Gabriele Lieser

CUSTOMER SUCCESS MANAGER

Summary

In a previous blog we have seen that by hardening the network configuration errors can be kept under control. But there are three more ways to bliss: try to automate processes as much as you can, monitor your firewall’s security logs and enforce centralized authentication mechanisms. With the help of smart automation work will be simplified and sped up, and there will be more time to oversee the processes themselves. Security logs should not only be your first point of contact when problems arise. They detail any change in firewall settings, especially in terms of traffic analysis and risk assessment. Looking at them beforehand will give you a head start in the analysis of current and past issues. Also, the use of centralized authentication mechanisms is important to align the routers and close the doors to possible attacks.

Configuration errors are a nasty piece of work as they create a serious disruptive element that opens the doors for intruders and runs the risk of impacting the whole network performance. According to a Gartner report 95% of all firewall breaches could be caused by misconfigurations, not firewall flaws. An incorrectly configured firewall can stop reliable income streams from working and can cause considerable revenue leakage. An even bigger threat is the vulnerability of the network when connectivity to the internal network is enabled. In order to maintain security, the order of the day is “configuration hardening”, i.e. creating secure and compliant configuration settings and finding suitable tools to automate the monitoring, configuration and assessment of the firewall body of rules. So, the interesting question raises: how can MNOs do more with less? How can configuration errors be kept at bay?

RoamsysNext Insights

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

Safe to say that intelligent automation enables fast and effective firewall setup and updates. Luckily, the human touch has always been a source of innovation, even errors and neglect have oftentimes helped to produce wonderous inventions. On the other hand, as a matter of fact, the human factor has proved a recipe for mismanagement and failure.

Automate as Much as You Can

Among many other duties, IT security teams are expected to be always on full alert and quickly gain and maintain firewall control. But current tools require a lot of manual consolidation and integration of massive amounts of threat data. Manual work slows things down and shreds valuable time. As we have seen above, most breaches have their origins in misconfigurations. With the help of smart automation work will be simplified and sped up, and with a consistent firewall and implementation routine there is more time to oversee the processes themselves. More room to prioritize efforts and finish off perpetrators.

Don’t fear the breach

Come to Appreciate Your Security Logs

The incoming and outgoing traffic on the network is laid out by security logs. Not regularly checking your firewall’s security logs is similar to not watching your finances. Just as a bank statement, security logs reveal current and past issues and detail any change in firewall settings, especially with regard to traffic analysis and risk assessment, most used and least used rules which can be removed eventually. Thus, the firewall and network performance can be optimized considerably which is another step towards enhanced efficiency. Sometimes, the intangible becomes reality: if a data breach or cyber-attack has happened, security logs will be your first point of contact. Backtracing the information available can help preventing future attacks and is also vital for investigation and, in the event of loss, insurance reasons.

A security chain is as strong as its weakest link

Use Coherent Authentication Mechanisms

Imbalanced authentication standards are another reason for unwanted vulnerabilities. Networks often stretch over a multitude of sites so that it makes a lot of sense to integrate systematic authentication standards. Let’s illustrate this with an example: in a large company all devices in the central data centre could be accessed on the basis of a uniform authentication mechanism. However, this authentication mechanism was not used at the branch locations, and therefore the authentication standard was not enforced from end to end. As a result, branch office employees could access their local accounts with simple passwords and had different limits on login errors before their accounts were locked. Since a security chain is as strong as its weakest link, the weaker authentication will be always the one prone to attack.

A security chain is as strong as its weakest link

Strength lies in calmness

Diverging authentication standards open the doors for attacks through the routers that do not align with the centralized authentication mechanism. Companies should therefore enforce centralized authentication control, single sign on and effective processes for adding and removing access and authorization across all sites simultaneously so that breaches of security are limited. Especially when an employee leaves, it is imperative that the credentials of that employee are revoked across all sites as soon as possible.

If misconfigurations are a common reason for data breaches, then MNOs must take control by fast and decisive actions. It is essential to quickly and automatically prevent, detect and cut out these errors. There are already a wide variety of security controls at hand, but just turning them on is simply not enough. Although this process can be intensely time-consuming, understanding and controlling how the traffic flows into and out of the network is key to securing it. Whenever firewall configuration and the prevention of misconfigurations is performed continuously, dynamically and on a high level, you have already achieved a lot.

Streamline your configurations of every roaming relevant network element

Our tools already help more than 700 MNOs across the globe. They simplify the initial and ongoing correct configuration of every roaming relevant network element which enables MNOs to block any unwanted or unauthorized traffic with very little effort. From the beginning, these easy-to-use applications increase efficiency, transparency, and enhance resource management, and we continuously keep optimizing to serve our customers even better. Likewise, we are increasingly keeping an eye on upgrading security aspects. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant to GSMA requirements and can be most easily implemented and aligned to the specific needs of any customer. Talk to us, we will listen to you.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

Two-Factor Authentication rules!

For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Nobert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.

  • RoamsysNext Insights - Wholesale Roaming Manager

Introducing: The RoamsysNext Wholesale Roaming Manager

The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.