GSMK. Cryptography Network Security. GSMK Oversight SS7 Firewall and Intrusion Detection System

Similar documents
VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

ORACLE ENTERPRISE COMMUNICATIONS BROKER

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Oracle Database Vault

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

NOSQL DATABASE CLOUD SERVICE. Flexible Data Models. Zero Administration. Automatic Scaling.

Oracle Learn Cloud. Taleo Release 16B.1. Release Content Document

Oracle Communications Diameter Signaling Router

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Oracle Solaris 11: No-Compromise Virtualization

An Oracle White Paper October The New Oracle Enterprise Manager Database Control 11g Release 2 Now Managing Oracle Clusterware

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Oracle Database Security Assessment Tool

Oracle Clusterware 18c Technical Overview O R A C L E W H I T E P A P E R F E B R U A R Y

Application Container Cloud

Oracle API Platform Cloud Service

Security Guide SAP Supplier InfoNet

An Oracle White Paper June Enterprise Database Cloud Deployment with Oracle SuperCluster T5-8

Oracle Mobile Application Framework

Sun Fire X4170 M2 Server Frequently Asked Questions

ORACLE FABRIC MANAGER

An Oracle Technical White Paper October Sizing Guide for Single Click Configurations of Oracle s MySQL on Sun Fire x86 Servers

See What's Coming in Oracle CPQ Cloud

Achieving End-to-End Security in the Internet of Things (IoT)

Positive Technologies Telecom Attack Discovery DATA SHEET

Corente Cloud Services Exchange

Oracle Service Cloud Agent Browser UI. November What s New

Oracle Financial Consolidation and Close Cloud. What s New in the November Update (16.11)

Create Individual Membership. This step-by-step guide takes you through the process to create an Individual Membership.

Oracle Mobile Hub. Complete Mobile Platform

Increasing Network Agility through Intelligent Orchestration

Mission-Critical Databases in the Cloud. Oracle RAC in Microsoft Azure Enabled by FlashGrid Software.

Your New Autonomous Data Warehouse

Extreme Performance Platform for Real-Time Streaming Analytics

An Oracle White Paper September Security and the Oracle Database Cloud Service

CONTAINER CLOUD SERVICE. Managing Containers Easily on Oracle Public Cloud

Oracle Utilities CC&B V2.3.1 and MDM V2.0.1 Integrations. Utility Reference Model Synchronize Master Data

1-7 Attacks on Cryptosystems

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

INTEGRATION CLOUD SERVICE. Accelerate Your Application Integration Across the Cloud and On Premises

An Oracle White Paper October Minimizing Planned Downtime of SAP Systems with the Virtualization Technologies in Oracle Solaris 10

Repairing the Broken State of Data Protection

ORACLE DATABASE LIFECYCLE MANAGEMENT PACK

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

Security for SIP-based VoIP Communications Solutions

An Oracle White Paper September, Oracle Real User Experience Insight Server Requirements

TABLE OF CONTENTS DOCUMENT HISTORY 3

Oracle Data Masking and Subsetting

Oracle Financial Consolidation and Close Cloud. What s New in the December Update (16.12)

Oracle Big Data SQL. Release 3.2. Rich SQL Processing on All Data

Express Monitoring 2019

Oracle Enterprise Performance Reporting Cloud. What s New in September 2016 Release (16.09)

StorageTek ACSLS Manager Software

JD EDWARDS ENTERPRISEONE USER EXPERIENCE

Deploy VPN IPSec Tunnels on Oracle Cloud Infrastructure. White Paper September 2017 Version 1.0

See What's Coming in Oracle Taleo Business Edition Cloud Service

Oracle GoldenGate for Big Data

Create Faculty Membership Account. This step-by-step guide takes you through the process to create a Faculty Membership Account.

APPLICATION BUILDER CLOUD. Application Creation Made Easy

Multi-Layer Security Protection for Signaling Networks

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB O R A C L E W H I T E P A P E R J A N U A R Y

Oracle TimesTen Scaleout: Revolutionizing In-Memory Transaction Processing

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Oracle Database Appliance X6-2S / X6-2M ORACLE ENGINEERED SYSTEMS NOW WITHIN REACH FOR EVERY ORGANIZATION

Overview. Implementing Fibre Channel SAN Boot with the Oracle ZFS Storage Appliance. January 2014 By Tom Hanvey; update by Peter Brouwer Version: 2.

How to Monitor Oracle Private Cloud Appliance with Oracle Enterprise Manager 13c O R A C L E W H I T E P A P E R J U L Y

COMPUTE CLOUD SERVICE. Moving to SPARC in the Oracle Cloud

Oracle Express CPQ for Salesforce.com

Robotic Zoning in a TFinity ExaScale Tape Library

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

MySQL ENTERPRISE EDITION

DATA INTEGRATION PLATFORM CLOUD. Experience Powerful Data Integration in the Cloud

Oracle Responsys. Release 18B. New Feature Summary ORACLE

Ingate SIParator /Firewall SIP Security for the Enterprise

Internet of Things Toolkit for Small and Medium Businesses

Oracle Big Data Connectors

October Oracle Application Express Statement of Direction

BT Compute Protect Schedule to the General Terms

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

Oracle Developer Studio 12.6

5 OAuth Essentials for API Access Control

Solutions Business Manager Web Application Security Assessment

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0

Oracle WebLogic Server Multitenant:

CogniFit Technical Security Details

Revision History Overview Feature Summary Knowledge Management Policy Automation Platform Agent Browser Workspaces Agent Browser Desktop Automation

ORACLE SOLARIS CLUSTER

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

NGN: Carriers and Vendors Must Take Security Seriously

Oracle Grid Infrastructure 12c Release 2 Cluster Domains O R A C L E W H I T E P A P E R N O V E M B E R

Oracle Communications Services Gatekeeper

Combating Cyber Risk in the Supply Chain

Oracle FLEXCUBE Direct Banking Release Dashboard Widgets Transfer Payments User Manual. Part No. E

Secure Network Design Document

Oracle Database Vault with Oracle Database 12c ORACLE WHITE PAPER MAY 2015

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Oracle Grid Infrastructure Cluster Domains O R A C L E W H I T E P A P E R F E B R U A R Y

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Transcription:

Cryptography Network Security GSMK Firewall and Intrusion Detection System

GSMK Firewall and intrusion detection system to prevent attacks via interconnect. Protect your Network s Achilles Heel. With the technical foundation of the protocol going back to the 70s, today's increasing network complexity requires strict policies and new tools to prevent fraud, hijacking or service disruption and espionage. The original system definition for was never meant to offer authentication or access control. The protocol designers had a closed network in mind, with only trusted parties being connected. Those inherent system vulnerabilities have recently been publicly exposed, opening the door for systematic violation on a global scale. The tremendous growth of independent entities with access, including MVNOs and certain micro-operators, has made it easier for malicious actors to purposefully exploit the protocol's weaknesses. Investigations commissioned by major network operators have shown a rapid increase in -based attacks. Basic filtering of messages to counteract intruders is neither sufficient for protecting operators from the financial impacts nor can it guarantee the network's integrity in terms of data security (see page 4). Without dedicated detection and protection beyond basic filtering, the existing core infrastructure can no longer be trusted: Subscriber privacy violations and data theft Subscribers can be located down to street level and the location can be continuously tracked. IMEI serial numbers can be read out, including call status and hardware information. Illegal interception of calls and messages Messages can be read and calls can be forwarded to unauthorized third parties using a number of alternative methods, including manipulation of subscriber data and crypto key exfiltration. Billing fraud The financial impact on billing fraud is highly relevant. Possible -based manipulations of subscriber data include unauthorized pre-paid to post-paid conversion and USSD-based attacks on credit transfers. Denial of service (DoS) Targeted attacks via ISD/DSD or general overloading of signaling links have recently gained in popularity. System Key Features Carrier-grade intrusion protection Scalable system architecture Compatible with redundancy requirements Centralized remote management Graphical UI - intuitive system handling Nodes based on Erlang/OTP Support for queries to enable plausibility checks (double check on subscriber location) 1, alternative provisioning of shadow database Support for velocity checks 1 Element profiling Rate limiting function 1 TAC (Tracking Area Code) blocking 1 Resilience 99.999% uptime Carrier grade SLA, CARE, Incidents Full M3UA support to allow integration in M2PA support Anonymised reports High flexibility in rules and actions Full OSS and cloud orchestration support 1 available with GSMK Protect 02

The Solution As a renowned industry leader in the field of strong encryption and network security, GSMK developed the system to enable comprehensive detection of network anomalies and reliable protection of interconnections, finally transcending old-style filtering. The system architecture provides seamless integration into existing signaling structures and complies with redundancy requirements within load balanced setups. Detection and Protection Network operators can choose between two implementation variants: The non-invasive Detect solution with real-time inspection, alarming and logging, or the Protect solution with active stateful packet inspection firewalling, alarming and logging. System Design The network security system, building on a modular and scalable approach, consists of the Manager, which constitutes the centralized backend, as well as a number of a number of Detector or Protector nodes according to the number of interconnect nodes to be secured. Advanced Features The system allows TCAP transaction tracking, rate limiting 1, velocity checks and TAC blocking 1 Active Countermeasures Firewall operations, filter language with pre-defined templates and network element profiling. Installation and Architecture See the following pages for an overview of the overall system architecture. Nodes are being placed in proximity to existing s and are connected via SIGTRAN. Depending on the selected system setup, signaling traffic runs through the nodes or is just being analyzed (by-passing). The system is flexible in terms of local or geo redundancy and allows multi-site setups as well as cloud orchestration support. Deployment GSMK supports its customers before, during and after deployment with an advanced requirement analysis, full deployment support, training, system swing-in calibration and tailor-made SLAs. Lab Version Lab versions are available for testing and maintenance purposes. Software The Erlang/OTP-based software and runtime environment enable a highly parallel, fault-tolerant, real-time non-stop system with maximum availability and scalability for reliable attack detection and parametrization. Hardware Collector nodes ( Protector and Detector) and the backend ( Manager) are based on high-performance industrial appliances. Analysis and visualization A major step into state-of-the-art analysis is the right graphical representation of raw data. Only then data becomes information and complex systems can be handled without time-consuming trainings. The backend system provides a state-of-the-art HTML5-based user interface ( Frontend) enabling intuitive and centralized system management. Visualizations allow different levels of operation, e.g. filter configuration, filter grouping, graphing, logs, reports and system administration. 1 available with GSMK Protect 03

Protect versus Filtering and SMS Home Routing Standard tools and their effectiveness compared with Filtering SMS Home Routing GSMK 1 Retrieving IMSI / Address Subscriber tracking Billing Fraud detection (pre-paid changed to post-paid) Call and SMS interception via CAMEL DoS via ISD/DSD (Disable calls / SMS / data) Supplementary Services 2 Stealing subscribers via updatelocation Block network-internal messages 3 4 5 Detect and block brute force and/or flooding attacks 1 available with Protect 2 E.g. setting call forwarding, executing USSD 3 E.g. Stealing Encryption keys, subscriber de-anonymisation 4 limited protection 5 not available 04

System Architecture Detect vs. Protect A Detection Setup S S Detector Node Detector Node Manager HTML Frontend Operator A Core Network S Operator B B Protection Setup Frontend Protector Node Manager S S Protector Node Core Network Operator C 05

User Interface Information visualization and system management 06

Hardware Information visualization and system management Detector or Protector Node High-grade applicance M2M Interface, Managed Code, 1RU rack mount, dual PSU, Raid 1, 4x ETH payload, 2x ETH control, dual firmware Manager Backend System Multi-Raid Setup, Databases, Storage, Shadow and Analyzer 07

- Gesellschaft für Sichere Mobile Kommunikation mbh Marienstrasse 11 10117 Berlin Germany Phone + 49-30-24 62 500-0 Telefax + 49-30-24 62 500-1 www.gsmk.de This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. The product names and logos mentioned in this document are trademarks or registered trademarks of their respective owners. V1.6_08.2015.1_MSF This document is GSMK Classified Information and not for general circulation. Regional Representative / Distributor

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback