The view from the other side of the fence

Sean Donelan sean at donelan.com
Sun Mar 10 05:46:50 UTC 2002



IV.	SS7 SECURITY ISSUES

Dave Henderson (SEVIS Systems)  gave a presentation entitled, "Public
Switched Network is Now Really Public (Attachment 4)."  Dave noted he has
spent a number of years working in information warfare and protection.  He
noted that his work addresses issues on network security and open network
connection.

Points Noted

10.	Dave noted there are concerns with reliability of equipment.  He
noted that while the PSTN was formerly relatively closed, it is now wide
open.

11.	Dave noted in the past, the internet was relatively safe; however
recent events have opened security issues while teaching vulnerability
lessons.  He noted that with an increase in network users, there is also
an increase in vulnerabilities identified by users and decreased ability
to control the network.

12.	Dave reviewed the emerging threats to the PSTN.  He noted the cost
resulting from fraud is presently $12 billion and growing.  With the rapid
development of technology, there is less time for adequate testing.  He
noted that the quality of intruder tools is improving and they are
becoming more available.  He further noted hacker magazines are writing
SS7 articles.

13.	Dave reviewed some of the major threats to individual networks.
Among these he noted theft of SS7 service (calling card numbers, wireless
fraud and rerouting of call traffic) and denial of service.

14.	Dave noted the solutions that are presently available for
addressing security issues are inadequate.  He noted the present gateway
screening capabilities are unreliable, there is no standard security
guideline for interconnection, there is a progressive skills gap, and
there is currently no mechanisms to control or authenticate traffic on the
network.

15.	Dave noted the networks are very fragile with a tremendous number
of vulnerabilities.

16.	Dan noted if the network was compromised by a problem caused by a
new piece of equipment, this could be devastating to a company's
reputation.

17.	Dave noted in order for convergence to take place interoperation
with different transport and signaling technologies is imperative.

18.	Dave noted the industry needs to be more proactive in addressing
the security issues in order to avoid having the government impose
mandates and to ensure the US is protected from information warfare
attacks that could result in the draining of bank reserves and the cutting
off of power sources.

19.	Dan noted that like interoperability testing, security testing
discoveries provide insurance against issues that arise.  Unfortunately,
until problems arise, people are not quick to act.





More information about the NANOG mailing list