Transcript
P1 Telecom Monitor P1 Telecom Monitor (PTM) is a SS7, SIGTRAN, 3G, IMS, NGN and LTE/4G network intrusion detection (IDS/NIDS) and monitoring system.
Telecom Network IDS SS7 and SIGTRAN networks lack precision monitoring such as that found in the IP world. IDS and specifically NIDS technologies do not yet exist for these types of networks, until today. PTM is the first Intrusion Detection System to provide security monitoring and detection for SS7 and SIGTRAN. It enables security and Telecom engineers to monitor attacks in real time. By detecting intrusions as early as possible and considerably more responsively than Fraud Detection Systems, P1 Telecom Monitor (PTM) enables engineers and managers to react to attacks and protect the operator's assets. PTM ensures that the CIOs, CTOs, Operation Teams, the Telecom Engineering department, the Fraud and Revenue Assurance department, decision makers and top management can control the onslaught of diverse and evolving attacks on their core network using a dashboard of key indicators. Few Telecom companies have a real understanding of the present and emerging risks for their Telecom Signaling network from new connections being deployed between their Core Network and the external world. Such interconnection is growing more and more thanks to the Internet and convergent services, Femto cells, 3G and even further services such as IMS and LTE. Monitoring them is now key to protecting the infrastructure security. PTM offers Telecom and Mobile operators the capability to monitor and detect their core network and signaling perimeters, continuously.
P1 Telecom Monitor technology
Native SS7 and SIGTRAN security monitoring solution SS7 Interconnect security monitoring Network Element, DPC and SSN constant monitoring External and Internal security monitoring Web based administration, event display and reporting Multiple Signaling perimeters support
PTM provides mass-monitoring of fraud cases, suspicious behaviors, instability causes and direct intrusion attacks. Currently, PTM detects successfully more than 200 different attack types specific to signaling infrastructure and Core Networks.
(C) Copyright 2012 - P1 Security, All Rights Reserved. - v1.5
1
Below is a selection of vulnerabilities and attacks categorized according to severity of impact: •
Location request with privacy-attacking HLR Request (SendRoutingInfo SRI Request) – Intelligence category (low impact)
•
SCCP Flooding Attempt – Infrastructure DoS (medium impact)
•
TCAP Session Flooding – Infrastructure DoS (high impact)
•
VLR Stuffing attack – Infrastructure DoS (high impact)
•
Region availability attack – Infrastructure DoS (high impact)
•
CAMEL / CAP illegal calls – Signaling attack & fraud category (high impact)
•
Billing System flooding – Signaling attack & fraud category (high impact)
•
SMSC fingerprinting – Intelligence category (low impact)
•
USSD mapping – Intelligence category (low impact)
•
Hostile Location Update – Targetted DoS (high impact)
•
Signaling Decoding Bomb – Signaling attack & fraud category (high impact)
•
SCTP Peering Point Enumeration – Intelligence category (low impact)
P1 Telecom Monitor Benefits PTM helps operators monitor the security of their network:
Perform real-time network intrusion detection on previously unmonitored network perimeters such as SS7, IMS, VoIP and SIGTRAN networks.
Detect intrusion patterns within hard to understand network architecture and telecom-specific protocols.
Monitor technology domain which are unknown to other IDS and that require extensive domainresearch.
Benefit from the latest P1 Security's latest research in attack pattern development.
Receive the daily feed of network attack signatures to be protected daily against the latest attacks.
Detects the attacks and frauds on the signaling plane, which is in effect much more reactive than Fraud Management Systems.
No need to wait for CDR generation or reconciliation, all detection is done by passively listening to the raw network interfaces.
Key Advantages P1 Security solutions provide multiple advantages and key benefits to operational teams and management such as:
Better security awareness of all network and engineers
Higher visibility of potential risks through ongoing security checks against latest threats
Keep full control of security with regular checks on pre-production and production equipment
Provide better protection and higher reactivity against attacks with PTM monitoring solution
Provide comprehensive dashboard with security exposure to management level
(C) Copyright 2012 - P1 Security, All Rights Reserved. - v1.5
2
Monitored protocols and equipment SS7
Message Transfer Part 3 (mtp3), SCCP, TCAP, ISUP, TUP, MAP, OMAP, INAP, BICC, CAMEL, BSSAP, RANAP, UMA
SIGTRAN
SCTP, M3UA, M2PA, M2UA, IUA (ISDN, Q.931), SUA, V5UA
GPRS
GTP-U, GTP-C, GTP', GRX DNS
AAA
Radius, Diameter
VoIP / ToIP
SIP, H323, Skinny / SCCP, H248, MGCP, MEGACO
Core network protocols
MPLS, LDP, BGP, VPLS, L2TP, GRE, IPsec, SAAL, LDP, BGP
Interconnection interfaces
Interfaces C, D, E, F, G, I and optionally A, B. SIGTRAN Ethernet-based networks (100Mbit/s or 1Gbit/s hardware). IMS Ethernet-based networks (100Mbit/s or 1Gbit/s hardware). SS7 legacy TDM interfaces (specific quote required, T1, E1, V11 or V35). SS7 ATM connections (specific quote required).
Alerts and log sources from Network Elements, EMS, OSS, NMS
Log Normalization module for Network Element log normalization and forwarding to SIEM systems Raw SIGTRAN monitoring on network interface (TAP, Monitor) Native binary, XML or text interface to Network Element alerting, Syslog, Secure syslog Legacy interfaces: CMIP, X25 FTP pull, FTP push, SOAP, XML-RPC SNMP Traps, SNMP poll
PTM has been tested with the following vendor equipment: Acision, Acterna, Adventnet, Alcatel-Lucent, Anritsu, Apertio, Asterisk, Bercut, Cisco, CMG, Comverse, Cyrpack, DataKinetics, Digital, Ericsson, HP, Huawei, IBM, Logica, Marconi, Motorola, Nokia, Nortel, NSN, Siemens, Squire, Sysmaster, SS8, Tellabs, Tektronix, Unica, Tekelec, ZTE.
(C) Copyright 2012 - P1 Security, All Rights Reserved. - v1.5
3
Deployment and Updates PTM is easily deployed with a single lightweight Virtual Appliance using VMware technology and a web-based control and reporting server using SaaS technology. PTM integrates seamlessly with your Signaling Infrastructure, co-located as a non-blocking passive probe that does not disrupt normal operations. It ensures extra operational security by being totally passive on the network on the monitored interface. PTM only requires an IP address to communicate its detected event. No Signaling Point Code or interconnection is needed. PTM is ready for deployment in both legacy SS7 and state-of-the-art SIGTRAN, UMTS/CDMA 3G, IMS and LTE environments. PTM rule base is updated weekly with emergency patterns being deployed in real time to all our customers so that fast emerging threats are countered immediately.
SIEM Integration PTM virtual appliance integrates with standard Security Information and Event Managers, providing Telecom-specific capabilities to current existing or new SIEM infrastructure. This helps integrate legacy equipment as well as new 3G and LTE/4G equipment into the regular security process of the telecom operator or Managed Service Provider.
About P1 Security Inc. P1 Security is a vendor independent, technology pioneer and leader in Telecom Security Audit and Monitoring products with patent pending technology and top research and development recognized by the GSM Association. Experts from P1 Security give conferences and training on SIGTRAN and SS7 security worldwide. Visit our website at www.p1sec.com or contact us for further information.
Contact Email:
[email protected] Web: http://www.p1security.com Address: P1 Security, 231 rue Saint Honoré, 75001 Paris, France
(C) Copyright 2012 - P1 Security, All Rights Reserved. - v1.5
4
