The Telecom sector has witnessed huge growth especially in emerging economies of Asia, Africa and South America. This has resulted in rapid expansion of the network, addition of value-added services, and resultant increase in complexity of the entire setup. Often, security can get overlooked or kept on the backburner in the rush to increase market share and reduce costs. However, cyber-criminals don’t care for such economic realities, and they have begun to increasingly target telecom infrastructure, especially as it becomes IP-based with the arrival of LTE.
This combined with increasing regulations towards telecom security have created quite a challenge that telcos are seeking to address. Our experience with telcos have revealed that while there are a variety of security issues – some of these are solvable, while others will remain known risks till cost-feasible measures can be found to address them.
Telecom Security Threats:
Major threats to Telecom Security usually fall into the following categories:
- Phone Fraud – Toll Fraud, Cramming, Telemarketing fraud, War dialing and so on
- Theft - Data theft, network abuse, illegal data interception, unauthorized data modification (in billing or routing based processes)
- Malware - Viruses, trojan horse
- Spam – Sending Spam messages via SMS, MMS
- Denial of Service attacks - Request flooding, DoS attacks against network infrastructure.
- Data leakage – Penetrating billing and CRM systems to extract customer data
Typical Security Challenges
Telcos face the following security challenges:
Major telecom equipment providers are not always the most security conscious infrastructure providers out there. Security hardening documentation is usually sparse and tightly held by the vendors themselves. Resistance to implementing basic security measures comes from not just the vendors but also the Telco’s operational teams for whom the primary purpose, naturally, is to keep the network up and running.
Lack of good testing tools
Most security testing tools are geared towards IP-based equipment and there exist very few tools that can actually test SS7 and SIGTRAN equipment. Here our partnership with P1 Security and the use of their tool P1 Telecom Auditor (PTA) adds significant value to any engagement.
Lack of security know-how
Most security teams in telcos do not yet know what configuration parameters in which equipment can be hardened, and which ones are better left alone. Our teams have undergone telecom security trainings and we work exclusively with telecom security experts from P1 Security to help overcome this challenge.
Absence of proper testing setup
Few telcos have proper test setups where equipment can be scanned and hardened to ensure that vulnerabilities are fixed, yet productivity isn’t being hampered.
Absence of proper monitoring
The regulators require most telcos to put in place effective monitoring systems that can trace each command back to the individual operator along with complete details of the timestamp, system from which the command was run, and the actual user running the command. Our partnership with Cyber-Ark helps us to work with telcos to achieve this objective. Already in use by Bhartia Airtel and other global telcos, Cyber-Ark is the top-rated privileged ID management product in the market today.
Supply chain risks
In today’s global threat landscape, government sponsored intrusions into the integrity of telecom equipment has created concerns for countries across the globe. While some vendors have refused to do business in certain countries, in other countries the regulators have stepped in to ensure each and every equipment is tested in an accredited lab. The efficacy of such measures remains to be seen in the light of vendors protecting their source code and internal workings of the systems. This remains an open risk that is difficult to mitigate effectively.
Case Study of a Telecom Security Engagement
In early 2005, NII was called in by a major telecom provider in the Middle East to review their firewall configurations. Over the years, with the network expanding, the firewall rules had become messy and difficult to manage.
Out of a 100+ firewalls, 20 were chosen based on their criticality, heterogeneity of vendors and purpose. We quickly realised, that the only way to solve the problem was to automate the whole task. Initial attempts with scripting soon led to the creation of a tool to read the firewall configurations, normalize them, and review them for:
- Rules that were not in use (on the basis of hit counts and logs)
- Rules that were redundant to each other
- Rules that were in conflict with each other
- Objects that were not in use
- Rules that were risky or allowed access to sensitive servers
- Objects that were risky (for e.g. large port ranges)
By writing parsers for Netscreen, Cisco, and Cyberguard firewalls, we were able to solve a seemingly insurmountable challenge. For instance, one of the major Netscreen firewalls contained in excess of 15,000 rules! By automating the analysis and ensuring that results were accurate, we were able to bring down the rules to a count of 6,000-odd. Average reductions across the 20 firewalls were around 40% of rules and 50% of objects.
Commands to drop the rules and the objects were also automated. However, given the criticality of the firewalls and the network, the rules weren’t dropped immediately, but disabled and put into monitoring mode. After 48 hours of monitoring, when no hits were observed on the marked rules, they were finally removed.
This entire exercise led to the development of our Firewall Analysis tool – Firesec, which in addition to Netscreen, Cisco, and Cyberguard firewalls also supports Fortinet and Checkpoint firewalls.
Further enhancements have been made by creating ISO 27001 and PCI DSS aligned policies, which are completely customizable.
Contact us to know more how we can help enhance the security posture of your telecom infrastructure.