North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The view from the other side of the fence
This was the industry view 2 years ago. In light of the technological advances that have been made in the last 2 years regarding the profileration of packet-switched voice traffic I'm interested to see what the community thinks. Let's face it as the industry moves towards a more converged state, we haven't even really begun to consider the security implications that present themselves in this new enviroment. -Scott On Sun, 10 Mar 2002, Sean Donelan wrote: > > > IV. SS7 SECURITY ISSUES > > Dave Henderson (SEVIS Systems) gave a presentation entitled, "Public > Switched Network is Now Really Public (Attachment 4)." Dave noted he has > spent a number of years working in information warfare and protection. He > noted that his work addresses issues on network security and open network > connection. > > Points Noted > > 10. Dave noted there are concerns with reliability of equipment. He > noted that while the PSTN was formerly relatively closed, it is now wide > open. > > 11. Dave noted in the past, the internet was relatively safe; however > recent events have opened security issues while teaching vulnerability > lessons. He noted that with an increase in network users, there is also > an increase in vulnerabilities identified by users and decreased ability > to control the network. > > 12. Dave reviewed the emerging threats to the PSTN. He noted the cost > resulting from fraud is presently $12 billion and growing. With the rapid > development of technology, there is less time for adequate testing. He > noted that the quality of intruder tools is improving and they are > becoming more available. He further noted hacker magazines are writing > SS7 articles. > > 13. Dave reviewed some of the major threats to individual networks. > Among these he noted theft of SS7 service (calling card numbers, wireless > fraud and rerouting of call traffic) and denial of service. > > 14. Dave noted the solutions that are presently available for > addressing security issues are inadequate. He noted the present gateway > screening capabilities are unreliable, there is no standard security > guideline for interconnection, there is a progressive skills gap, and > there is currently no mechanisms to control or authenticate traffic on the > network. > > 15. Dave noted the networks are very fragile with a tremendous number > of vulnerabilities. > > 16. Dan noted if the network was compromised by a problem caused by a > new piece of equipment, this could be devastating to a company's > reputation. > > 17. Dave noted in order for convergence to take place interoperation > with different transport and signaling technologies is imperative. > > 18. Dave noted the industry needs to be more proactive in addressing > the security issues in order to avoid having the government impose > mandates and to ensure the US is protected from information warfare > attacks that could result in the draining of bank reserves and the cutting > off of power sources. > > 19. Dan noted that like interoperability testing, security testing > discoveries provide insurance against issues that arise. Unfortunately, > until problems arise, people are not quick to act. > > >
|