The number of diameter vulnerabilities has exploded the last two years. The complexity of the hacks is becoming more and more advanced and hard to detect. It has been proven that it is possible to gather information about subscribers, locate and track them, and perform a Denial Of Service (DoS) attacks on the subscribers.
Mapping the problems
The amount of Mobile vulnerabilities is exploding
Subscriber information should be protected
Voice, SMS and Data could be intercepted
Mobile services should be always available
Challenges
The Home Public Land Mobile Network (HPLMN) should protect Mobile end-customers against attacks
Mobile Operators should protect their own Network elements against malicious attacks
Volume attack against Mobile Operators could lead into service unavailability
Malformed packets received through roaming Networks could influence Mobile services
Consequences
End-customer dissatisfaction due to impact on the Mobile services
Loss of end-users personal information
Long troubleshooting time to restore Mobile services
Mobile hack could lead to brand damage
Mobile service down time
How we solve this
Introducing a Next Generation Diameter Router DRA with Firewall capabilities into the heart of the Mobile Core Network connecting all Diameter speaking entities. Through a centralized orchestrator you will be able to protect all your Diameter traffic between your own Diameter entities and external Networks. Meaning you, as a Mobile Operator, will have control on the Diameter flows in your Network and you will be vendor independent in rolling out new services and technologies.
Benefits
The solution can inspect every information field in a received packet
As you have access to all information inside the received messages it is easy to inspect if all security matters are applies
Benefits
Secure IPsec/TLS communications between Diameter-Peers
By creating secure communications paths we could avoid that information of users is stolen.
Benefits
Control over which Diameter application is used by a particular Diameter-Peer
By filtering the application we avoid that a hacker is spoofing other messages then what is allowed.
Benefits
Congestion control for each configured Diameter-Peer
This way we protect back-end systems of being overloaded due to DOS attack.
Benefits
Solution that is compliant to the GSMA FS.19 specifications
Nncluding Category 0, 1, 2 and 3 filtering mechanisms (Fundamental, Basic, Robust and Advanced filtering) and network topology hiding.
Key Take-Aways
Fully compliant to FS.19 specification as build-in feature of Diameter Routing Agent
One security policy that can be applied for entire Mobile Core Network