NGN: Carriers and Vendors Must Take Security Seriously

Similar documents
Central and Eastern Europe: Premises Switching Equipment Market Share, 2002 (Executive Summary) Executive Summary

NGN: The Evolution of Wireless Networks

SOHO and Residential Routers: Worldwide Market Share and Forecast, (Executive Summary) Executive Summary

Global Telecommunications Market Take, 1Q03 (Executive Summary) Executive Summary

IT Services' IP Telephony-Related Growth Remains Strong Through 2007 (Executive Summary) Executive Summary

Firewall and IP Virtual Private Network Equipment: Worldwide, 2002 (Executive Summary) Executive Summary

NGN: Enterprise IP Telephony

IT Services: Identifying the Addressable Markets for Telecom Operators (Executive Summary) Executive Summary

Survey of Mobile Phone Users in Poland and Russia, 2003 (Executive Summary) Executive Summary

FICON Drives Fibre Channel Security

Push-to-Talk Brings Voice-Based Instant Messaging to Europe

Worldwide 2002 Security Software Market and Vendor Shares (Executive Summary) Executive Summary

Mobile Terminals: Middle East, (Executive Summary) Executive Summary

DBMS Software Market Forecast, (Executive Summary) Executive Summary

Europe Wants Security Software, Despite Tight Budgets (Executive Summary) Executive Summary

Leased-Line Market Thrives in Asia/ Pacific Despite Bandwidth Glut (Executive Summary) Executive Summary

Vertical Market Trends: Western Europe, (Executive Summary) Executive Summary

Trends in Fixed Public Network Services: Finland, (Executive Summary) Executive Summary

IP Backbone Opportunities in Asia/Pacific (Executive Summary) Executive Summary

Wireless Local Loop: Cellular in Waiting? (Executive Summary) Executive Summary

AIOs Displace Single-Function Printers in Latin America

Mobile Terminals: Western Europe, (Executive Summary) Executive Summary

Current and Next-Generation Switching in Asia/Pacific and Japan, 2003 (Executive Summary) Executive Summary

Finding Pure-Play Midtier ESPs: A Two-Step Process

Midsize Business Voice Service Spending Steady for 2003

HDD Head and Media Markets Show Variable Growth and Decline, (Executive Summary) Executive Summary

Worldwide Workstation Shipments Rebound in Third Quarter

Huawei: China's Leading Equipment Vendor Returns to Growth

4Q02 Update: Disk Storage Forecast Scenarios,

Fixed Public Services Trends in CEE and MEA, (Executive Summary) Executive Summary

Public Infrastructure: What s in Store for 2003?

Users and Vendors Speak Out: Authentication and Biometrics

External RAID-Based Storage System Analysis by Form Factor

Semiconductor Market for Data Processing: Asia/Pacific, 3Q03

Mobile Java: A New Opportunity for Data Services (Executive Summary) Executive Summary

Trends in Fixed Public Network Services: Austria, (Executive Summary) Executive Summary

Asia/Pacific: Systems Consolidation, Hype or Reality?

Little Smart, Big Plans: PHS Storms Ahead in China

Spending on Service Provider Routers Begins to Grow in EMEA

Trends in Fixed Public Network Services: Germany, (Executive Summary) Executive Summary

COM I. Keene, B. Hafner

Web Services Take Root in Banks and With Asset Managers

TCPN-WW-CV-0102 Frank Fabricius

China: User Perceptions and Plans for PCs and PDAs in 2003

SONET Links Extend Fibre Channel SANs

Choices Multiply in Midrange and High-End Color Printing

Hardware Decisions for Embedded Systems Design in Asia/Pacific

Ericsson Rolls Out BT Next-Generation Switching Network

2002 Semiconductor Equipment Market Share Analysis (Executive Summary) Executive Summary

Apple Computer Unveils New Hybrid X Server Operating System

Final 2002 Asia/Pacific Semiconductor Market Share by Geographical Area (Executive Summary) Executive Summary

CIO Update: Security Platforms Will Transform the Network Security Arena

4Q03 Update: Wireless Communications Semiconductor Forecast,

Nortel Networks Optivity Policy Services

South Korea Ponders Its High-Speed Future

Can you wait until 2010?

Security for SIP-based VoIP Communications Solutions

These patterns include: The use of proprietary software

Asia/Pacific and Japan: Optical Network Equipment Market, (Executive Summary) Executive Summary

Should You Use Liberty or Passport for Digital Identities?

NetIQ's VoIP Management Products

What is SIP Trunking? ebook

DPRO Kimberly K. Hiller, Gerald Arcuri

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

2018 Trends in Hosting & Cloud Managed Services

4Q03 Update: Global Semiconductor Forecast Scenarios

Real-time Communications Security and SDN

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Ending the Confusion About Software- Defined Networking: A Taxonomy

Host-Bus RAID Controller Worldwide Market Share, 2002 (Executive Summary) Executive Summary

Mobile Phones, Poor Economy to Dampen PDA Market to 2007

14th Edition. Global Macrocell Radio Transceiver (TRx) Unit Market Analysis and Forecast, April 2018

RID IETF Draft Update

Internet Peering Agreements Evolve

Firewalls for Secure Unified Communications

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Datacenter Cooling Market Map 2016

Sybase Executes on Its Partnership Strategy

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Enterprise Data Architecture: Why, What and How

Best Practices for Deploying Web Services via Integration

Ingate SIParator /Firewall SIP Security for the Enterprise

Storage Network Infrastructure Market Definitions and Forecast Methodology Guide, Gartner Dataquest Guide

The Case for Secure Communications

Continuing Weakness in Public Infrastructure Markets

DISRUPTIVE TECHNOLOGIES IN THE DATACENTER

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Production Surge Boosts Automotive Semiconductor Market

Leveraging China's Memory Market Opportunity

Cisco Webex Cloud Connected Audio

Secure Communications on VoIP Networks

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Storage Network Infrastructure FC SAN Components Guide, Gartner Dataquest Guide

Maintaining High Availability for Enterprise Voice in Microsoft Office Communication Server 2007

Configuring Symantec. device

Midsize Businesses Slowly Warm Up to Storage Services

Many Challenges Remain for Mobile Communications

Asia/Pacific: Embedded Systems Design, Software Decisions

Guide to Fixed Public Network Services: Western Europe, Gartner Dataquest Guide

Transcription:

Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place by mid-2004 and carriers will offer secure services by 2010. By Andy Rolfe Recommendations Equipment vendors and carriers must recognize the importance of standards to the nextgeneration network (NGN) and contribute to the development of robust and timely specifications. Enterprises should be aware of the risks of premature adoption of open, packet-based networks for simple communications. Carriers and enterprises need to be sure that security measures in the NGN are adequate and effective before using the technology. Publication Date:21 February 2003

2 NGN: Carriers and Vendors Must Take Security Seriously Introduction Today's public switched telephone network (PSTN) is inherently secure. Individual telephones can originate only very simple control messages. Control instructions cannot easily masquerade as voice content. Digital access from a private branch exchange (PBX) has strictly limited ability to send control messages. And carriers' core signaling system (known as SS7) is protected from external access. These security features will be lost as networks migrate to the next-generation network (NGN), which will be founded on packet-based architectures. This type of architecture is currently vulnerable to many forms of malicious activity. But the industry is working to address its vulnerabilities and Gartner Dataquest expects the first set of comprehensive standards to be completed during 2004, with products following in 2005. Security in the Network for 2010 By 2010, the PSTN will have moved from the current connection-oriented, voiceoptimized service to a packet-based architecture supporting seamless integration of many different media and content types. Implementation of the NGN will be an evolutionary process, and protection from vulnerabilities will need to be embedded in much of the new infrastructure. Carriers offering network services based on Internet Protocol (IP) will not only need to protect their infrastructure from attacks, but will also be expected to protect their customers' end-systems. By 2010, monitoring and preventing security and denial-of-service attacks will have become a significant part of the roles of national and international carriers. Indeed, Gartner Dataquest expects governments to mandate minimum levels of security from carriers well before 2010. The architecture of the network in 2010 will incorporate protection against vulnerabilities at every level. All external interfaces will be secured, be they to customer equipment, the traditional PSTN or other IP networks, including the Internet. Every component of the infrastructure will be "hardened" against intrusion and denial-of-service attack. Finally, all vulnerable control and communications traffic will be encrypted. Points of Contact With the Internet The NGN will be logically separate from the Internet, but there will be many points of contact between the two, including: Formal NGN-to-Internet connections. Probably implemented at each NGN carrier, these will allow users of voice on the Internet to communicate with NGN users. Global IP control links. The NGN will need to be part of the global IP address space, requiring links from the Domain Naming System (DNS) to the NGN and the Internet. Links at every customer's premises. These will include devices used for Internet and NGN communications (for example, soft phones and PCs in contact centers). 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. 21 February 2003

Internet Vulnerabilities Attacks on an IP network infrastructure rely on the need for at least some of the infrastructure's components to be visible to end-systems. IP communication is not feasible without end-system visibility of at least the domain name servers and a default router both potentially vulnerable infrastructure components. Common attacks exploit potential known weaknesses in equipment, including "buffer overflow," "infinite routing table" and weaknesses in the Simple Network Management Protocol (SNMP). Once control has been gained of a router or domain name server, access to other components in the IP infrastructure is possible. An IP infrastructure allows any device to communicate with any other device. To be accessible, hosts and servers advertise their presence through the DNS. The structure of domain names, IP addresses and e-mail addresses makes it relatively easy for hackers to guess the names and addresses of connected resources. End-systems are potentially vulnerable to intrusion attacks, viruses and denial-ofservice attacks. 3 Challenges for the NGN Network Address Translation Many enterprises use Network Address Translation (NAT) at the boundary between their private network and the Internet. However, the Session Initiation Protocol (SIP) that the NGN will use to locate users and set up calls will not work through many current routers or firewalls that implement NAT. There are (unfortunately) many different ways to solve the SIP and NAT firewall problem, but none is yet a standard. Session Initiation Protocol There are security vulnerabilities associated with SIP itself: SIP messages are, by default, sent in plain, unencoded text, and are therefore easy to intercept and alter. There are some security options in SIP, and SIP messages can also use other security and encryption protocols. However, there is currently no method for SIP entities to securely negotiate what security mechanism they will use. This leaves SIP vulnerable to "man in the middle" and other attacks that force the use of low levels of security, which are easily breached. These problems and privacy issues are being addressed by the Internet Engineering Task Force (IETF). Reliable Transport Protocol Calls in the NGN will be carried by the Reliable Transport Protocol (RTP). This protocol is vulnerable to interception and alteration of, for example, source or destination addresses. Without encryption of RTP calls, the NGN will be unable to offer protection from identity theft or alteration of call contents. Early proposals do specify an "interim" encryption scheme, but also state that lower-layer protocols are expected to provide security in the future. As with many other security vulnerabilities, there is no clear standard for RTP security. Code and Script Attacks Real and soft IP telephones and PBXs are potentially vulnerable to attack from executable code or scripts. These could be used to manipulate users or NGN interfaces, or to propagate other types of attack, such as distributed denial of service. 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. 21 February 2003

4 NGN: Carriers and Vendors Must Take Security Seriously Gartner Dataquest expects to see widespread attempts at theft of service, where hackers divert the telephone services of legitimate subscribers to their own uses. IP-based voice services will require protection similar to the firewalls and malicious code protection that protect corporate data networks. Over-the-air upgrades and any area where users or administrators can download executables represent potential attack paths. Risks are also inherent in downloads of scripts written in Extensible Markup Language (XML). These and others are being addressed by the IETF's media gateway control standards. Transition to a Secure NGN Gartner Dataquest believes that, by 2010, there will have been much progress toward a secure NGN, and maintaining security will have become a significant part of carriers' roles. Governments and other organizations will become increasingly involved in defining and promoting NGN security. We expect several developments by 2010: Standards The first set of comprehensive NGN security standards should be completed during 2004, with standards-compliant products appearing in 2005. Certification Independent certification for NGN security will have emerged. Industry agreements Carriers will agree on secure integration or standardization of systems for authentication, authorization and access (AAA). Ways of integrating carrier and enterprise AAA systems will also emerge. Product developments Appropriate elements of the NGN security architecture will be integrated into the infrastructure. There will be voice-over-ip-aware, firewall-like barriers to the Internet and other carriers. There will be constraints on the propagation of XML, including XML codesigning. Service processes Carriers will have established and gained experience of operational security procedures. Carriers will use sophisticated, highly responsive systems for testing, monitoring and detecting intrusion. Carriers will collaborate globally to monitor for, detect and prevent the propagation of new attacks. 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. 21 February 2003

2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. 21 February 2003 5

6 NGN: Carriers and Vendors Must Take Security Seriously This document has been published to the following Marketplace codes: TELC-WW-DP-0312 For More Information... In North America and Latin America: +1-203-316-1111 In Europe, the Middle East and Africa: +44-1784-268819 In Asia/Pacific: +61-7-3405-2582 In Japan: +81-3-3481-3670 Worldwide via gartner.com: www.gartner.com 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. 113053

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback