Service Provider Threat Landscape Report 2021
As service providers start gearing up for their digital transformation, they need to have insight into the threat landscape of their mobile telecommunications ecosystem. Digital transformation means that service providers must simultaneously manage multiple networks—3G, 4G, and 5G, each with their own complexities and vulnerabilities. This means that service providers are not only dealing with increased network complexity, they also must address increases to their attack surface. Mitigating and managing existing threats while anticipating the demands of 5G security is critical to providing network security and ensuring customer trust.
As security threats become more prevalent and sophisticated, understanding the source of these threats makes it easier to establish proper defenses
Figure 1: Service provider threat landscape
5G가 지연 시간을 줄이고 대역폭을 향상시키면서, 서비스 제공자는 점점 더 많은 수의 연결 장치에 직면하게 될 것입니다. GSMA는 2025년까지 서비스 제공자가 다음을 지원해야 한다고 예측합니다.
- 88억 개의 SIM 연결
- 50억 모바일 인터넷 사용자1
As the number of connected devices increases, so will attacks, including attacks that take advantage of inherent vulnerabilities in the simple, everyday tasks that most users take for granted. This diagram lists some activities that customers take that can increase their vulnerability to attack. Security must protect customers from these vulnerabilities and adapt as attackers retool to bypass countermeasures.
Figure 2: Even simple, everyday tasks carry vulnerabilities that can put users at risk
Additional attacks against mobile users include:
- Credential validation (also known as credential stuffing)
- 휴대폰 업그레이드 도난
- SIM breach
- Third party applications and services abuse
5G Network Threats
5G brings increased network complexity and an exponential increase in the number of connected devices. More connected devices means there is a bigger attack surface that could be exposed to sophisticated and malicious attacks. As the attack surface grows, it will become harder to assess and intercept cybersecurity risks. Several threats will be discussed such as IoT, signaling, API and N6/Gi-LAN threats.
IoT Threats
GSMA는 2025년에 사물인터넷 연결 수가 246억 개에 도달할 것으로 추정합니다.2 IoT 기기가 봇넷에 사용되는 경우가 점점 더 많아지고 있습니다. 봇넷(악의적인 공격을 시작하는 데 사용되는 손상된 네트워크 장치)은 일반적으로 분산 서비스 거부(DDoS) 공격을 실행하는 데 사용됩니다. 5G 네트워크가 의료, 제조, 핀테크, 정부 등의 산업에서 채택됨에 따라 봇넷에 대한 보호가 더욱 중요해지고 있습니다. 최근 연구에 따르면 IoT 보안이 서비스 제공업체의 최우선 과제인 것으로 확인되었습니다. 응답자의 39%는 이미 IoT 보안을 구현하고 있으며, 27%의 응답자는 2021년에 조치를 구현할 계획입니다.3
Figure 3: Service providers are implementing IoT security measures4
Service providers must address the signaling challenges caused by increased traffic volumes in 5G network deployments. Legacy security issues in 4G and 3G networks also must be addressed as service providers migrate to 5G and standards evolve.
그림 4: 서비스 제공자에게 영향을 미치는 위협 신호
신호 보안은 서비스 제공자에게 매우 중요합니다. Heavy Reading 분석가 보고서에 따르면 제어 평면 보안의 최우선 순위 3가지는 NEF(41%), 5G HTTP/2 신호 방화벽(40%), NRF(37%)입니다. 다소 우려스러운 점은 모든 서비스 제공업체의 28~38%를 차지하는 두 그룹이 상업적 출시 후 12~17개월 또는 18~24개월 내에 이러한 기능을 구현할 계획이라는 점입니다. 5G는 4G 네트워크와 공존하기 때문에 서비스 제공자는 기존 4G 보안 네트워크 플랫폼과의 원활한 상호 작용을 보장할 시간이 필요하며, 이로 인해 보안 구현이 훨씬 더 중요해졌습니다.5
Figure 5: Responses to the question: When do you plan to implement the following 5G control plane security capabilities? (n=100)6
API Threats
API 위협 5G 네트워크 코어는 SDN/NFV를 기반으로 하며 HTTP/2 및 REST API 프로토콜을 많이 사용합니다. 이러한 프로토콜은 인터넷에서 잘 알려져 있고 널리 사용되기 때문에, 취약점을 찾아 악용하기 위한 도구를 모든 악의적인 행위자에게 제공할 수 있습니다. 웹 보안은 광범위한 문제에 직면해 있습니다. IT 및 보안 업계의 최선의 노력에도 불구하고, 잘 보호된 웹사이트는 예외일 뿐이며 이는 흔한 일이 아닙니다. 평균적인 웹 애플리케이션에는 33개의 취약점이 있으며, 웹 애플리케이션의 67%에는 고위험 취약점이 있습니다.7 API는 머신 간 데이터 교환을 위해 설계되었으며, 많은 API가 민감한 데이터에 대한 직접적인 경로를 제공합니다. 즉, 대부분의 API 엔드포인트에는 최소한 웹 애플리케이션과 동일한 수준의 위험 제어가 필요합니다.
Figure 6: When respondents were asked when they would they begin to support API security functionality, 66% said they will be implementing security capabilities by 20218
S/Gi-LAN /N6 Security
The N6 LAN (previously known as S/Gi-LAN) is the interface that lies between the user plane function (UPF) and the Internet. N6 LAN functions are often consolidated to optimize network performance and reduce costs. This interface is the gateway to the Internet and must be properly secured. Some security features that are normally located here include: Carrier-grade network address translation (CGNAT) N6 (Gi) firewall DDoS protection IoT firewall Subscriber security services Secure DNS cache Service providers continue to see a role for traditional Gi-LAN products in their 5G portfolio. The figure below shows the results of a survey in which service providers were asked to rank the solution offerings of Gi-LAN/N6. Firewalls, DDoS mitigation, and CGNAT represent the top three security concerns.
Figure 7: Response to the question: How important are the following existing Gi-LAN infrastructure security solutions for securing 5G deployments? (Rank 1 = highest importance to Rank 7 = lowest importance) (n=96–100)9
에지 위협
Service providers will be able to monetize their 5G networks by offering edge use cases for enterprise innovations. 5G networks are decentralized and incorporate a distributed, multi-cloud architecture. In a distributed cloud model, cloud services are extended from edge devices all the way to the 5G core data center. Edge computing increases the security risk for service providers, with IoT devices, increased data volume, and edge infrastructure all providing rich targets for bad actors.
하이브리드 및 멀티 클라우드 아키텍처를 통해 많은 서비스 제공업체가 Zero Trust 보안 모델을 채택하고 있습니다. Zero Trust 보안은 각 구독자로부터 수집된 실시간 정보를 사용합니다. 분석가들은 응답자의 93%가 Zero Trust 이니셔티브를 연구 중이거나, 구현 중이거나, 완료했다고 보고합니다.10 IoT 기기의 기하급수적인 성장은 좀비 IoT 기기가 5G 속도로 DDoS 공격을 감행하지 않도록 Zero Trust 보안 모델을 채택해야 하는 동기를 더욱 강화합니다.
Figure 8: Service providers are adopting the “Never Trust, Always Verify” Zero Trust model12
Cloud Security
Although most mobile networks use private clouds, edge locations are increasingly relying on public cloud solutions. Mobile network operators are partnering with hyperscalers to build an edge solution that will appeal to enterprise industry. Every service provider will have different architectures, deployment plans, and timelines, but these all must be informed by a security strategy that ensures end user Quality of Experience (QoE). In the 2020 State of Application Services Report: Telecom Edition, we reported that 90% of respondents are operating in a multi-cloud environment, and the majority of these respondents report that security was a major concern when planning their networks.13 Among service providers, 90% are selecting their cloud infrastructure based on their specific use cases. Matching cloud services based on the application drives operational improvements and could enable service providers to leverage functionality offered by the cloud provider.
그림 9: 서비스 제공자는 클라우드 인프라 사용 사례를 비즈니스 요구 사항에 맞게 조정합니다.15
Conclusion
As service providers embark upon their 5G migration journeys, they are faced with new cybersecurity threats throughout their digital landscape, from devices to the edge to the 5G network and into the cloud. To mitigate these threats, they must proactively incorporate security into every step they take as they build 5G networks and integrate them with their existing infrastructure.
F5가 귀사가 강력한 5G 보안 태세를 도입하는 데 어떻게 도움을 줄 수 있는지 자세히 알아보려면 저희에게 문의하세요 .
1 GSMA: The Mobile Economy 2020
2 GSMA: The Mobile Economy 2020
3,4,5,6 Heavy Reading, 5G Security: The Multifaceted Art of Cloud-Native Threat Management
8 Heavy Reading, 5G Security: The Multifaceted Art of Cloud-Native Threat Management
9 Heavy Reading, 5G Security: The Multifaceted Art of Cloud-Native Threat Management
10 AT&T Cybersecurity: 5G and the Journey to the edge 2021
11 ZDNET, Edge Computing: The cybersecurity risks you must consider
12 AT&T Cybersecurity: 5G and the Journey to the edge 2021
13,14,15 F5: 2020 State of Application Services Report, Telecom Edition