中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecuritySecurity Vulnerabilities

Mobile Communication Security Threats and Solutions

In the convergence of data and voice network, the mobile communication network is exposed to many security threats, just like any other data network. The security threats are very real and could be very harmful. We listed some of the unique mobile related security problems below:

  • Capturing a subscriber’s data session
  • Spoofed SGSN or GGSN
  • Spoofed Create PDP Context Request
  • Spoofed Update PDP Context Request
  • Overbilling Attacks
  • Border Gateway bandwidth saturation
  • DNS Flood
  • GTP Flood
  • Spoofed GTP PDP Context Delete
  • DNS Cache Poisoning
  • Gi bandwidth saturation
  • Application Layer attacks from Handsets

We need to address the mobile communication security issues from both the network infrastructure and the handset. A list of security practices in the network infrastructure of the mobile communications network is showing below:

 

  1. All the elements of a communication network should be hardened so that it is resistant to various security attacks. Maintaining latest update levels of network elements and their software is an essential part of any OAM concept applied in a network domain.
  2. Critical infrastructure elements must be identified and well protected; the necessity of redundant elements should be carefully evaluated, e.g. to still allow management during exceptional situations.
  3. Information on the network’s internal structure, including the topology, the platform types, the distribution of functional elements, the capacities etc. or the customer data concerning location, service usage, usage pattern, account information etc. should be made available only to authorized parties and only to the extent that is actually required. The limited availability of this information reduces the knowledge about potential targets.
  4. Intrusion Detection System (IDS) should be deployed in the network to detect, monitor and report security attacks, such as DoS and attacks that utilize system flaws, and any compromise of system security.
  5. Fast response to security attacks and automatic recovery of security compromise must be provided to increase the probability of business continuity/continuous operation and to mitigate the effects of attacks.
  6. The network should be easy to manage and realistic and realizable security policies must be developed.
  7. Rapid couplings of the networks of different administrative domains must be secured (authentication, integrity, confidentiality, availability and anti-replay protection, etc.) against external attackers.
  8. Mutual dependencies between the infrastructure security and new service to be created must be minimized.
  9. Authenticity, confidentiality, integrity, anti-replay protections for network management signaling shall be provided.
  10. Interoperability between the administrative domains shall not compromise the security of any involved domain
‹ Land AttackupNetwork Security at the Data Link Layer (Layer 2) of LAN ›