• Home

  • Documents

  • A tightly configured SS7 filter, allowing only Global Titles
1
SS7 NETWORK A tightly configured SS7 filter, allowing only Global Titles from roaming partners, greatly reduces the risk of SS7 fraud and exploits Get in touch and let Roaming Audit assists in building the perfect SS7 filter SS7 Threats & Vulnerabilities + Subscriber information disclosure + Network information disclosure + Subscriber traffic interception + Fraud + Denial of service Legitimate Partner Signaling + SendRoutingInfo + UpdateLocation + SendSMS + ... Output Legitimate Roaming Partner Signaling Operator STP or Gateway Node Block - Non-Roaming Partners Allow - Roaming Partners • Hackers • HLR Lookup Service • Tracking Service • Nation States SS7 Filter The problem with SS7 If it wasn’t for roaming SS7 security wouldn’t be such topic in today’s world. The SS7 proto- col is more than 30 years old and didn’t have security and todays interconnected world in mind. These vulnerabilities are especially ampli- fied in situations where operators and users employ SS7 in two-factor authentication pro- cesses via mobile phones. Although this login method offers many cybersecurity guarantees, it is far from perfect. Here, the vulnerability becomes more evident when the user receives an SMS with a code to carry out a certain operation. Two-factor authentication is only one of many vulnerabilities, but one that is easy to relate to and where the damage is easy to see. Espionage and subscriber tracking hap- pens every day without anybody realizing it. Denial of service for individual subscribers also goes unnoticed where as denial of ser- vice for complete nodes is very visible and very costly for operators. Part of the solution Majority of these exploits and vulnerabilities can be avoided by keeping an updated and tight SS7 filter in the gateway nodes. It won’t keep everything out, but it is an efficient and cheap way of securing the network from a great deal of unwanted and malicious signaling. The biggest challenge is keeping up with the everchanging network topolo- gies of roaming partners. Network Node Global Title ranges are added and removed on a daily/weekly basis How the SS7 Security Works The Roaming Audit digit analysis engine first checks that legitimate roaming partners can pass through the SS7 filter. Any issues will be visualized so they can be corrected to ensure roaming workability. Audit Features: If too broad ranges are found then the tool helps define the correct configurations which allows roaming partners through the filter and blocks out the rest. Digit Length Analysis Full country length Analysis Non-Roaming Partner Analysis roamingaudit.com [email protected] 26th Floor, Beautiful Group Tower 77Connaught Road Central, HK +34 951 239 003 SS7 Security Audit

A tightly configured SS7 filter, allowing only Global Titles

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: A tightly configured SS7 filter, allowing only Global Titles

SS7NETWORK

A tightly configured SS7 filter, allowing only Global Titles from roaming partners, greatly reduces the risk of SS7 fraud and exploits

Get in touch and let Roaming Audit assists in building the perfect SS7 filter

SS7 Threats & Vulnerabilities

+ Subscriber information disclosure+ Network information disclosure+ Subscriber traffic interception+ Fraud+ Denial of service

Legitimate Partner Signaling

+ SendRoutingInfo+ UpdateLocation+ SendSMS+ ...

OutputLegitimate RoamingPartner Signaling

Operator STP orGateway Node

Block- Non-Roaming Partners

Allow- Roaming Partners

• Hackers• HLR Lookup Service• Tracking Service• Nation States

SS7 Filter

The problem with SS7

If it wasn’t for roaming SS7 security wouldn’t be such topic in today’s world. The SS7 proto-col is more than 30 years old and didn’t have security and todays interconnected world in mind. These vulnerabilities are especially ampli-fied in situations where operators and users employ SS7 in two-factor authentication pro-cesses via mobile phones. Although this login method offers many cybersecurity guarantees, it is far from perfect. Here, the vulnerability becomes more evident when the user receives an SMS with a code to carry out a certain operation.

Two-factor authentication is only one of many vulnerabilities, but one that is easy to relate to and where the damage is easy to see. Espionage and subscriber tracking hap-pens every day without anybody realizing it. Denial of service for individual subscribers also goes unnoticed where as denial of ser-vice for complete nodes is very visible and very costly for operators.

Part of the solution

Majority of these exploits and vulnerabilities can be avoided by keeping an updated and tight SS7 filter in the gateway nodes. It won’t keep everything out, but it is an efficient and cheap way of securing the network from a great deal of unwanted and malicious signaling. The biggest challenge is keeping up with the everchanging network topolo-gies of roaming partners. Network Node Global Title ranges are added and removed on a daily/weekly basis

How the SS7 Security Works

The Roaming Audit digit analysis engine first checks that legitimate roaming partners can pass through the SS7 filter. Any issues will be visualized so they can be corrected to ensure roaming workability.

Audit Features:

If too broad ranges are found then the tool helps define the correct configurations which allows roaming partners through the filter and blocks out the rest.

Digit Length Analysis

Full country length Analysis

Non-Roaming Partner Analysis

[email protected]

26th Floor, Beautiful Group Tower77Connaught Road Central, HK

+34 951 239 003

SS7 Security Audit

SS7 Simulation

SS7 Simulation

Documents
Robotics Lecture Mobile Robotics - Uni Stuttgart · Robotics Mobile Robotics State estimation, Bayes filter, odometry, particle filter, Kalman filter, SLAM, joint Bayes filter,

Robotics Lecture Mobile Robotics - Uni Stuttgart · Robotics Mobile Robotics State estimation, Bayes filter, odometry, particle filter, Kalman filter, SLAM, joint Bayes filter,

Documents
SS7 SCCP Developer’s Reference Manual · SS7 SCCP Developer’s Reference Manual SS7 Architecture NMS Communications 11 Send Feedback to NMS Doc Dept TOC IDX GLS 1.2 SS7 Architecture

SS7 SCCP Developer’s Reference Manual · SS7 SCCP Developer’s Reference Manual SS7 Architecture NMS Communications 11 Send Feedback to NMS Doc Dept TOC IDX GLS 1.2 SS7 Architecture

Documents
Document SS7

Document SS7

Documents
SS7 TDC 364. Introduction SS7 is a continuation of CCIS SS7 actually called CCS7 in North America ITU-T’s version is SS7 Japan has a slightly different

SS7 TDC 364. Introduction SS7 is a continuation of CCIS SS7 actually called CCS7 in North America ITU-T’s version is SS7 Japan has a slightly different

Documents
GSM SS7 Overview

GSM SS7 Overview

Documents
Real-Time / Remote / Offline SS7 Protocol Analyzer · Real-Time / Remote / Offline SS7 Protocol Analyzer ... SS7 Protocol Stack for TDM Low- or High-Speed Links ... SS7 Over IP

Real-Time / Remote / Offline SS7 Protocol Analyzer · Real-Time / Remote / Offline SS7 Protocol Analyzer ... SS7 Protocol Stack for TDM Low- or High-Speed Links ... SS7 Over IP

Documents
4' day SS7

4' day SS7

Documents
SS7 for gsm

SS7 for gsm

Documents
SVI-MGC SS7 Media Gateway Controller · SVI-MGC SS7 Media Gateway Controller The SVI-MGC SS7 Media Gateway Controller enables SS7 on leading VoIP Media Gateways using industry based

SVI-MGC SS7 Media Gateway Controller · SVI-MGC SS7 Media Gateway Controller The SVI-MGC SS7 Media Gateway Controller enables SS7 on leading VoIP Media Gateways using industry based

Documents
SS7 Basics

SS7 Basics

Documents
SVI-MGC SS7 Media Gateway Controllerww1.prweb.com/prfiles/2011/11/08/9302455/SVI_MGC.pdf SVI-MGC SS7 Media Gateway Controller The SVI-MGC SS7 Media Gateway Controller enables SS7 on

SVI-MGC SS7 Media Gateway Controllerww1.prweb.com/prfiles/2011/11/08/9302455/SVI_MGC.pdf SVI-MGC SS7 Media Gateway Controller The SVI-MGC SS7 Media Gateway Controller enables SS7 on

Documents
SS7 Presentation

SS7 Presentation

Documents
Norma SS7 Revision

Norma SS7 Revision

Documents
SS7 - KAMBING.ui.ac.idkambing.ui.ac.id/.../ref-eng-3/physical/ss7/ss7_pocket_guide.pdf · SS7 Function Levels Users of SS7 OMAP TCAP SCCP Level 4 ISUP Level 4 TUP Level 4 MTP (Levels

SS7 - KAMBING.ui.ac.idkambing.ui.ac.id/.../ref-eng-3/physical/ss7/ss7_pocket_guide.pdf · SS7 Function Levels Users of SS7 OMAP TCAP SCCP Level 4 ISUP Level 4 TUP Level 4 MTP (Levels

Documents
Ss7 Tutorial

Ss7 Tutorial

Documents
SS7 Fundamentals

SS7 Fundamentals

Documents
Clase SS7 Completo

Clase SS7 Completo

Documents
Sinalização SS7

Sinalização SS7

Documents
Effective SS7 protection ITU Workshop on “SS7 Security”, June 29th

Effective SS7 protection ITU Workshop on “SS7 Security”, June 29th

Documents
SS7 & SIGTRAN

SS7 & SIGTRAN

Engineering
Dialogic SS7 Protocols/media/manuals/ss7/cd/GenericInfo/... · April 2009 U09SSS Dialogic® SS7 Protocols TUP Programmer's Manual

Dialogic SS7 Protocols/media/manuals/ss7/cd/GenericInfo/... · April 2009 U09SSS Dialogic® SS7 Protocols TUP Programmer's Manual

Documents
signalisation ss7

signalisation ss7

Documents
SS7 Signaling System

SS7 Signaling System

Documents
SS7 Nortel

SS7 Nortel

Documents
SS7 Technicals

SS7 Technicals

Documents
SS7 Network Primer - library.corporate-ir.netlibrary.corporate-ir.net/library/18/187/187074/items/235514/SS7... · 2 What is SS7? • SS7 = Signaling System 7 • Signaling = functions

SS7 Network Primer - library.corporate-ir.netlibrary.corporate-ir.net/library/18/187/187074/items/235514/SS7... · 2 What is SS7? • SS7 = Signaling System 7 • Signaling = functions

Documents
Tutorial on Signaling System 7 (SS7) - PTCLkhalidsarwar.yolasite.com/resources/SS7 Signaling Tutorial.pdf · Tutorial on Signaling System 7 (SS7) Performance Technologies . SS7 Tutorial

Tutorial on Signaling System 7 (SS7) - PTCLkhalidsarwar.yolasite.com/resources/SS7 Signaling Tutorial.pdf · Tutorial on Signaling System 7 (SS7) Performance Technologies . SS7 Tutorial

Documents
Protocolo SS7

Protocolo SS7

Documents
Dialogic SS7 Protocols/media/manuals/ss7/cd/Generic...5 Dialogic® SS7 Protocols MTP3 Programmer’s Manual Issue 7 Chapter 1: Introduction Signaling System Number 7 (SS7), as defined

Dialogic SS7 Protocols/media/manuals/ss7/cd/Generic...5 Dialogic® SS7 Protocols MTP3 Programmer’s Manual Issue 7 Chapter 1: Introduction Signaling System Number 7 (SS7), as defined

Documents