The view from the other side of the fence
Scott Madley
scott at xgcic.net
Mon Mar 11 23:41:55 UTC 2002
This was the industry view 2 years ago. In light of the technological
advances that have been made in the last 2 years regarding the
profileration of packet-switched voice traffic I'm interested to see what
the community thinks.
Let's face it as the industry moves towards a more converged state, we
haven't even really begun to consider the security implications that
present themselves in this new enviroment.
-Scott
On Sun, 10 Mar 2002, Sean Donelan wrote:
>
>
> IV. SS7 SECURITY ISSUES
>
> Dave Henderson (SEVIS Systems) gave a presentation entitled, "Public
> Switched Network is Now Really Public (Attachment 4)." Dave noted he has
> spent a number of years working in information warfare and protection. He
> noted that his work addresses issues on network security and open network
> connection.
>
> Points Noted
>
> 10. Dave noted there are concerns with reliability of equipment. He
> noted that while the PSTN was formerly relatively closed, it is now wide
> open.
>
> 11. Dave noted in the past, the internet was relatively safe; however
> recent events have opened security issues while teaching vulnerability
> lessons. He noted that with an increase in network users, there is also
> an increase in vulnerabilities identified by users and decreased ability
> to control the network.
>
> 12. Dave reviewed the emerging threats to the PSTN. He noted the cost
> resulting from fraud is presently $12 billion and growing. With the rapid
> development of technology, there is less time for adequate testing. He
> noted that the quality of intruder tools is improving and they are
> becoming more available. He further noted hacker magazines are writing
> SS7 articles.
>
> 13. Dave reviewed some of the major threats to individual networks.
> Among these he noted theft of SS7 service (calling card numbers, wireless
> fraud and rerouting of call traffic) and denial of service.
>
> 14. Dave noted the solutions that are presently available for
> addressing security issues are inadequate. He noted the present gateway
> screening capabilities are unreliable, there is no standard security
> guideline for interconnection, there is a progressive skills gap, and
> there is currently no mechanisms to control or authenticate traffic on the
> network.
>
> 15. Dave noted the networks are very fragile with a tremendous number
> of vulnerabilities.
>
> 16. Dan noted if the network was compromised by a problem caused by a
> new piece of equipment, this could be devastating to a company's
> reputation.
>
> 17. Dave noted in order for convergence to take place interoperation
> with different transport and signaling technologies is imperative.
>
> 18. Dave noted the industry needs to be more proactive in addressing
> the security issues in order to avoid having the government impose
> mandates and to ensure the US is protected from information warfare
> attacks that could result in the draining of bank reserves and the cutting
> off of power sources.
>
> 19. Dan noted that like interoperability testing, security testing
> discoveries provide insurance against issues that arise. Unfortunately,
> until problems arise, people are not quick to act.
>
>
>
More information about the NANOG
mailing list