Service providers are experiencing tremendous growth in traffic. They feel pressure to scale their networks to meet demand while maintaining profitable business models. As the networks scale up and out, their operators face increasing security threats.
A February 2016 survey and subsequent report on The Future of Mobile Service Delivery, authored by Jim Hodges, senior analyst for Heavy Reading, explores how service providers address security concerns as they prepare for a 5G world.
Security is a major concern for operators. Hodges points out that the top concern is denial-of-service issues, including distributed denial-of-service (DDoS) and botnet attacks and network configuration errors. This fear is followed by threats related to system integrity in which traffic is manipulated by external attackers while spoofing a user’s identity.
Service providers recognize that security threats exist across their network domains, with the top areas of concern at data centers. But devices, the RAN, the EPC, the IMS, and the Gi-LAN must all be protected.
Service providers have already put into place basic requirements to protect against top threats. These include DDoS protection or mitigation, web and DNS firewall applications, and anti-fraud measures such as DNS tunnel detection. But networks are still vulnerable in other areas, including service function chaining, roaming network policy enforcement, DNSSEC, S1 security gateways, and Gi firewalls. These areas are especially critical as VoLTE, video, network functions virtualization (NFV), and Internet of Things (IoT) deployments are expected to reach a critical mass within two years.
Operators are split on which approach is best for managing DDoS threats. The top preferred approach is inline DDoS applications, followed closely by a combination of both inline and out-of-band methods.
The threats clearly indicate that service providers need comprehensive security across their networks, from the device through the core to the Gi-LAN and applications in data centers. Most importantly, operators need to secure and scale their networks to handle the surge of millions to billions of DNS requests per second that may impact performance and availability. The inevitable spikes in network signaling, and attacks on signaling protocols such as SIP and Diameter, could cause signaling storms, potentially bringing down the network. To optimize performance and improve the quality of user experience, service providers need tools to manage traffic priority and steer it based on the device type, its current application, and associated signaling.
As noted in Hodges’ report, service providers also view the DNS domain as a key area of vulnerability. Read more about the detailed DNS security challenges that service providers face.
See a snapshot of additional survey results, view Hodges’ full Heavy Reading report, or find out how F5 helps service providers meet security challenges with carrier-grade firewall, access control, and security solutions.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.