North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: The view from the other side of the fence

  • From: Scott Madley
  • Date: Mon Mar 11 18:46:42 2002

This was the industry view 2 years ago.  In light of the technological
advances that have been made in the last 2 years regarding the
profileration of packet-switched voice traffic I'm interested to see what
the community thinks.

Let's face it as the industry moves towards a more converged state, we
haven't even really begun to consider the security implications that
present themselves in this new enviroment.


On Sun, 10 Mar 2002, Sean Donelan wrote:

> Dave Henderson (SEVIS Systems)  gave a presentation entitled, "Public
> Switched Network is Now Really Public (Attachment 4)."  Dave noted he has
> spent a number of years working in information warfare and protection.  He
> noted that his work addresses issues on network security and open network
> connection.
> Points Noted
> 10.	Dave noted there are concerns with reliability of equipment.  He
> noted that while the PSTN was formerly relatively closed, it is now wide
> open.
> 11.	Dave noted in the past, the internet was relatively safe; however
> recent events have opened security issues while teaching vulnerability
> lessons.  He noted that with an increase in network users, there is also
> an increase in vulnerabilities identified by users and decreased ability
> to control the network.
> 12.	Dave reviewed the emerging threats to the PSTN.  He noted the cost
> resulting from fraud is presently $12 billion and growing.  With the rapid
> development of technology, there is less time for adequate testing.  He
> noted that the quality of intruder tools is improving and they are
> becoming more available.  He further noted hacker magazines are writing
> SS7 articles.
> 13.	Dave reviewed some of the major threats to individual networks.
> Among these he noted theft of SS7 service (calling card numbers, wireless
> fraud and rerouting of call traffic) and denial of service.
> 14.	Dave noted the solutions that are presently available for
> addressing security issues are inadequate.  He noted the present gateway
> screening capabilities are unreliable, there is no standard security
> guideline for interconnection, there is a progressive skills gap, and
> there is currently no mechanisms to control or authenticate traffic on the
> network.
> 15.	Dave noted the networks are very fragile with a tremendous number
> of vulnerabilities.
> 16.	Dan noted if the network was compromised by a problem caused by a
> new piece of equipment, this could be devastating to a company's
> reputation.
> 17.	Dave noted in order for convergence to take place interoperation
> with different transport and signaling technologies is imperative.
> 18.	Dave noted the industry needs to be more proactive in addressing
> the security issues in order to avoid having the government impose
> mandates and to ensure the US is protected from information warfare
> attacks that could result in the draining of bank reserves and the cutting
> off of power sources.
> 19.	Dan noted that like interoperability testing, security testing
> discoveries provide insurance against issues that arise.  Unfortunately,
> until problems arise, people are not quick to act.