threats
to SS7 cellular networks
2017
Threats to packet core
security of 4G network
Next-generation networks, next-level
cybersecurity problems (Diameter vulnerabilities)
2018
Diameter vulnerabilities
exposure report
2019
5G security
analytics
4. Positive Technologies at glance
V V
V
V
VV
17 years
of experience
in security development
and research
200+
zero-day vulnerabilities
discovered yearly
900 employees:
security engineers,
developers, analysts,
and others
200+
corporate security audits
performed for clients annually
250 experts
at our security
research center
50%
of all industrial and telecom
vulnerabilities are discovered
by our experts
We protect enterprise information
systems from cyberthreats by:
Creating products and solutions
Performing security audits
Investigating incidents
Researching threats
5. What we do
Competences:
Identification of threats and possible
attack scenarios in companies of any
business sphere
Global cybersecurity research
Wide range of products and services
portfolio: corporate, ICS, telecom,
financial, media, retail, government
National scale sports and government
cybersecurity service provider
Worldwide leadership
Web
Banking
ERP
Telecom
IoT
ICS
More IT technologies
penetrate
into other segments
6. Analytics
and research
OVER 20+
PUBLICATIONS YEARLY:
Quarterly reports on the latest cyber threats and
trends, forecasts and investigations of hacker
activity, industry-specific information
positive-tech.com/articles/
ptsecurity.com/ww-en/analytics
7. Agenda
2/4 of presentation
V
Introduction about me and Positive Technologies
V
V
Security guidelines
V
Inherited and new security issues in 5G & IoT
The never ending battle
9. 1G 2G 2.5G+ 3G 3.5G 4G 5G4.5G
How everything started for us
Tell a story about how we
started. The first SA, the first
findings, how we helped
customers
...and then how we continued
to help customers on 3G 4 & 4.5G, customers
everywhere are experiencing
the new trending cross
protocol attacks
...and then how we continued
to help customers on 3G
Stories about people
10. Protocol threat comparisons
Successful attacks by threat types
Threat
Percentage of vulnerable
networks (2017)
SS7
networks
Diameter
networks
Subscriber information disclosure 100% 100%
Network information disclosure 63% 75%
Subscriber traffic interception 89% —*
Fraud 78% 33%
Subscriber denial of service 100% 100%
* In the tested networks, SMS transmission using the Diameter network was not carried out.
To establish voice calls in 4G networks, the SIP protocol is used.
Possible different reasons for previous generations
out performing Diameter in certain areas.
SS7 threat awareness is higher
Diameter specific challenges
Positive Technologies have further research being
published very soon looking at Diameter.
Comparing 4G networks using Diameter against
earlier network generations
11. Positive Technologies
SS7 Research Facts and Figures
Threat
Average number
of attacks per day
Subscriber information disclosure 4,827
IMSI disclosure 3,087
Subscriber location disclosure 3,718
Subscriber profile disclosure 47
Network information disclosure 4,294
Fraud 62
Call redirection 2
USSD request manipulation 59
Real-time billing evasion 2
SMS interception 1
Disruption of service availability for subscribers 4
12. Positive Technologies
SS7 Research Facts and Figures
Threat
Average number
of attacks per day
Subscriber information disclosure 4,827
IMSI disclosure 3,087
Subscriber location disclosure 3,718
Subscriber profile disclosure 47
Network information disclosure 4,294
Fraud 62
Call redirection 2
USSD request manipulation 59
Real-time billing evasion 2
SMS interception 1
Disruption of service availability for subscribers 4
Hackers exploit SS7
flaws to drain bank accounts
February 2017, Germany
Perform phishing attack and
steal usernames/passwords
for bank accounts
Perform SMS interception
attacks via SS7 and obtain
one-time passwords
Use OTPs to confirm
money transfer
theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw
13. Causes of Diameter
Vulnerabilities
Encryption is formally mandatory, however not often used in home
and only occasionally at boundaries. In addition, encryption is peer-to-peer,
and not end-to-end so relies on trust
Substitution of the source is a specific behaviour of the Diameter protocol
where all responses must follow the same route the request came from.
Category 1
Category 2
Category 3
Successful Diameter attacks by GSMA FS.19 Category
* GSMA FS.19 document also describes the zero category but not considered here
CAT0
describes basic traffic filtering
at the network level
CAT1
includes configuring the
allowed interfaces and
messages on the DEA / DRA
CAT2
defines message filtering
and blocking by legitimacy
IMSI/source combination
CAT2
Operator mist cross reference
messages correspond to the
subscriber's motion matrix
(i.e. last fixed location and the
time since last location update).
Complex
14. Agenda
3/4 of presentation
V
Introduction about me and Positive Technologies
V
V
Security guidelines
V
Inherited and new security issues in 5G & IoT
The never ending battle
15. Convergence of
telecom and IT world
The 5G network core
is TCP/IP-based
These protocols are
open and well-known
Tools for finding and
exploiting vulnerabilities
are available to
any adversary
16. Where do I start … slicing
Splitting a network
into isolated slices
Allocating separate
(virtual) resources
Unique security
policies to each slice
17. Where do I start … slicing
more slices =
more virtual devices =
more configurations
BUT
1/3 successful attacks
during 4G network testing
due to misconfiguration
75% of corp harbored critical
or high-severity vulnerabilities
because of configuration flaws
Misconfiguration Misconfiguration Vulnerability in Rest API
Vulnerability in network equipment
18. New core, all virtual
Lots of VMs
and containers
Communication
over software bus
BUT NEF NRF PCF UDM AF
Network Exposure
Function
NF Repository
Function
Policy Control
Function
Unified Data
Management
Application
Function
AUSF
Authentication
Server Function
AMF
Core Access and Mobility
Management Function
SMF
Session Management
Function
Nnef Nnrf Npcf Nudm Naf
Nusf Namf Nsmf
UE (R)AN UPF DN
User Plane
Function
N2 N4
N5N3
N1
19. New core, all virtual, web-based
Example
of communication
between functions
Service Registration
Service Discovery
Session Establishment
Session
Establishment Request
HTTP PUT (NF register)
201 Created
HTTP PUT (NFDiscovery)
200 OK (List of SMSFs)
HTTP POST (Create PDU Session)
201 Created
20. More security by design but many
heterogeneous engress points
Plane Generation Protocol Authentication Confidentiality Integrity
2G/3G
SS7 — — —
GTPv1 — — —
4G
Diameter partial partial partial
GTPv2 — — —
5G HTTP/2 + + +
2G/3G/4G GTP — — —
5G
GTP-over-
IPSec
+ + +
Diameter usage can be
extended. Implementation is
under discussion with GSMA.
Encryption using IPsec can
provide more security in 5G.
But all the same was planned
for Diameter – never
implemented in real life.
Signaling /
Control
Data / User
21. The migration process
from 4G to 5G
The network evolution will happen in 2 steps
The existing network uses legacy
protocols. This stack of technologies
has security deficiencies that can lead
to data interception, fraud and DoS
attacks
During transition phase new 5G
radio network will be using EPC
since 5G core is not in place yet.
This means that all security issues
from the past are still relevant.
As soon as 5G standalone is
implemented it will probably solve
legacy security issues. But we need
to keep eye on new ones that will
definitely appear.
EPC
eNB
EPC
eNB gNB
EPC
eNB gNB
5GC
Today: 4G 2-5 years horizon:
Non-Standalone 5G
(Option #3, for instance)
In future:
Standalone 5G
22. Old/new threats applied
to the 5G architecture
An example 5G deployment
and the relevant attacks:
Data interception
Impersonation
Denial of Service
Asset compromise
etc.
24. Problem is still there and not solved
Hacking 5G will be possible as hacking the web or enterprise
Difficulty of bypassing the perimeter (percentage of systems) Security level (percentage of web applications)
25. Now what can a hacker do?
Easily
From
anywhere
Any mobile
operator
No special
skills needed
Steal your money
Get access to your
email and social media
Track your location
Intercept your data, calls,
and SMS messages
Take control of
your digital identity
from
GSM to 5G
Different protocols
SAME THREATS
Perform massive
denial-of-service attacks
26. Briefly about IoT
GARTNER: "By 2020, over 25% of identified attacks in enterprises will involve IoT"
32%
37%
24%
8%
0
5
10
15
20
25
30
35
40
1 2 3 4
Smart metering
Gas metering
Water metering
Smart cities
Streetlights
Parking
Waste management
Consumer
White goods
People tracking
Smart buildings
Alarm systems
HVAC
Access control
Agriculture / Environment
Land / Environment monitoring
Pillution monitoring
Animal trackingAlready
use IoT
Preparing to
implement IoT
Will wait
and see
Will wait as long
possible
27. Guess how easy is it?
Millions of connected IoT devices mean
millions of potential botnet soldiers
Mirai,
500K devices
in botnet
2016
1M potentially
vulnerable
2019 TOTAL RESULTS 1,086,395
TOP COUNTRIES
28. Application
Network
Device
IoT/Cellular IoT Device
Reserve Analyze and Security
Assessment on IoT Device
M2M SIM
SS7 SA, GTP SA
Diameter SA,
Secure Network
GTP SA,
Penetration Testing
IoT Web &
Mobile App
Web and Mobile
Application
Testing
MNO IoT
Manegement
System
Penetration
Testing
SIM
Management
Platform
Penetration
Testing
Big Data
Platform
Penetration
Testing
Management Level:
Service Providers IoT
with Private offices
for B2B Clients
Penetration Testing
To Secure IoT you have
to know its DNA
30. Security
recommendations
GSMA
FS.07 SS7 and SIGTRAN Network Security
FS.11 SS7 Interconnect Security Monitoring Guidelines
IR.82 Security SS7 implementation on SS7 network
guidelines
FS.21 Overview document on SS7 Diameter and GTP.
FS.19 Diameter Protocol Security
IR.88 Provides detail on Diameter & GTP protocols
and interworking with SS7
FCC
FCC Public Notice and CSRIC's Legacy
Systems Risk Reductions Report
ENISA
Signaling Security in Telecom
SS7/Diameter/5G. EU level assessment
of the current situation
31. GSMA Recommendations
Explained
GSMA
FS.07
GSMA
FS.11
GSMA
FS.82
Monitoring
Filtering
SS7 Interconnect security monitoring and firewall guidelines
SS7 and SIGTRAN network security
SS7 security network implementation guidlines
1.1 Overview
Signalling System 7 (SS7) was designed and initially deployed for a closed telecommunications community because
relatively few telephone companies with well-defined network boundaries existed. Therefore, SS7 possesses limited
security capabilities, but that environment no longer exists because of market liberalization/deregulation.
1.1 Overview
This document is designed to outline at a high level how mobile operators can monitor and sample interconnect Signalling
System 7 (SS7) traffic to investigate if they have experienced, or are likely to experience, unwanted or malicious SS7 traffic
that may affect their network, and to improve the protection of their networks against such traffic. It outlines signs of
abnormalities, how operators can handle these abnormalities to protect their networks, and how an operator can report
these abnormalities to the GSMA.
1.1 Overview
This document describes the different recommended and practical technical details of SS7 security aspects implemented
by PLMNs or carriers in order to counter potential SS7 attacks.
Earlier versions of this document (before 2014) were focussed only on SMS and the scope is now extended to all SS7
messages, including MAP and CAP signalling.
32. GSMA Recommendations
Explained
GSMA
FS.19
GSMA
FS.21
GSMA
FS.88
Diameter interconnect security
Interconnect signaling security recommendations
LTE and EPC Roaming guidlines
1.1 Overview
Mobile network operators (MNOs) have historically treated all signaling messages received from outside the network as trusted and
necessary/ As access to and use of the signaling networks has evolved, interconnect signaling protocols such as Signaling System number
7 (SS7), Diameter, and the GPRS Tunneling Protocol (GTP) have been discovered to be vulnerable to exploitation, potentially enabling
attackers to perform eavesdropping, service denial, location tracking and fraud. The GSMA has produced recommendations for mobile
operators to mitigate these risks and prevent attacks by monitoring and filtering signaling traffic, leading to greater protection for their
customers and businesses/ This document provides a risk-based introduction to the topic in a non-technical manner.
1.1 Overview
This document outlines potential Diameter based attacks against mobile networks and their customers, and
countermeasures for those attacks. It aims to provide an understanding of potential risks, threats and countermeasures
related to LTE and 5G interconnection security to GSMA members. This document describes attacks and countermeasures
known to the authors at the time of publication, but future research may highlight possible new attacks at any time. The
full details of technical countermeasures can be found in GSMA permanent reference document (PRD) IR.88 [9].
1.1 Overview
This document aims to provide a standardised view on how Long Term Evolution (LTE) and Evolved Packet Core (EPC)
networks can interwork in order to provide "Next Generation Mobile Network" capabilities when users roam onto a
network different from their HPMN. Expectations of the "Next Generation Mobile Network” capabilities are described in
the GSMA Project Document: Next Generation Roaming and Interoperability (NGRAI) Project Scope White Paper [16].
33. Complete Telecom
Operator Security
V
GSMA Recommendations
Start monitoring
Impossible to prevent signaling network
access: detection is the key
GSMA, Interconnect Security
The usage of automated ways of testing
and monitoring may become mandatory Assess
Monitor
Protect
Auditing provides the essential
visibility to fully understand your
ever changing network risks.
Continual real time monitoring is essential
to measure network security efficiency
and provide rapid detection and mitigation.
Completely secure
your network by
addressing both
generic
vulnerabilities
(GSMA) and the
threats that actually
effect you as an
ongoing process.
34. Complete Telecom
Operator Security
V
GSMA Recommendations
Start security testing
Network Architecture and
ImplementationAudit / Testing
Auditing … is the only way to ensure
that security is working the way it should
A variety of attacks have already been successfully
performed on production network equipment of MNOs
Only a comprehensive approach to security will
result in effectively countering the attacks described
Assess
Monitor
Protect
Auditing provides the essential
visibility to fully understand your
ever changing network risks.
Continual real time monitoring is essential
to measure network security efficiency
and provide rapid detection and mitigation.
Completely secure
your network by
addressing both
generic
vulnerabilities
(GSMA) and the
threats that actually
effect you as an
ongoing process.
35. Step 1. Introduce monitoring
of signaling security
Step 1 Step 2 Step 3 Step 4 Step 5
Why you need it
Your network is being attacked right now:
focus your attention on the vulnerabilities
being exploited in real-time
Always be aware of new breaches
and threats
Follow GSMA recommendations
on security monitoring (FS.11)
Results
Ability to take proactive measures
during early stages of an attack
Empirical evidence for the
operator showing the likely sources
of illegitimate traffic
How to do it
Install SS7 security monitoring system
Route copy of external signaling traffic
to the system
Identify malicious traffic
and its sources in real time
36. PT—TAD (Treat inteligence – IDS)
Passive traffic taps feed
monitor with raw traffic
or traffic copy
Detect dangerous traffic
and list active attack
sources
Analyze and prioritize
real threats for your
network and subscribers
37. Step 2.
Implement protection measures
Step 1 Step 2 Step 3 Step 4 Step 5
Why you need it
You already know your attack
exposure and which vulnerabilities are
being exploited, so now protect your
network immediately
Results
Improved security level
of the network
Reduction in the number
of attack attempts
How to do it
Create a filtering policy
Fine-tune network configuration
Contact the MNOs that originate
suspicious traffic
39. Step 3.
Signaling security assessment
Step 1 Step 2 Step 3 Step 4 Step 5
Why you need it
Gain visibility into signaling network
vulnerabilities
See your network the way a hacker sees it
Follow GSMA recommendations (IR.82)
Results
Understanding of all existing
vulnerabilities
Step-by-step plan for mitigating
weaknesses before intruders start
abusing them
How to do it
Scan the network from international
signaling vantage point
Use advanced methods to check whether
current security tools are effective
41. Step 4.
Threats Validation / evaluation
Step 1 Step 2 Step 3 Step 4 Step 5
Why you need it
Identify threats and risks
Evaluate which risks are most
urgent for your company
Results
Informed decision
Tailored strategy
Effective action plan
How to do it
You already know:
Your network flaws
Vulnerabilities that are being exploited
Vulnerabilities that could be exploited in the future
Malicious countries, operators, and sources
Attacked subscribers
With all information at hand,
now decide which risks to tackle first
42. Step 5.
Deploy security process
Step 1 Step 2 Step 3 Step 4 Step 5
Why you need it
Once you have an action plan and
know exactly what to do, it’s time
to implement your security strategy
Then check that the implemented
measures are effective
Results
Persistent awareness of the state
of security on your network
Benchmarking of the security level
Immediate reaction to security
incidents
How to do it
Continue security monitoring
Respond to threats as they occur
Scan the network regularly
43. Conclusion
Assess
Monitor
Protect
Auditing provides essential
visibility to fully understand your
ever-changing network risks.
Non-stop real-time monitoring is essential for
verifying the effectiveness of network security
and supporting rapid detection and mitigation.
Completely secure
your network by
addressing both
generic
vulnerabilities
(GSMA) and the
threats that actually
affect you as part of
an ongoing process.
Visibility is the key to securing any protocol
as it allows informed security decisions
Protection is possible using a number
of strategies
Expert support speeds mitigations
and reduces resource demands
Security is an ongoing process
and developing so long term easily
actionable strategy is key
46. And new MQTT—
Enterprise landscapes
Technical aspect and Benefits
Ability to filter out/in topics allowed
Real-time dashboard & centralized console to:
manage all IoT Firewalls in the domain
view and manage attacks/exclusions/configurations
Ability to drill-down into single firewall’s event
Compact, yet powerful, dedicated hardware or Vm
TLS offloading
Monitor of anomalies of publisher/
subscriber by DPI
Parse and identify anomalies automatically
(HMM) or manually (with regex)
Ability to manage certificates for authentic-
cation with self-signed CA or their own CA
47. IoT How to secure?
IoT/NB-IoT Device
Reserve Analyze and Security
Assessment on IoT Device
M2M SIM
SS7 SA, GTP SA
Diameter SA,
Secure Network
GTP SA,
Penetration Testing
IoT Web &
Mobile App
Web and Mobile
Application
Testing
MNO IoT
Manegement
System
Penetration
Testing
SIM
Management
Platform
Penetration
Testing
Big Data
Platform
Penetration
Testing
Management Level:
Service Providers IoT
with Private offices
for B2B Clients
Penetration Testing
Multi-Discipline Security
Supply chain security certification / SA
Potentially Requires Large
Operator Security Team — Or Partnership
with a Large or Multiple Security Suppliers
Continually Developing Services
Ongoing and Growing
Security Testing + MQTT FW
48. 5G deployment
verification
Ensure protection
where interoperability
required from day one
Secure new
interfaces and
communications
channels
Safeguard
SDN/NFV and
virtual environment
Implement policies
separately for
network slices
Take IoT in your
network under control
where possible
49. Get support
from our experts
Take a comprehensive
security approach:
positive-tech.com/products/signalling-firewall/
positive-tech.com/products/signalling-ids/
positive-tech.com/services/express-monitoring/
positive-tech.com/services/gsma-compliance-check/
positive-tech.com/services/telecom-security/
positive-tech.com/services/iot-security/
Learn more about
telecom security:
positive-tech.com/articles/5g-security-issues/
positive-tech.com/articles/ss7-vulnerability-2018/
positive-tech.com/articles/next-generation-networks-next-level-
cybersecurity-problems/
with more at
positive-tech.com
contact@positive-tech.com