市場調査レポート

モバイルネットワークインフラのための次世代セキュリティ戦略

Next-Gen Security Strategies for Mobile Network Infrastructure

発行 Heavy Reading 商品コード 139707
出版日 ページ情報 英文 59 Pages
納期: 即日から翌営業日
価格
こちらの商品の販売は終了いたしました。
Back to Top
モバイルネットワークインフラのための次世代セキュリティ戦略 Next-Gen Security Strategies for Mobile Network Infrastructure
出版日: 2010年11月19日 ページ情報: 英文 59 Pages

当商品の販売は、2016年07月01日を持ちまして終了しました。

概要

当レポートでは、モバイルネットワークインフラ保護のためのベンダーによる各種セキュリティ戦略について調査分析し、セキュリティ第一の製品開発・製品設計のベストプラクティス、ベンダーの抱える各種課題・障壁、3GPPセキュリティ機能サポートへのロードマップ、主要ベンダーのプロファイルなどをまとめ、概略下記の構成でお届けいたします。

第1章 イントロダクション・主要調査結果

  • 主要調査結果
  • 調査範囲・構成

第2章 セキュリティ攻撃:新しい動機・新しい技術

  • 新しいタイプの攻撃者の台頭
  • 国と州のサイバー攻撃
  • 政府の第一の義務 & 英国の"White Noise"オペレーション
  • クラウドコンピューティングの影響

第3章 固定&モバイルネットワークにおけるセキュリティ上の課題

  • 顧客・攻撃者のアドレサブル市場
  • サービスプロバイダー間の競合
  • ベンダー固有のブラウザー・OSのアドレサブル市場
  • ブロードバンドのプライシング・セキュリティ攻撃&ユーザーの満足度
  • 固定&モバイルネットワークにおけるアプリケーションの行動
  • 固定&モバイルネットワークにおける設計の脆弱性
  • 固定&モバイルネットワークにおける設計の脆弱性とユーザー行動
  • サマリー:固定&モバイルネットワークのリスクプロファイル

第4章 プライマリーインフラにおけるセキュリティの差異化

第5章 セキュリティを第一に考えた製品開発のベストプラクティス

  • ディベロッパートレーニング&アクセスコントロール
  • ハードウェア&ソフトウェアの仮想化へのセキュアアプローチ
  • 暗号コードサインの利用
  • 第3国&サードパーティへの開発アウトソーシング
  • 政府&オペレーターのソースコードへのダイレクトアクセスの許可

第6章 セキュリティを第一に考えた製品設計のベストプラクティス

  • パッチとレジスターの最適な設計と実装
  • リグレッション・互換性試験
  • トランザクションログのセキュアストレージ
  • トラステッドコンピューティングへの投資
  • RRM(Radio Resource Management)製品のユーザーあたりの状態のサポート
  • ソフトウェアのセキュリティ機能:実装の展望

第7章 セキュリティ機能の需要の拡大

  • エアインターフェースの3GPP暗号化アルゴリズム
  • IPv6のセキュリティ上の課題
  • モバイルネットワークインフラにおけるIPsecのサポート
  • プライマリーネットワークエレメントへのその他のセキュリティ機能の統合

第8章 アプリケーションレベルのセキュリティに向けた動向

  • Google・Apple・Symbian
  • 3GPP 汎用認証アーキテクチャ(GAA)

第9章 ベンダープロファイル

  • Alcatel-Lucent
  • Ericsson
  • Huawei
  • Juniper
  • Nokia Siemens Networks
  • Tellabs

付録

図表

目次

Mobile network security has always been a multi-layered issue, but it is becoming ever more complex in the transition to mobile broadband. Until recently, the mobile industry has been relatively removed from the threat of cyber-attacks. While low-level fraud has been with the mobile industry since its inception, until now it has been possible to treat it as a minor irritant.

Several things are now happening at once to increase the threat to mobile networks. Cyber-attacks are gaining a higher profile in the communications industry, as well as across society in general. Meanwhile, the rollout of advanced mobile broadband services has put mobile operators on the road toward becoming full data-oriented ISPs, which will expose the mobile network to a variety of new security challenges. On the network side, the transition to end-to-end IP represents a paradigm shift in risk management. And after an incredible 20 years, the first A5/1 GSM encryption algorithm is finally looking vulnerable to being cracked in a potentially significant way.

So where mobile network security was once taken for granted, operators, infrastructure vendors, handset vendors, and application providers are being called to account as never before and asked for reassurance, near-term solutions, and long-term roadmaps that will ensure that the next 20 years of the mobile industry' s evolution are built on as secure a platform as the first.

Vendors of network security products such as firewalls and intrusion protection systems, as well as solutions for mobile handset security, report strong demand for their products. While the network security product landscape is extremely rich and diverse, the one thing all these dedicated products share is that they are there to compensate for the vulnerabilities inherent in the primary network infrastructure.

In contrast, this report looks at what primary infrastructure vendors can do to correct the security vulnerabilities in their own RAN, switching, router, and transmission equipment, as well as introduce new security features into their portfolios. The report focuses on the secure development and design practices, as well as security feature roadmaps, of the primary incumbent infrastructure vendors that account for the lion' s share of mobile operators' annual capex on network infrastructure: Ericsson, Nokia Siemens, Alcatel-Lucent, Juniper, Tellabs, and Huawei. Cisco Systems was also invited to participate, but formally declined to do so.

Drawing on responses to a detailed Heavy Reading survey, the report explores variations in these major vendors' security practices relating to the product development process itself. It looks at best-practice design features in specific products that enable operators to protect their networks and potentially reduce their dependence on dedicated security products. The report also highlights specific vendors that are showing leadership in key areas of securing primary network infrastructure products.

Because of this approach, the report does not cover the market in dedicated security products and solutions, such as security firewalls, intrusion detection and intrusion prevention systems, SBCs, other security gateways, and test equipment. The report does not address issues relating to the security of end-user devices, nor the security of the operator' s customer-facing portals, which have featured prominently in recent security breaches.

Next-Gen Security Strategies for Mobile Network Infrastructure is focused on what can be done to secure the mobile network infrastructure itself. It examines security best practices among the primary suppliers of mobile infrastructure equipment, analyzing their internal product development processes and the measures they take to prevent breaches of those practices. The report explores security-first product design features relating to the specific requirements of the mobile network, including the design of testing methodologies, logging mechanisms, and ease of patch implementations. The report also presents the challenges and vendor roadmaps for supporting 3GPP security features, such as the A5/3, SNOW, and EEA1/EEA2 algorithms, as well as IETF protocols such as IPV6.

Table of Contents

LIST OF FIGURES

I. INTRODUCTION & KEY FINDINGS

  • 1.1 Key Findings
  • 1.2 Report Scope & Structure

II. SECURITY ATTACKS: NEW MOTIVATIONS, NEW TECHNIQUES

  • 2.1 The Rise of New Types of Attacker
  • 2.2 Cyber-Aggression Between Nation-States: Get Used to It
  • 2.3 Government' s First Responsibility & the UK' s "White Noise" Operation
  • 2.4 The Impact of Cloud Computing

III. SECURITY ISSUES IN FIXED & MOBILE NETWORKS

  • 3.1 Addressable Markets of Customers & Attackers
  • 3.2 Competition Between Service Providers
  • 3.3 Addressable Markets of Vendor-Specific Browsers & Operating Systems
  • 3.4 Broadband Pricing, Security Attacks & User Satisfaction
  • 3.5 The Behavior of Applications in Fixed & Mobile Networks
  • 3.6 Design Vulnerabilities in Fixed & Mobile Networks
  • 3.7 Device Vulnerability & User Behavior in Fixed & Mobile Networks
  • 3.8 Summary: The Risk Profile of Fixed & Mobile Networks

IV. SECURITY DIFFERENTIATION IN PRIMARY INFRASTRUCTURE

V. ' SECURITY-FIRST' BEST-PRACTICE PRODUCT DEVELOPMENT

  • 5.1 Developer Training & Access Control
  • 5.2 Secure Approaches to Hardware & Software Virtualization
  • 5.3 Use of Cryptographic Code Signing
  • 5.4 The Outsourcing of Development to Third Countries & Third Parties
  • 5.5 Allowing Governments & Operators Direct Access to Source Code

VI. ' SECURITY-FIRST' BEST-PRACTICE PRODUCT DESIGN

  • 6.1 Optimal Design & Implementation of Patches & Registers
  • 6.2 Regression & Compatibility Testing
  • 6.3 Secure Storage of Transaction Logs
  • 6.4 Investment in Trusted Computing
  • 6.5 Support of Per-User State in Radio Resource Management Products
  • 6.6 The Prospects for Implementation of Security Features in Software

VII. THE GROWING DEMAND FOR SECURITY FEATURES

  • 7.1 3GPP' s Encryption Algorithms for the Air Interface
  • 7.2 The Security Challenge of IPv6
  • 7.3 Support of IPsec in Mobile Network Infrastructure
  • 7.4 Integration of Other Security Features Into Primary Network Elements

VIII. TRENDS TOWARD APPLICATION-LEVEL SECURITY

  • 8.1 Google, Apple & Symbian
  • 8.2 3GPP Generic Authentication Architecture

IV. VENDOR PROFILES

  • 9.1 Alcatel-Lucent
  • 9.2 Ericsson
  • 9.3 Huawei
  • 9.4 Juniper
  • 9.5 Nokia Siemens Networks
  • 9.6 Tellabs

APPENDIX A: ABOUT THE AUTHOR

APPENDIX B: LEGAL DISCLAIMER

LIST OF FIGURES

SECTION I

SECTION II

  • Figure 2.2: Attacks Are Growing in Sophistication & Ease of Deployment

SECTION III

  • Figure 3.1: Recent Attacks & Vulnerabilities Impacting Mobile Broadband
  • Figure 3.2: Fixed & Mobile Broadband Subscriber Forecast
  • Figure 3.3: Smartphone Browser Market Share
  • Figure 3.4: PC Browser Market Share
  • Figure 3.5: Smartphone OS Market Share
  • Figure 3.6: PC OS Market Share
  • Figure 3.7: IP Transmission Behavior by Mobile Application Type
  • Figure 3.8: 3G & 4G Network Architectures

SECTION IV

SECTION V

  • Figure 5.1: Forums & Processes Dedicated to Secure Coding
  • Figure 5.2: Product Security Management Processes

SECTION VI

SECTION VII

  • Figure 7.1: The Rise of Security Features in Mobile Network Infrastructure
  • Figure 7.2: The Ratio of IPv6 to IPv4 Traffic in Organizations Supporting IPv6
  • Figure 7.3: Biggest Hurdles to Deploying IPv6
  • Figure 7.4: IPsec Options in LTE Backhaul

SECTION VIII

  • Figure 8.1: Largest Observed Internet Attacks
  • Figure 8.2: Generic Authentication Architecture Entities
Back to Top