Protect the connections from other operators
With new regulation in European Union and elsewhere being a driver, roaming traffic has been increasing exponentially. Customers expect the same services they use at home to work equally good while being on vacation or a business trip. Communication Service Providers setup direct links to their preferred roaming partners, or route via roaming exchanges. Even though they do not own the network in the other countries, they extend the perimeter and need to trust the incoming traffic. This can leave CSPs exposed to threats that are easily avoided.
SOLUTION
Border Gateway Roaming Security
Traffic from other operators needs to be scanned before allowed into the CSPs network. Roaming traffic signaling inspection is required on the SCTP protocol for Diameter traffic as well as GTP signaling validation. Together with Perimeter Protection, Advanced Threat Protection with IDS and Network/Server Attack Protection for DDoS threats.
For signaling validation a deep dive into the GTP-C v0/v1/v2, and GTP-U protocols will provide insights into protocol anomalies. The solution works as a stateful proxy and can apply ACL and Packet Shaping and Forwarding Rules on the traffic. There are multiple GTP Multiple Filter Options (Message, APN, IE removal) as well as Sanity Checking – all Header field check and Protocol Fuzzing Detection and Prevention.
For SCTP there is static validation of SCTP packets and stateless forwarding. The solution will provide logs and flow-lifetime and provides validation also when matching “Implicit” SCTP services. There is Traffic Shaping Support for SCTP flows to mitigate an overload and transparent failover between redundant network paths.
In addition BGP routing capabilities are required to support high availability setups with connectivity via multiple carriers. All security protections to make sure roaming traffic is safe and a good experience is provided to the end users.
Clavister Service-Based Firewall Report
Heavy Reading Analyst Jim Hodges explains why traditional firewalls are not sufficient for architectures prepairing for 5G and Next Generaiton Core networks.
Topics covered in this white paper include:
- How the 5G Service Based Architecture (SBA) core network and associated capabilities such as 5G slicing will drive new security enforcement firewall functionality
- The security firewall requirements associated with managing the 5G cloud-distributed new radio (NR) access network
- The implication of these technologies on existing cloud-based Firewall as a Service (FWaaS) deployments
- Clavister’s product strategy for dealing with these new service-driven firewall requirements
Use Cases
Resilient Interconnect Connectivity
Interconnection with Border Gateway Routing (BGP) for carrier independence
Control Signalling Validation
Gateway function for specific signalling validation including GTP and SCTP
Network Attack Protection
Intrusion detection and prevention system, GeoIP restrictions and denial of service protection
READ MOREProducts
Virtual Models
High performance virtualized security gateways designed for new carrier networks based on NFV/SDN.