While advancements in telecom technology have proved advantageous in many ways, the networks providing such services are facing serious security concerns. The government’s recent moves including the proposed ban on importing telecom network equipment followed by a caveat issued to Research In Motion (RIM) for converting the encrypted data on its BlackBerry devices into a readable format or face a ban on such services in the country, draw attention to the increasing attacks on network security and the need to restore it.
Since all telecom networks are interconnected, they stand a high chance of being infected with various malwares that interfere with their functioning or unleash cyber attacks. Since enterprises are highly dependent on internet connectivity and have multiple location operations, their communication networks are open to threats like denial of service (DoS) and distributed DoS (DDoS). The rapid advancements in technology, different security protocols used by vendors and the intellectual property rights issues involved in sharing source codes for proprietary software have added to the complications. While a highly restrictive security regime can deprive consumers of new products and services, a lax system can compromise national security. So a proper balance needs to be maintained to ensure security at a minimum level of inconvenience to consumers.
A look at the various threats that telecom networks are susceptible to and the challenges that service providers face in countering these…
Physical security is the initial concern in any network. The strength and capacity of the network, in turn, depend on the strength of the various components that constitute it. These components should be able to withstand wear and tear while optimising the cost of the network in the long term. Further, threat to network security arises from natural disasters like earthquakes, floods, landslides, cloudbursts, heavy snow or fire, where the physical infrastructure is likely to be destroyed or disrupted.
In addition, service providers face security-related issues, such as DoS and DDoS attacks, which are aimed at disabling access to various internet services by legitimate users. In a DoS attack, the attacker’s main objective is not necessarily to gain access to a protected system but simply to deny access to other users. This is usually accomplished by bombarding the target with fake internet protocol (IP) information to tie up resources at the destination. The router becomes flooded with these incoming packets, keeping open ports tied up and causing increased utilisation of the router to the point of bringing it down and denying service to anyone else. The worst form of DoS attack is the DDoS attack, which utilises resources from multiple systems using agent software that is controlled by a master system. This lets more packets to be transmitted to the DoS’s target. Since the packets (such as internet control message protocol and transmission control protocol [TCP] packets) being sent are typically allowed into a router, countering such attacks becomes difficult.
Attacking border gateway protocol (BGP) routing and injecting faulty BGP routes for traffic redirection is another technique that is often used by attackers. Domain name system information is sometimes used to redirect internet traffic to serve the needs of people looking to misuse the system. Device compromise is another way, which involves breaking into vital components of the network and modifying their configuration.
The above threats are correlated with certain factors specific to the networks of service providers. One such factor is the size of the network. Service providers must be able to rapidly implement security measures against a large number of parties that are involved in the attack, and deploy relevant tools and techniques over a large number of devices. The size of the network is one of the significant differences between the service provider and enterprise security paradigms. In the enterprise segment, the number of devices to be taken care of is considerably smaller as compared to the service provider space. Also, the number of possible targets and entry points for an attack are higher in the service provider space than the enterprise segment, where typically a smaller number of identifiable assets receive the highest level of protection.
In addition to securing the end-points, security of transit paths and the infrastructure that carries them pose some challenges as well. Many of the standard security measures applicable in the enterprise segment are not appropriate in the service provider security paradigm. A primary difference is that firewalls and intrusion detection and prevention system (IDS/IPS) devices cannot be applied to transit paths in service provider networks. Service providers cannot afford to provide granular access control, one of the main functions of a firewall, for transit traffic. Moreover, they cannot afford a well-focused monitoring of transit traffic to detect indications of exploitation attempts as is being done by the IDSs/IPSs. Finally, the whole set of security measures available for hardening end-points, such as host IPSs and anti-virus software, is not of much interest in the service provider world. Moreover, peer-to-peer computing products are able to pass through even these firewalls by using a technique known as HTTP tunnelling (simple symmetric transfer protocol over TCP/IP).
India-specific issues
India is one of the fastest growing telecom markets in the world but the majority of the country’s networks are built with foreign equipment and maintained by international vendors. Bharti Airtel, for instance, has outsourced most of its network operations. The operator’s networks are maintained and operated by companies such as Ericsson, Nokia Siemens Networks and Huawei. Its IT applications are managed by IBM. Other private telecom operators have also entered into similar arrangements with foreign vendors.
Further, mobiles are the predominant mode of communication in the country, with landlines few and far between. Most of the mobile handsets currently available in India are imported. These facts have raised concerns within the government that the country’s mobile networks are open to foreign infiltration, including the possibility of embedded spyware and malware in the imported equipment. India’s intelligence agencies fear that these malware or bugs may leak sensitive data to third parties and pose a threat to national security.
Further, with the recent nationwide launch of 3G services and the deployment of long-term evolution technology for the proposed launch of broadband wireless access services, telecom operators now need to carry data in addition to voice over their networks. This opens up new avenues for network security threats from hackers, viruses, trojans and more. There is higher traffic and, therefore, a greater probability of security attacks from online sources, thereby increasing the need for a secure network.
Another issue faced by India in recent times is the high level of encryption used for data transfers by smartphone service providers. The Department of Telecommunications is of the view that when the message is in transition, the security agencies can intercept it but cannot read it because it is highly encrypted, thereby increasing the security risk. The BlackBerry smartphone by RIM offers services like messenger and corporate email, which use powerful encryption to encode messages. Nokia is another player that provides a push mail facility to its subscribers. While the need for privacy between corporate clients, the basic premise behind creating such devices, is understandable, national security concerns remain paramount, given the terror threats faced by the country.
The way forward
Due care and diligence are required to deal with the security risks prevalent in today’s world. Network administrators should be able to combat security threats with suitably designed network architectures and proper configurations to their routing, switching and network equipment.
One solution being opted for by most service providers is network and security audits. A hacker will generally break in through specific areas, which are entry points to the resource being targeted. An audit looks for these entry points. Once these are effectively barricaded, entry becomes difficult as well as time-consuming. Since this implies that other methods would now be tried by hackers, it helps operators track down such irregularities.
Of late the telecom industry has been focusing on data centre consolidation and virtualisation with regard to cloud-based models. In terms of security, vendors and technology developers are moving towards products and technologies that will have the ability to recognise these virtual machines and connections in order to keep track of users on the one hand and virtual infrastructure on the other, thereby enhancing network security.
Finally, given the dependence of other sectors on telecom infrastructure and its security implications, governments will need to play a leading role in establishing public policies related to network security.