How to Prevent Attacks on your Critical Wireless Transport Networks
By Stephane Varin, Senior Product Manager
In an era of growing security threats from terrorism, border security and immigration, attacks on critical infrastructure and general public unrest, the issue of security in communication networks is more important than ever. The new generation of IP-based wireless technology is an enabler for applications such as mobile commerce, voice over IP (VoIP) and high-definition video delivery to smartphones, but it has also opened some sinkholes in the foundation that pre-LTE architectures and applications have established.
Impact of an Unsecure Wireless Transport Network
Many of the world’s wireless transport networks support mission-critical applications such as critical infrastructure (eg grid) communications or public safety. Clearly, a compromised network that is supporting critical communications can have disastrous consequences resulting in loss of life and susceptibility to public security threats.
Beyond private networks, mobile networks are also being considered critical infrastructure where the mobile network is the only form of communication for much of the world’s population.
Security incidents can have severe consequences for network operators. Short-term public relations hiccups can be dealt with, but over the long term, carriers are subject to subscriber churn, which can significantly influence profitability. Softpedia.com cited a study performed by Opinion Matters, whereby it was determined that 75 percent of smartphone users in the UK would likely change mobile providers if a security breach occurred on their current network.
In addition to subscriber churn, MNOs can face litigation and legal problems, especially when a security breach affects enterprise service. The economic impact can be several hundreds of thousands or even millions of dollars. In a report presented by McAfee at the World Economic Forum, it was found that more than half of 600 IT executives surveyed have suffered large-scale incidents that have associated downtime costs of over $6.5 million per day. For more on this topic, see the complete white paper below, which discusses the burgeoning need for security in mobile backhaul in terms of benefits to mobile network operators and society.
Wireless Security Components
Traditionally, microwave networks have been unsecure—unsecure as far as any purpose-built payload encryption or secure management is concerned. Until recently, it was deemed essential only for the most confidential microwave communications of financial firms, defense agencies, and government, where the law can require them. But now billions of people around the world rely on the Internet to deliver varies types of data traffic ranging from personal messages to financial transactions. This value and volume of traffic make it an irresistible target for cybercriminals. As security measures are implemented in other parts of the network (core, access) it is fundamental to implement strong security measures in microwave networks.
Get 50% off your security software order ON TOP of your current discount rate!
Applies to orders placed now through June 1, 2019.
Download your coupon here
Aviat Networks Strong Security suite for the Eclipse Packet Node microwave radio platform prevents the following attacks on the network:
Front door attack: Traditionally microwave networks have not encrypted their payloads. With many networks transitioning from TDM to IP not encrypting payload traffic is the equivalent “of leaving the front door unlocked.” Hackers, cybercriminals and even foreign governments could try to access the air link using methods such as the “man in the middle” to read unencrypted data streams. Aviat Networks’ solution is to implement Payload Encryption that protects all traffic over the air link including user data and Eclipse management data in the payload.
Backdoor attack: Unsecured NMS can be used to change the radio configuration, sabotage or divert traffic using network management. With Aviat Networks’ Secure Management all Eclipse Packet Node management and control commands are secured over unsecured networks.
Insider attack: Disgruntled employees or cybercriminals that have obtained inside access to the network can use this access to divert traffic or upload malware to the network. Aviat Networks implements complete AAA (Authentication, Authorization, and Accounting) capability through a RADIUS server that can be used to prevent, or if happens, track and identify an inside security breach.
Fortunately, this is not the case across the board. Strong Security on the Eclipse Packet Node microwave radio platform offers three-way protection for mobile backhaul security: secure management, payload encryption, and integrated RADIUS capability. Read the embedded overview document in full-screen mode for more details: