Nokia Networks safeguards network operations with two new
security launches #
- Network Access Guard provides identity access management to secure traditional,
virtualized and Software Defined Networks
- Signaling Security Solution, consisting of Signaling Guard and Security Assessment
service, detects and prevents attacks that exploit vulnerabilities in the SS7 protocol
Espoo, Finland – 3 September 2015
As the complexity of mobile network security increases with 3G/LTE and telco
cloud/SDN, a centralized identity and access control system able to authenticate
operator staff and provide secure, granular access to network elements is required.
Potential vulnerabilities in the SS7 (Signaling System 7) protocol could open the door
to advanced fraud, hijacking of subscriber communications or Denial-of-Service
attacks. To help operators deal with the multifaceted demands of protecting security
and privacy in the smartphone and Internet of Things (IoT) era, Nokia Networks has
extended its security portfolio with new protection capabilities complemented by
expert professional services in assessment and deployment.
Dealing with rocketing security complexity
Two new Nokia Networks solutions help shield network operations from unauthorized
access, both from external attackers and from staff within organizations:
- Nokia’s Network Access Guard addresses the sheer intricacy that operators face in
managing internal staff access to multiple network element systems. It secures,
identifies and monitors employee access while simplifying the way privileged users
handle critical network elements.
- Nokia’s Signaling Security Solution can identify weaknesses in an operator’s SS7*
infrastructure and implement a firewall to protect against subscriber data being
hacked as well as other malicious intrusions. Nokia Networks is the only major
telecom infrastructure vendor to offer such end-to-end SS7 protection.
How to protect against internal and external threats
- Nokia’s Network Access Guard implements centralized identity access
management in multivendor networks. Protection is achieved through a combination
of single sign-on authentication for user simplicity, session management to control
who accesses network resources, audit logging to track user sessions, and user
policy management. The software can secure traditional, virtualized and Software
Defined Networks (SDN) supplied by multiple vendors. It helps avert service
interruptions that could damage customer experience, cause revenue loss and lead
to Service Level Agreement (SLA) penalties.
- Nokia’s Signaling Security Solution consists of two elements:
- Nokia Signaling Guard tracks SS7 sessions and inspects signaling traffic in real
time. Thus it is able to detect external attacks that normally would not be
recognized by conventional SS7 network elements. The solution can block unauthorized access to subscriber profiles and helps assure service availability.
Efficient fraud protection builds subscriber trust to secure revenue streams.
- Nokia Security Assessment is a new expert service that analyzes an operator’s
network security architecture and protection of network elements to pinpoint
vulnerabilities that could lead to security breaches or service disruptions. The
insights provide the foundation for planning and implementing security
improvements to allay subscribers’ privacy concerns, encouraging higher use of
Patrick Donegan, Chief Analyst, Heavy Reading, said: “The vulnerability of SS7 to
eavesdropping and DDoS** attacks surfaced as an issue for operators during the summer of
2014. As with other vulnerabilities that emerge with older technologies that are expected to
remain in the network for a significant period of time, these are vulnerabilities that operators
need to be looking to close off.”
Giuseppe Targia, Vice President Security Business, Nokia Networks, said: “Security in
network operations involves a number of critical aspects, and with these new launches we
are addressing two of the most important ones. Firstly, multivendor and multitechnology
deployments in mobile networks create a challenge in managing access control policies
from a security perspective, thus making it difficult to protect the network from insider threats
or internal staff errors.This is why a new, carrier-scale, identity access management strategy
He added: “SS7, a well known protocol within the telecom network industry used by
hundreds of cellular companies to operate and communicate with one another, has been
shown to be vulnerable. Thus operators nowadays need an easy way to deploy an SS7
security solution in order to protect the network against privacy and fraud attacks.”
Did you know?
The SS7 protocol is susceptible to various attacks, and, if violated, can track phone numbers
with a precision of up to 50 meters.***