Signalware
Signalware SS7
Signalware SS7 Boards
Signalware SIGTRAN
nSignia eSTP

Security

 

Introduction

In 1957, the term "Blue Box" entered the security lexicon. The Blue Box was based on the discovery that whistling a clear tone at 2,600 hz into a handset could trick the phone company's switch and allow a user to take control of a trunk line. This discovery opened up almost limitless possibilities for routing calls without charge. This was the first 'phreaking' of the telco. Since that first event in 1957, the security threats have steadily increased. Terms like hacking have entered everyday language along with spoofing, denial of service, and phishing. Security can no longer be assumed. As we accelerate our interworking between telecom networks, the internet, and IP-based networks of all kinds, security considerations that were once simply important to have now become critical to our business survival and success. The telecom networks are poised for fundamental changes in their handling of security. Security is not just a key business enabler. Security is a necessity for telecom service providers. If you fail to address security issues correctly, you might simply end up without a business.

 

Challenges

Many challenges face the network operations staff as they seek ways to combine disparate signaling network segments or integrate new IP-based networks with traditional carrier networks. Network segments may be geographically distributed - creating the opportunity for compromises of physical security. This can yield unfriendly inspection of data or spoofing. Even in networks that are not compromised, privacy issues abound. Allowing even the semblance of an opportuniSecurityty for unauthorized access to data can have major impacts. Some kinds of data simply cannot be put into networks with other data. They must be recognized and either blocked or routed using specific network segments and resources. Network segments now being integrated might come from business units that were once competitors - and might someday again be competitors. There may be conflicting use of message header information or network addresses. There might be a need for network address translation (NAT) functionality. There may be a requirement to identify particular traffic information and route it to specific network elements. For example, SMS traffic might be identified, split off, and routed to a packet inspection system to recognize SPAM or SPIT or to simply optimize network operation. Or, traffic specific to a particular customer may be treated so as not to be mixed with traffic from some other customer. There are many security considerations in which access must be restricted from one network element in one segment to another in another segment. Access to a service in one network might be limited to a subset of network elements in another network; only traffic with certain message characteristics is allowed to cross a network boundary.

 

Solution

The solution to these problems is a network border element with special routing and security capabilities providing network integration at the edge of disparate networks. Traditional network components reside in the core of the network, where any change can have catastrophic impact. What is needed is a way to implement security policies into the various subnetworks without modifying their core behavior or components. In essence, we need to find a secure way to join these networks at their edge and do so in a way that is non-intrusive to the core network functionality. Operating as a combination of traditional signaling transfer point (STP) and internet router, this network element should route messages in and out of signaling network segments, providing translation services and content-based routing as necessary. The solution should operate with various white- and black-lists to implement the necessary security policies and also perform the deep packet inspection if it is required. As an example, a private network might consist of various SMS services, and only SMS traffic to these specialized services are allowed access to the private network.

 

Ulticom nSignia eSTP

Ulticom nSignia® eSTP provides all of these security capabilities. nSignia eSTP combines the best-of-breed characteristics of traditional carrier-grade STPs with message content-based routing and filtering. It is possible to define complex screening criteria between "equal" networks in a traditional STP fashion as well as define two networks as completely separate and only allow traffic between them through the nSignia eSTP in a gateway fashion. Using nSignia eSTP, you can combine disparate network segments, creating a unified network with controlled flow of information between network segments. Key Business Benefits

  • Disparate Network Segment Recombination - nSignia eSTP can bridge existing and new network segments, creating a unified network
  • Maximum Change/Minimal Cost - introduction of an nSignia eSTP at the edge of your signaling network means that the needed functionality can be introduced without costly changes to core network elements, redeployment of generics, and major network reconfiguration. The hassle factor is minimized, making life easier for everyone involved
  • Secured Communications - using nSignia eSTP, you can restrict access between network segments to enforce security considerations. Unfriendly network elements can be dynamically blocked during network operation, a major consideration as the impact of the internet grows ever more prevalent
  • Combined Network Communications - by placing an nSignia eSTP at the edge of each network, you can establish cross network communication to enable future services using highly efficient IP communications without impacting operation of the network
  • Optimized Message Transport - by using nSignia eSTPs, traffic can be routed to the appropriate network elements using optimal network transport. IP transport can be used transparently for SS7 offload and as the basis for transport across geographic separations or where speed and cost are important factors
  • Content-Based Message Routing - nSignia eSTP can analyze traffic as it transits from one network segment to another, and using message content can select destination network or intermediate transport options. This can optimize cross network handling of both SUP and TCAP functionality
  • Translation - nSignia eSTP can perform translations of message header information including network indicators and point codes to compensate for differences between network segments

 

 Related Links

 

nSignia eSTP Data Sheets

PDF download  nSignia eSTP Data Sheet

 

nSignia eSTP Product Sheets

   HTML

   PDF

 

Service Optimization:

 

Server Farm

PDF download  PDF

 

Softswitch SG

PDF download  PDF

 

Switch Migration

PDF download  PDF

 

 

Network Optimization:

 

Cross Network Services

PDF download  PDF

 

Network Border Element

PDF download  PDF

 

Network Security

PDF download  PDF

 

SMS Traffic Control

PDF download  PDF

 

Virtual Signaling Network

PDF download  PDF

 

 

Transport Optimization:

 

Long Haul Link Replacement

PDF download  PDF

 

Signaling Hub

PDF download  PDF

Terms and Conditions | Privacy Statement | Sitemap | ©2009 Ulticom, Inc. All Rights Reserved.
Signalware | SS7 | SIGTRAN | nSignia eSTP