Weakest link

Operators must take a comprehensive look at their networks to ensure maximum security as they migrate towards IP architecture.

  • E-Mail
By  Roger Field Published  May 9, 2009

Operators must take a comprehensive look at their networks to ensure maximum security as they migrate towards IP architecture.

While telecom professionals are familiar with the many benefits brought by advances in technology, from 3G to IP networks and LTE, less attention is paid to the huge security challenge that accompanies this progress.

But those involved in helping prevent harm to telecom networks from threats including malware and internal fraud are convinced that the changing nature of telecommunications demands a shift in mindset from operators.

Part of the challenge is that while the traditional legacy TDM networks faced mainly localised threats, modern telecom operations face threats from multiple sources around the world.

The shift towards IP architecture means that telecom operations are exposed to all types of malware across the entire network, while the proliferation of mobile devices such as the Blackberry and iPhone mean that valuable data can easily fall into the wrong hands if a device is a lost, stolen or hacked.

One person familiar with the complex nature of the security challenge facing operators is Stephen Sargood, solution architect, carrier networks, for Nortel in the EMEA region.

In terms of the actual network, Sargood says that one of the main challenges operators face is that as they migrate towards IP architecture, the entire network is potentially more vulnerable to attack, as multiple services are essentially on the same platform.

"When we get into a VoIP world, from the security point of view, you have got all of your ONM (optical network management), signaling and media all into one pipe," Sargood says. "That is the first thing to think about when moving to VoIP."

One of the main threats that IP operators tend to focus on is denial of service attacks, according to Sargood. This type of attack, in which an individual or group of people tries to force a network into an overload situation in order to prevent legitimate traffic from using the network, is a particular concern because they have a direct and immediate effect on revenues and network quality.

"Typically most operators are concerned about denial of service, because it affects their revenue streams. So if their network is being attacked by someone who has totally taken over the network with illegitimate traffic, the real traffic, the real traffic that they make their money from can't come through."

To counteract this type of attack, Sargood says operator should work to a programme of "security in depth" whereby the entire breadth of the network is scrutinised and potential threats of all types are filtered as early as possible.

"There are different places where you put protection in place. You start at the edge of the network. For denial of service attacks, one of the things you want to do is get rid of the illegitimate traffic as close to the edge of the network as you can. If the denial of service makes it to the call server you have carried all of that illegitimate traffic through your entire network, so you need to intercept it at the edge of the network," he says.

Sargood, whose team works with operators including STC, Du and Telecom Egypt, says that one of the basic premises a service provider has to make is that anybody connecting to the network from the outside world is an untrustworthy connection.

"You have to put the user through various authentication methods depending on what protocol method you are using, by putting out session border controls or other devices at the edge of the network," he says.

Operators can also limit points of entry for attacks by turning on only those services and ports that are actually required. "On our platform we don't need to run any mail applications, so there is no point having a mail server running. On the actual platform, you should close the applications you don't need," he adds.

Operators should also know who exactly has access to switches, so that they know who has access to the network. "We have to make sure that when someone connects to a switch to make a change, we know who they are. Also we encrypt all that information going between that person's PC and the network."

Operators can also work toward centralising access to the network, so that all input from technicians goes through a central point, Sargood adds. "We establish one central point where all of the users enter.

"Then we fan out from there as opposed to the users going to all the network elements directly. They go through a central point. The whole point is to keep the switch up and running and generating revenue," he adds.

Tareque Choudhury, head of business continuity and security practice, BT Group, Middle East and Africa, adds that "a huge influx" of malware continues to be a headache for operators. He says that while operators are aware of the problem, they could benefit from focusing more attention on the threat.

"As these telecom operators are building their next generation networks, they are becoming more exposed to the malicious hackers who are creating this malware, viruses and spam."

Operator’s perspective: Turk Telekom and Zain Group

Turk Telekom is one operator that has risen to the challenge of ensuring its network is well protected. Security became more challenging for the Turkish incumbent as it progressed to using a combination of different technologies such as wired and wireless, as well as moving further into IP with the introduction of IPv6.

The company is handling security threats with a security program incorporating risk analysis, security policy and procedures compatible with ISO/IEC 27001. It has implemented technologies such as firewall, intrusion prevention systems, network security scanning and monitoring.

"Firstly, we determine some prevention methods for the threats we detect in the risk analysis. Then, we initiate the appropriate process for handling threats and risks," says Cengiz Dogan of Turk Telekom.

"To prevent from network attacks, we make the necessary security configuration on network devices that are distributed in the field according to security standards. For central systems, we use firewall and IPS. 20 people work on our network protection strategy."

He added that the most critical attacks for operators are denial of service attacks, worms such as SQL slammer, spam, phishing, viruses and vendor-specific bugs.

Zain Group meanwhile has a group-wide information security policy aligned with industry best practices (ISO 27001, BS 25999 and BS25777) to ensure that proper measures and controls are being implemented to secure of its networks in the Middle East and Africa, according to Abdul-Ghaffar Setareh, group risk director, Zain Group.

"On an operational level, every one of our 23 operations has a risk function owning and implementing controls and measures specific to that operation, depending on size, services, topology and complexity," he says.

"We perform regular audits and reviews, internal and external penetration testing, as part of the business continuity management strategy, ISO certification and internal audit requirements. This enables us to detect any deficiencies in our defenses."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code