The convergence of telecom networks on IP may have brought about an unprecedented ability to roll out new and flexible services, but it has also brought an increasing number of security risks that require service providers to take proactive steps on many fronts. Now that converged networks carry voice, data, web access and email, something like a denial of service attack can disrupt every service, not just one. Why‾ Because the protocols used in IP networks are all based on publicly available standards, and detailed information on their operation is available to anyone.
Since IP networks are much more vulnerable to attack than circuit-switched networks, this Telecom Insights guide looks at specific security precautions that telecom service providers need to address, including how to protect e-mail and VoIP services. The trick is making each protective technique appropriate for the service it is protecting.
In this series:
Telecom network security requires constant vigilance
E-mail security protocols add service provider requirements
Short-circuiting hackers' SIP-based VoIP attacks
| Telecom network security requires constant vigilance by David B. Jacobs |
|---|
The variety of security threats faced by telecom providers has increased as they have expanded their offerings beyond circuit switched voice. Telecoms have dealt with service theft for years, but today's threats can be much more damaging than the payphone coin thefts of yesterday.
Threats can take the form of denial of service attempts in which an attacker disrupts operation of the network itself. Since the same converged network carries voice, email and web access, all are blocked by an attack.
The increase in threats is due to two factors:
- IP networks are more vulnerable to attack than circuit switched networks
- Each Internet-based service can be attacked in specific ways. Service providers must employ protective techniques appropriate for each service.
IP network vulnerability
The protocols used in IP networks are all based on publicly available standards. Detailed information on their operation is available to anyone. Security issues and problems are freely discussed on the Internet. Information and software tools for hackers are openly offered.
Network elements such as DHCP servers, DNS servers and routers must be accessible to customer equipment to provide service. Customer access to this equipment makes it possible to try to gain control by methods like guessing administrator passwords.
Even when administrator access is blocked, other techniques like SNMP can be used to gain information about configuration details and revision levels. Network equipment vendors frequently publish notices describing security problems in a specific revision level. Any network element that is not immediately updated following a security notice is therefore vulnerable to attack.
The worldwide nature of the Internet means that threats can come from anywhere -- from Russian hackers collecting ransom from a UK betting firm to stop its denial of service attack to Chinese hackers breaking into U.S. department store systems to steal credit card information. The difficulties of working across national boundaries often make apprehending and prosecuting attackers difficult or impossible.
Of course a variety of Internet services equals a variety of attack possibilities. Each service available via the Internet has attracted attacks.