Next-Gen Security Strategies for Mobile Network Infrastructure
|出版日||ページ情報||英文 59 Pages
|モバイルネットワークインフラのための次世代セキュリティ戦略 Next-Gen Security Strategies for Mobile Network Infrastructure|
|出版日: 2010年11月19日||ページ情報: 英文 59 Pages||
Mobile network security has always been a multi-layered issue, but it is becoming ever more complex in the transition to mobile broadband. Until recently, the mobile industry has been relatively removed from the threat of cyber-attacks. While low-level fraud has been with the mobile industry since its inception, until now it has been possible to treat it as a minor irritant.
Several things are now happening at once to increase the threat to mobile networks. Cyber-attacks are gaining a higher profile in the communications industry, as well as across society in general. Meanwhile, the rollout of advanced mobile broadband services has put mobile operators on the road toward becoming full data-oriented ISPs, which will expose the mobile network to a variety of new security challenges. On the network side, the transition to end-to-end IP represents a paradigm shift in risk management. And after an incredible 20 years, the first A5/1 GSM encryption algorithm is finally looking vulnerable to being cracked in a potentially significant way.
So where mobile network security was once taken for granted, operators, infrastructure vendors, handset vendors, and application providers are being called to account as never before and asked for reassurance, near-term solutions, and long-term roadmaps that will ensure that the next 20 years of the mobile industry' s evolution are built on as secure a platform as the first.
Vendors of network security products such as firewalls and intrusion protection systems, as well as solutions for mobile handset security, report strong demand for their products. While the network security product landscape is extremely rich and diverse, the one thing all these dedicated products share is that they are there to compensate for the vulnerabilities inherent in the primary network infrastructure.
In contrast, this report looks at what primary infrastructure vendors can do to correct the security vulnerabilities in their own RAN, switching, router, and transmission equipment, as well as introduce new security features into their portfolios. The report focuses on the secure development and design practices, as well as security feature roadmaps, of the primary incumbent infrastructure vendors that account for the lion' s share of mobile operators' annual capex on network infrastructure: Ericsson, Nokia Siemens, Alcatel-Lucent, Juniper, Tellabs, and Huawei. Cisco Systems was also invited to participate, but formally declined to do so.
Drawing on responses to a detailed Heavy Reading survey, the report explores variations in these major vendors' security practices relating to the product development process itself. It looks at best-practice design features in specific products that enable operators to protect their networks and potentially reduce their dependence on dedicated security products. The report also highlights specific vendors that are showing leadership in key areas of securing primary network infrastructure products.
Because of this approach, the report does not cover the market in dedicated security products and solutions, such as security firewalls, intrusion detection and intrusion prevention systems, SBCs, other security gateways, and test equipment. The report does not address issues relating to the security of end-user devices, nor the security of the operator' s customer-facing portals, which have featured prominently in recent security breaches.
Next-Gen Security Strategies for Mobile Network Infrastructure is focused on what can be done to secure the mobile network infrastructure itself. It examines security best practices among the primary suppliers of mobile infrastructure equipment, analyzing their internal product development processes and the measures they take to prevent breaches of those practices. The report explores security-first product design features relating to the specific requirements of the mobile network, including the design of testing methodologies, logging mechanisms, and ease of patch implementations. The report also presents the challenges and vendor roadmaps for supporting 3GPP security features, such as the A5/3, SNOW, and EEA1/EEA2 algorithms, as well as IETF protocols such as IPV6.