The technological and operating standards on which modern telecom/mobile networks are based, dates back to the SS7 standard which was developed in the 1970s. At that time, safety protocols involved physical security of hosts and communication channels, making it impossible to obtain access to an SS7 network through a remote unauthorized host. In the early 21st century, a set of signaling transport protocols called SIGTRAN were developed. SIGTRAN is an extension to SS7 that allows the use of IP networks for the transfer of messages. However, even with these new specifications, security vulnerabilities within SS7 protocols remained.
As a result, a malicious assailant is able to send, intercept and alter SS7 messages by executing various attacks against mobile networks and their subscribers.
CyberNoesis has developed methodologies to assist its clients in the following areas:
- Infrastructure Protection
- Radio Access
- OSS/BSS
- SS7/SIGTRAN
- VAS/MSS
-
Review of security settings around key network elements (HLR/AUC, MSC, IN, GGSN/SGSN, SS7 etc)
-
Security review of interfaces with VAS and OSS/BSS elements
-
Review of network segregation
-
Encryption & ciphering standards
-
Organisational review of security strategy and management
-
Security incident reporting & escalation practices
Telecommunications today, rely on technologies that were developed decades ago, when security was not really a concern...