• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT News - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Trending Tech
  • Subscribe
 

You are here:

  • Home
  • 4G
  • Have you evaluated potential risks before VoLTE launch?

Have you evaluated potential risks before VoLTE launch?

15 November, 2016 at 2:34 PM

Posted by: VanillaPlus

Have you evaluated potential risks before VoLTE launch?

New security threats call for a security validation process

Is your organisation up-to-date with the new threat landscape of all-IP networks? Are you aware of the trend in the increase of sophistication of attacks and the counter measures and tools available? Have you evaluated your current threat situation? Have you considered that 4G & VoLTE will also expose your network to new threats due to interconnect, national or international roaming and IoT?

Three years ago, Blue Telecom Consulting (BlueTC®) partnered and started working closely with NextGen Inc., a leading network security vendor in Japan and a pioneer in offering IMS and Voice over IP (VoIP) solutions to telecom operators. As its Service Partner in Europe we have become leaders in the telecom network security area and have held numerous meetings with operators throughout the region. Currently we are capitalizing on this experience by contributing to an industry level initiative that intends to provide a common set of guidelines in this complex area.

Network nodes can have their own vulnerabilities

The fraud aspects of Voice over LTE (VoLTE) Voice over Wi-Fi (VoWiFi) have been highlighted at numerous industry conferences and in telecoms media, but with less attention paid to potential risks against the IMS Core (IP Multimedia Subsystem). ​The latter, if targeted and not being properly secured, could impact the service and cause interruptions or performance degradations. Even if operators have gone to great lengths to secure their networks thoroughly, we have entered a new era where new applications and advanced services are running on their mobile networks and systems. Thus, BlueTC recommends that the full range of security aspects is dealt with in-depth and in a comprehensive way by operators. This implies taking a holistic view and having IT security professionals work side by side with telecom security professionals, and avoiding silo thinking.

Miguel Angel Garcia Matatoros

Miguel Angel Garcia Matatoros

Also, due to the transition from circuit switched to all-IP networks, we believe mobile operators are facing new and different types of security risks and vulnerabilities for which common solutions like Session Border Controllers (SBCs) and its security functions might not be fully sufficient. The SBC protects the edge of the networks and is resistant to many types of security threats, but by definition the SBC itself is a network node, so it cannot know and monitor its own vulnerabilities, like misconfigurations.

Top management must take ownership

In the course of many customer meetings, we have observed that some operators have still to realise and also recognise that additional security processes and validations could be required. These processes need clear ownership and accountability within the operator organisation.

The Chief Security Officer (CSO) and security department need to ensure that best practice is considered from the design through to the operational phase. The added value of performing security validations upfront is that simulations of various kinds of attacks will reveal potential risks, which is necessary in order to know the level of protection a system really holds.

This means the products and services need to have this built into any deployment schedule already in the planning phase. Early, preventive measures like testing in labs are normally more cost effective than to discover issues during launch phase or in full production with growing volumes.

If this has not been addressed within your company, there is a risk that you are unaware of unidentified threats that your network is exposed to, which could have unintended and unforeseeable consequences.

External security validations

Best practice normally requires engaging specialist, third party consultant organisations that can bring in their expert knowledge, methodologies and tools. To start with, it is imperative to have an updated threat library with an extensive number of theoretical and known threat cases. We also recommend that IMS/VoLTE security validations are performed against such a library.

The ideal validation service should be both time and cost efficient. For security reasons, the validation process must be carried out against a lab configuration which should mirror production. Therefore, reserving time for planning and lab testing is essential. The upside being that for the aggressive, stress testing protocols the lab only needs to be isolated and dedicated for a very limited number of hours.

Apart from having access to up-to-date threat libraries, the most important value to the operator of an external validation service lies in the expert analysis of the results. Interim results will normally be reported daily while conclusions and recommendations for countermeasures are thoroughly prepared in a final report. The threats are classified by severity using the Common Vulnerability Scoring (CVS) system that gives a good overview and permits handling the most pressing issues first.

Such a process provides the management of the operator organisation and the CSO with a powerful, repeatable and tangible framework for understanding the threat and risk landscape of the network.

As the threat landscape changes over time, operator organisations will need to review and revalidate their system configurations, etc. as a continuous improvement process.

An advanced monitoring system for attack prediction 

Once VoLTE or VoWiFi has been launched, it is strongly recommended that operators monitor risks as a complimentary solution to the SBC. The most advanced monitoring systems are based on machine learning and advanced analytics techniques. These systems have already started to play a key role, as they provide an effective way of anticipating attacks. This is done e.g. by identifying attack patterns and building models for the prediction of attacks which provide early security warnings.

If you would like to discuss the options your company has to verify and improve its network security, BlueTC welcomes non-binding meeting and demo requests. 

The author is Miguel Angel Garcia Matatoros, managing director at Blue Telecom Consulting.


category: 4G, Blog, Companies, News

Tags: attacks, SBC, Security, voLTE

VanillaPlus Q4 Magazine
 

VanillaPlus Issue 4 2022: CSP focus turns to generating revenue from enterprises

As 5G arrives, private networks start to gather momentum and new applications enabled by artificial intelligence (AI), machine learning and software-based network control transform telecoms. VanillaPlus caught up with Sam Barker, the head of analytics and forecasting at Juniper Research, to understand where the opportunities lie for communications service providers (CSPs).

READ NOW

1 Comment

    Suresh Chandra

    Nov 18, 2016, 12:59 pm

    Very much informative and useful.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2022 VanillaPlus - The global voice for telecoms IT. All rights reserved.