Listen to the podcast to learn more.
Mobile network security is rapidly becoming a critical issue for operators as they transform their cellular networks to 4G/LTE while adding small cells and Wi-Fi® access to boost capacity and increase coverage.
Transformation to an all-IP network and Wi-Fi access from untrusted public hotspots and access points (APs) exposes the mobile network to new threats that can impact service and compromise security.
And when the mobile operator wants to offer new cloud services that connect to cloud networks other than their own, you have a whole range of new security risks that must be addressed.
SECURING TODAY’S MOBILE NETWORKS
With an expanding wireless network and new connection points being added each day, mobile operators need a better way to protect their network from a growing list of security threats.
By devising a security strategy that segments the access networks (both cellular and Wi-Fi) from the core network through addition of an enhanced security gateway (SeGW), mobile operators can better protect both themselves and their users from hacking and attacks. The enhanced SeGW should provide the following security requirements:
- Tunneling and IP security - An enhanced SeGW supports various tunneling authentication and encapsulation methods. And for IP security (IPSec), the SeGW must provide the encryption functions with the scale that’s needed to support both the new access connections from small cells and Wi-Fi access points but also private network VPN connections to enterprise and cloud networks. Tunneling provides a secure connection into the mobile operator’s network from access and cloud networks that they don’t own.
- Integrated firewall - The enhanced SeGW must also provide integrated firewall capabilities to protect the mobile operator’s network from access network DoS attacks. OAM and control/signaling are threatened by various attacks such as flooding, malformed packets, and ports scans. Since mobile operators will deploy different mobile network security architectures to protect their 4G/LTE network, the SeGW should be flexible and support these different traffic types in either the same or different IPSec tunnels along with 1 or several IKEv2 security associations.
- Self-organizing IPSec plug-n-play - One of the key attributes of 4G/LTE networks is the ability for it to self-organize, which is to take action independently or automatically without operator intervention. Radio access network vendors provide this self-organizing network (SON) feature that enables a newly installed eNodeB to automatically establish an IPSec tunnel for the OAM link to its element management system.
- An enhanced SeGW supports all the necessary mobile network security capabilities such as IKEv2 configuration payload, multi-level certificate authentications, AAA server, DHCP and IP pool management to support the IPSec plug-n-play procedure.
- High availability/network resiliency - As mobile operators expand their footprint and make use of unlicensed spectrum such as LTE-U and Wi-Fi to boost capacity and user performance, there will be a significant increase in untrusted access networks that requires greater IPSec scaling on the SeGW. Additional small cells and Wi-Fi access points in the mobile operator’s network could add an order of magnitude of connections or more to the core -- beyond the requirements of the macro/metro cell network.
- With a large number of tunnel connections on the SeGW, it will be imperative for it to be highly resilient to hardware and system failures. High-availability features such as stateful multi-chassis resiliency can minimize traffic loss and prevent signaling storms.
The Alcatel-Lucent 7750 Service Router enhanced Security Gateway is a key component of a broader mobile network security solution that mobile operators need as they roll-out 4G/LTE and Wi-Fi services to protect their network and subscribers.
Securing Mobile Networks application noteDeliver mobile network security for expanding 4G/LTE/Wi-Fi podcastMobile Backhaul solution pageIP Mobile Core solution page
To contact the author or request additional information, please send an email to firstname.lastname@example.org