Diameter Firewall

Fully compliant to GSMA FS.19

The number of diameter vulnerabilities has exploded the last two years. The complexity of the hacks is becoming more and more advanced and hard to detect. It has been proven that it is possible to gather information about subscribers, locate and track them, and perform a Denial Of Service (DoS) attacks on the subscribers.

Mapping the problems
The amount of Mobile vulnerabilities is exploding
Subscriber information should be protected
Voice, SMS and Data could be intercepted
Mobile services should be always available
The Home Public Land Mobile Network (HPLMN) should protect Mobile end-customers against attacks
Mobile Operators should protect their own Network elements against malicious attacks
Volume attack against Mobile Operators could lead into service unavailability
Malformed packets received through roaming Networks could influence Mobile services
End-customer dissatisfaction due to impact on the Mobile services
Loss of end-users personal information
Long troubleshooting time to restore Mobile services
Mobile hack could lead to brand damage
Mobile service down time
How we solve this

Introducing a Next Generation Diameter Router DRA with Firewall capabilities into the heart of the Mobile Core Network connecting all Diameter speaking entities. Through a centralized orchestrator you will be able to protect all your Diameter traffic between your own Diameter entities and external Networks. Meaning you, as a Mobile Operator, will have control on the Diameter flows in your Network and you will be vendor independent in rolling out new services and technologies.



The solution can inspect every information field in a received packet

As you have access to all information inside the received messages it is easy to inspect if all security matters are applies


Secure IPsec/TLS communications between Diameter-Peers

By creating secure communications paths we could avoid that information of users is stolen.


Control over which Diameter application is used by a particular Diameter-Peer

By filtering the application we avoid that a hacker is spoofing other messages then what is allowed.


Congestion control for each configured Diameter-Peer

This way we protect back-end systems of being overloaded due to DOS attack.


Solution that is compliant to the GSMA FS.19 specifications

Nncluding Category 0, 1, 2 and 3 filtering mechanisms (Fundamental, Basic, Robust and Advanced filtering) and network topology hiding.

Key Take-Aways

Fully compliant to FS.19 specification as build-in feature of Diameter Routing Agent

One security policy that can be applied for entire Mobile Core Network