North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
The view from the other side of the fence
IV. SS7 SECURITY ISSUES Dave Henderson (SEVIS Systems) gave a presentation entitled, "Public Switched Network is Now Really Public (Attachment 4)." Dave noted he has spent a number of years working in information warfare and protection. He noted that his work addresses issues on network security and open network connection. Points Noted 10. Dave noted there are concerns with reliability of equipment. He noted that while the PSTN was formerly relatively closed, it is now wide open. 11. Dave noted in the past, the internet was relatively safe; however recent events have opened security issues while teaching vulnerability lessons. He noted that with an increase in network users, there is also an increase in vulnerabilities identified by users and decreased ability to control the network. 12. Dave reviewed the emerging threats to the PSTN. He noted the cost resulting from fraud is presently $12 billion and growing. With the rapid development of technology, there is less time for adequate testing. He noted that the quality of intruder tools is improving and they are becoming more available. He further noted hacker magazines are writing SS7 articles. 13. Dave reviewed some of the major threats to individual networks. Among these he noted theft of SS7 service (calling card numbers, wireless fraud and rerouting of call traffic) and denial of service. 14. Dave noted the solutions that are presently available for addressing security issues are inadequate. He noted the present gateway screening capabilities are unreliable, there is no standard security guideline for interconnection, there is a progressive skills gap, and there is currently no mechanisms to control or authenticate traffic on the network. 15. Dave noted the networks are very fragile with a tremendous number of vulnerabilities. 16. Dan noted if the network was compromised by a problem caused by a new piece of equipment, this could be devastating to a company's reputation. 17. Dave noted in order for convergence to take place interoperation with different transport and signaling technologies is imperative. 18. Dave noted the industry needs to be more proactive in addressing the security issues in order to avoid having the government impose mandates and to ensure the US is protected from information warfare attacks that could result in the draining of bank reserves and the cutting off of power sources. 19. Dan noted that like interoperability testing, security testing discoveries provide insurance against issues that arise. Unfortunately, until problems arise, people are not quick to act.