Bart Salaets, solution architect EMEA for service providers at F5 Networks, on securing the future of communications with mobile firewalls
As mobile technology has developed, consumer demand around performance and scale has also significantly increased. Mobile network operators are slowly becoming aware of the security and reliability issues that are brought about by the rise of the always-connected smart device. Consumers, on the other hand, are more concerned with their voracious appetite for data being fulfilled and, for the most part, unaware of the potential impact that threats to the 4G networks could have on their devices and connections.
But while operators have to develop their security approach to counter changing threats, the evolving technologies also present a revenue opportunity once those consumers do become more aware of their exposure to some of these security risks.
Shifting horizonsThe transition from 3G to 4G or Long Term Evolution (LTE) is well underway. However, a major area of concern for mobile operators is the security risks that come with this shift. Service providers are being confronted with attack vectors that the industry hasn't experienced before, with IP-based infrastructures opening them up to more 'traditional' IT threats.
Traditional network level DDoS attacks, which are volumetric in nature in trying to bring down certain parts of the network, are now being augmented with application level DDoS attacks that are much more sophisticated and are attacking the application infrastructure of the mobile network operator.
It may be tempting to ignore these threats in the short term, but it's vital that mobile operators face up to these risks and put measures in place to protect their networks, their application infrastructure and their customers.
With network and application based DDoS attacks and other security risks on the rise, mobile network operators really need to consider what security provisions they have put in place and what other measures they can take to prevent or mitigate any future attacks. By doing this, they will be able to protect their core radio networks and customers from potential risks.
The evolution in security risks from malware, botnets and worms infecting consumer devices is also a growing concern in the mobile industry, but it does present mobile operators with an opportunity to deliver managed security services helping their customers protect against being infected from malware and worms. So, apart from core network security to protect the internal infrastructure, there are also new opportunities to offer premium subscriber security services which will generate additional revenues.
Increasing complexityLTE roaming and voice over LTE (VoLTE) are also presenting new security challenges as the interfaces used on the roaming side are now all IP-based using SIP and Diameter protocol between roaming partners. Measures need to be taken to protect the internal network from DOS attacks coming over the external roaming interfaces, so SIP security and Diameter security at the boundary of a mobile network will is going to be critical in an LTE world.
Of course, the shift to 4G has not been wholesale and the various networking protocols required for 2G, 3G and 4G all need to be supported within the network infrastructure. This means that a centralised management for visibility and control throughout a provider's entire mobile broadband network is essential, IP-based or otherwise. Now, with IPv6 being introduced, you also need platforms that don't exhibit performance differences between IPv6 and the prevalent IPv4 protocol, so there is a lot to consider.
The amount of data traffic has significantly increased, but the legacy firewalls that companies have been using just don't have the scale and performance to deal with it. With this in mind, networks should be looking at security products that may not have seemed relevant in the past, but will become essential as they move towards more traditional IP networks with network function virtualisation (NFV) and SDN on the agenda.
With NFV and SDN, network infrastructure is going to be provisioned and orchestrated automatically in a fully virtualised environment. As a result the security policies that are being put in place to protect that infrastructure need to become much more agile and dynamic as well. Mobile operators should look into security devices that allow them to migrate seamlessly from a fully static environment to a fully dynamic environment in order to reap the full benefits of SDN/NFV without getting exposed to all the security risks described above.
Firewalls all round!Hardware and software firewalls are a measure that can be highly effective at identifying and mitigating potential threats before they have a significant impact on network performance. By implementing the right kinds of firewall, mobile operators will be able to use deep packet inspection to analyse the data moving through the network and establish whether they are malicious or not. It is important to implement a system that will build barriers between a trusted internal network and an untrusted external one.
Ultimately, with bespoke firewalls so readily available, there is no excuse for networks to dither. To do so would put consumers at risk of potential cyber attacks and network outages.
4G is an indication of the future for mobile networking, with VoLTE just around the corner, and networks need to act now to make sure they have eliminated as much risk as possible by putting measures in place to stay ahead of the game.
F5 Networks delivers world class performance, security, and cloud solutions for top global websites, enterprises, and service providers.
