Solutions

Security for Communication Service Providers

The proliferation and ubiquitous use of new communications devices and applications is causing security risks to soar. In this environment, communication service providers (CSPs) must simultaneously protect their subscribers’ information—such as identity, location, and financial data—and secure their subscribers’ unfettered access to applications and services. To help CSPs deliver new applications and services while protecting their networks—and, more importantly, their subscriber information—F5 offers the BIG-IP system, which provides strategic points of control for network, application, and subscriber security.

Network Security Challenges

CSPs today must ensure maximum network performance, availability, and security, even as new threats are constantly uncovered. For example, denial of service (DoS) and distributed denial of service (DDoS) attacks are the most disruptive to network availability, and spoofing session attacks are the most menacing to subscriber information. DoS/DDoS attacks can flood the network and specific network services, such as the Domain Name System (DNS), which prevents subscribers and enterprise customers from accessing their applications and services. As new network types are deployed, security requirements have become more complicated for both internal and external applications. Hosted services, such as cloud services, create new challenges in maintaining network and system integrity. These attacks cause service downtime and poor quality of experience (QoE), leading to reduced usage, revenue leakage, and subscriber churn.

In the past, CSPs have addressed these security problems with firewalls. However, traditional firewalls have limited system capacity and cannot react quickly to new attacks. Successful firewall solutions must support a high system throughput and simultaneous connection capacity.

Solution

BIG-IP Local Traffic Manager (LTM) provides CSPs with multiple layers of security for subscribers, applications, and infrastructures. BIG-IP LTM is an ICSA Labs Certified Network Firewall that provides comprehensive IP security with carrier-grade performance and scalability. This comprehensive multi-layer security can be applied to all the security risks on the network for subscribers (such as the Gi interface and IMS), applications (such as HTTP, HTTPS, and web), and infrastructure (such as DNS, AAA, SIP, and Diameter).

F5 delivers unparalleled security and scalability on a carrier-grade platform. The F5 VIPRION chassis supports up to 48 million concurrent connections; this means high-scale DDoS attacks can be prevented without causing service outages. Along with this unprecedented performance, BIG-IP LTM enables the consolidation of firewall platforms to:

  • Reduce operational costs.
  • Simplify management.
  • Provide the flexibility to react rapidly to new security threats.

With the BIG-IP system, CSPs can provide security for network edge connections to the Internet for core IP networks (including the Gi interface in the 3GPP defined architecture), and offload security functions from major network systems, such as the Gateway GPRS Support Node (GGSN)/Packet Data Network (PDN) Gateway. Additionally, the F5 iRules scripting language provides a flexible way to enforce protocol functions on standard, emerging, or custom protocols. With iRules, CSPs can create a zero-day dynamic security context to respond to vulnerabilities before an associated software patch is released.

BIG-IP LTM creates a security architecture that enables CSPs to:

  • Maintain their business models.
  • Deliver better service experiences.
  • Provide support service assurance and bolster Service Level Agreements to enterprise customers and end or general subscribers.
  • Significantly reduce network and service outages and service downtime related to security issues and responses.

Related Documentation for Additional F5 Solutions

F5 provides multifunction capabilities that eliminate the need for multiple point products while enhancing critical network functions across the application, control, and data planes. This approach simplifies management, reduces operating and capital costs, and improves end-to-end performance for application and service delivery. Using F5 to standardize the strategic points of control within networks expands the opportunities to monetize network services.

Besides providing security solutions, the F5 product suite offers multifunction capabilities that meet service provider needs for a number of other critical solutions within the same footprint. These solutions are addressed in more detail in separate profiles:

© 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, Local Traffic Manager, Global Traffic Manager, and iRules are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.

Key Benefits

  • A unified platform enables consolidation of DNS, web, access, and security functions
  • Business integrity keeps Internet resources safe and protects the business and brand
  • Extensible and adaptable technology allows CSPs to manage multiple application services on one device and respond to new threats instantly
  • Carrier-grade scale and performance enables the BIG-IP system to scale to handle millions of connections
  • Context-aware technologies intelligently deliver critical applications

Learn More

Products and solutions

White paper

Slides