Secrets When Buying a Signaling Firewall (SS7)

Reporting of security vulnerabilities in networks SS7 and Diameter it has been well documented; most operators have already taken some form of action to protect their networks and subscribers. However, these measures vary widely in terms of method and efficiency; as more operators are monitoring their networks, reports of attacks are on the rise. The truth is, most operators have not yet implemented comprehensive signaling firewall solutions in their networks.

This is fortunately changing, 2019 is set to mark a point of no return; many operators should move away from stop-gap reporting solutions and invest in firewall reporting. With many options on the market; identifying the criteria for choosing the best solution can be a difficult task. To help you narrow down your options, we've outlined seven important considerations for choosing the right signaling firewall solution for your network.

1. Cover the basics - comply with GSMA guidelines

GSMA has published a set of guidelines for addressing the safety of SS7 and diameter; including firewall recommendations (GSMA FS.11 and GSMA FS: 19). The guidelines are the result of a joint effort between; leading security experts of mobile operators and telecommunication security distributors in the GSMA Anti-Fraud and Security Group (FASG). Together they represent the main reference point for signaling network security in the telecommunications sector.

Recommendations are an invaluable standard for evaluating signaling firewall options; exist to enable traders to make an informed decision. Therefore, the first step in ensuring that you are properly protecting your network is to make sure you choose a signaling firewall that complies with GSMA guidelines.

2. Protect yourself from new threats

While a GSMA-compliant signaling firewall solution is highly recommended; adherence to the guidelines unfortunately does not guarantee complete protection. In addition to the reporting attacks that the GSMA guidelines primarily address; Malformed packet attacks are a new and growing class of attacks that have been shown to cause high-impact security breaches. Bad packet attacks in SS7 and Diameter signaling networks have the potential to take complete control over network elements by allowing remote interception; user tracking, persistent denial of service, traffic modification and even complete network collapse.

Watch our webinar on hijacking network elements on SS7; a new type of attack for more information on how these attacks threaten signaling networks. To ensure that your network is protected from as many threat scenarios as possible; make sure that the firewall solution you choose is able to protect against all types of known attacks.

3. Maximize the impact of your investment

The right security measures in your network will protect you from disaster scenarios and protect your revenue streams. However, investments in security infrastructure do not always have a direct and obvious impact on profits. Competing resources mean that operators must ensure that their investments have the greatest possible impact. When quantifying risks based on real-world attack scenarios, SS7 still represents by far the largest potential attack surface followed by Diameter.

Together they represent the highest chance of attacks successfully penetrating a network via signaling links. Prioritizing SS7 and Diameter security when investing in your firewall will ensure that you spend your money where it makes a difference today, while safeguarding the revenue streams you rely on tomorrow.

4. Make sure you get a quality telco product

Reliability is one of the most important aspects of any Telco network, so it makes sense that the reliability of the security solution must also be Telco level. The five nines indicator can be considered a standard in the telecommunications industry and should be expected for any signaling firewall security solution. In addition, high availability and redundancy should be provided as standard where the vendor's hardware is always backed up.

5. Go with an approved industry leader

While most operators have not yet implemented a complete signaling firewall solution, there are a few. Collective knowledge of these traders is an invaluable indicator for evaluating options on the market. The Roaming Consulting Company (ROCCO) released an independent report in which they compiled feedback from fifty-seven mobile network operators on twenty-two signaling firewall vendors. The report ranks each vendor into a broad range of KPIs, including performance, value, and leadership. This report is an important resource for making a signal firewall choice, and it's always a good idea to draw on the wisdom of fellow industry experts.

6. Choose a partner who is one step ahead of the game

As the security community identifies new threats and creates more advanced tools to protect themselves, malicious players continue to find new ways to penetrate these defenses. This cycle requires security vendors not only to provide updates to their security solution, but also to do so as soon as possible to limit possible threats. In order to offer a top-of-the-line product that ensures maximum network security, the vendor must be at the forefront of the game by proactively seeking new vulnerabilities instead of retroactively trying to fix them after the damage has been done.

Deciding on a signaling firewall solution should be the first step in partnering with the vendor, and operators should commit to seeking active partners in security research reporting. Vendors with an emphasis on research and development, present at security events and have a long track record of contributing to responsible disclosure programs such as GSMA's Coordinated Vulnerability Disclosure Program will likely be in a better position to add value to partnership while also protecting against future threats.

7. Think green

In a world where the environmental impact of businesses has become increasingly important to both the businesses themselves and the customers they serve, operators must also consider the environmental credentials of the suppliers they work with. In the telecommunications industry, individual instances of energy-starved network infrastructure have become the proverbial elephants in the room, but solutions such as virtualization of network functions and consolidated SS7 and Diameter firewall implementations give operators the ability to lead the industry in the right direction. By considering qualities such as these and recognizing internationally recognized and reputable corporate social responsibility accreditations, practitioners themselves can play an important role in contributing to a sustainable future.

The need to effectively protect the network from signaling attacks is increasingly recognized by both operators and subscribers. It is promising to see a trend where the telecom industry is taking action against these vulnerabilities by opting for comprehensive signaling firewall solutions. With many signaling firewall options available on the market, this guide should help you make the best choice for your network.