Janov Hoffman, vice president of technology, Radware, discusses the security threats that CSPs must take into account when planning security for 5G networks.
While the rapid advancement of 5G communications brings overall benefits to Asia-Pacific communications service providers (CSPs), the new technology also poses security and cost challenges.
CSPs are entering a new phase of network obfuscation to transform their network infrastructure. This technological transformation will benefit from the virtualization of network functions, software-defined networks and artificial intelligence.
Their strategy for capturing new growth is also changing. Future growth is driven by the move to virtualize mobile core networks in response to growing user data, the growing adoption of IoT devices, new 5G businesses, and sophisticated networks.
Web dressing offers CSPS several key business benefits:
• Capital expenditures benefit from better aggregation and use of general purpose hardware solutions and services.
• Operating costs benefit from the reduced operational and operational efficiencies achieved through cloud automation, flexibility, and scalability that indirectly impact customer experience.
• Value-added services use cloud platforms to enable new services and revenue streams.
The cloud’s initial goals were to separate growth from costs and deliver new services quickly. CSP did this in a 4G environment by migrating network elements to large virtual network functions.
These features were too large and not cost effective. In addition, the use of legacy operations has made networks inconvenient to deploy, scale, and maintain. These challenges will multiply in the 5G environment.
CSPs today understand that they need to extract more from the cloud, which needs to be restored as cloud-based to provide business flexibility in rapidly deploying new applications and deploying and working with new services. The scale of 5G opens the door to more devices and a diverse combination of services, making it difficult to maintain legacy operations.
We are seeing more and more CSPs partnering with cloud vendors to accelerate the 5G transformation journey, which offers benefits such as fully automated deployment, ease of management, and load orchestration in the hybrid cloud. In essence, the transformation provides flexibility in deploying and automatically scaling network functions for demand-driven network growth, reducing manual monitoring and operational complexity.
High-profile cloud partnerships demonstrate some of the benefits of 5G. They include:
• Microsoft Azure – Microsoft acquires Affirmed Networks (a network virtualization provider specializing in vEPC and v5GC). The partnership allowed Microsoft to produce Azuew for operators, Azure’s suite of network and cloud infrastructure products, network virtualization and cloud applications, and Azure AI and analytics.
• AT&T – At the end of June, AT&T announced that it was moving its 5G mobile network to the Microsoft cloud. This strategic alliance provides a way for all AT&T mobile network traffic to be managed using Microsoft Azure technology. Both companies will start with AT&T’s 5G core, which connects users of mobile phones and IoT devices to the Internet and other services.
• Nokia and Google – In January, Google Cloud and Nokia announced that they would jointly develop 5G cloud-based core solutions for CSPs and enterprise customers. The new partnership will provide cloud capabilities to the edge of the network.
• Cisco and Altiostar – They partnered to create drawings to accelerate the deployment of 4G / 5G OpenRAN solutions in service provider networks.
• Vodafone and Verizon – They partnered with AWS to explore the possibilities of Edge Computing.
• VMware is moving into the telecommunications sector with more updates to its telecommunications cloud platform, including Open RAN support.
Due to its distributed nature, the implementation of 5G network infrastructure differs drastically from previous generations of mobile networks. CSPs face new challenges in moving from a component-based topology to a service-based network.
For example, before 5G, mobile radio access and core networks consisted of isolating network elements with specific tasks. In 4G networks, a virtually evolved packet core (EPC) has appeared on the network.
5G takes this step forward by transforming all network components into virtual, micro-service elements that are software-based, disaggregated, and located in different locations.
The software-based architecture of microservices allows networking. This includes the ability to isolate different services, each with its own parameters, settings and security policies – all on one hardware element.
The 5G network must be designed to support multiple security policies, divided into separate network components. The more slices, the more microservices and interface points in the network, which in turn are exposed to the Internet.
Traditional security methods with predefined rules, thresholds and manual adjustment will not work in a 5G environment. Service providers must automate operations and have a scalable policy management infrastructure, which requires DevOps capabilities. All security tools must be automated for deployment and deployment.
5G networks introduce new traffic patterns that move east / west to applications. It is therefore necessary to check the outgoing traffic. The number of inspection points is increasing dramatically not only from observation points, but also from traffic at Edge Computing points.
CSPs must consider the following unique security threats when planning protection for 5G networks:
• When protecting the edges of the grid, multiple edges (breaks) and types of nets significantly increase the exposure.
• Outbound attacks include IoT botnets and network edge attacks.
• Incoming attacks include floods from the public cloud and the Internet and attacks against major network services.
• Network gateway attacks are based on rapid attacks, IoT, BOT, API, DNS and SSL, increasing the complexity and impact on infrastructure, application servers / telecommunications cloud and API gateways.
• Network slicing occurs when each segment has its own risk of threat, which requires segment security policies and a consistent defense strategy for all segments. Core mobile end infrastructure and 5G availability also require protection.
• Attacks on multi-access Edge Computing components include routing service capabilities and mobility management objects. Protection must prevent damage to network resources.
• Outbound attacks on external servers from IOT devices are also a risk. IT must prevent the risk of network reputation, while infections targeting narrowband IoT devices also require protection to prevent IoT device infection with botnets.
• The end of the public / private cloud needs protection. The shift in some areas of congestion to the public cloud introduces new security concerns for service provider networks with further changes in the micro-services environment and the function of the cloud-based network.
To counter the many diverse and evolving attacks by cybercriminals, it is essential that organizations include WAF / API protection for their cloud-based environment in their security weapons.
Click below to share this article