Gabriele Lieser



Word has been spread by the media, reports and industry networks that mobile networks are notoriously insecure, under attack or unprotected. Well, we all know that there is a constant need for action in the nonstop adjustment to the ever-evolving threat landscape. But how bad is it really?
Most attacks are developed to target the providers’ core network and signaling security gaps in SS7 and Diameter networks are well documented. Since subscribers have very limited possibilities to ensure their own security, most of the security work has to be done at the provider’s level. According to an ENISA report, only few MNOs have started to use sophisticated, stateful firewalls to secure their networks (roughly 28%, a rather low percentage). Time for action, isn’t it? In order to narrow down the search, there are some general considerations on how to choose a signaling firewall wisely.

Smartphone users can be targeted in a variety of ways by the technologies offered through their device, such as identity theft, financial fraud, integration of the device into a botnet, or even remote monitoring. While everyone is looking forward to 5G, maintaining legacy networks even so requires complex security measures to help ensure their future viability. With a robust signaling firewall, MNOs have a comprehensive insurance policy to prevent known threats and detect unknown threats.

RoamsysNext Insights

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

At the beginning of the search for a suitable signaling firewall, one should start with those that comply with the GSM Association’s (GSMA) guidelines. By doing so, an important set of requirements to adequately protect a network has already been met. The GSMA guidelines were written by leading security experts in a collective effort of mobile operators‘ experts and telecommunications security providers in the GSMA Fraud and Security Group (FASG). The guidelines GSMA FS.11, FS.19 and FS.20 for SS7, Diameter and GTP-C firewall security are incredibly important and solid standards for evaluating signaling firewall options enabling MNOs to make an informed decision.

Threat landscape is constantly evolving

Implementing a signaling firewall solution that follows GSMA recommendations is the best possible start. However, the threat landscape is constantly evolving and requires additional actions to be taken, especially since it is likely that the attackers will also have access to the GSMA documents and will understand the protections the operator will be putting in place. The key to ensuring a mobile network stays secure is a strong security team working with the most up-to-date intelligence regarding attacks and a flexible set of tools that allow quick actions to filter bad traffic and provide monitoring and alerting of suspicious activity.
Attacks by malformed packets have established a new and growing class of attacks, for example. Malformed packet attacks in SS7 and Diameter signaling networks can take full control of network elements, which can result in user tracking, remote interception, constant denial of service, traffic changes, and even complete network break downs.

SS7 and Diameter cause most vulnerabilities

It only makes sense to invest in a signaling firewall if it protects the network from disaster to the max and secures revenue streams. To maximize the impact of this significant investment, the main concern should be laid on SS7, which is the largest potential target surface, followed by Diameter. To ensure the reliability of the firewall, MNOs should make sure they opt for a telco grade product. Vendors should be able to offer the five nines indicator as standard, as well as high availability and redundancy, where the vendor hardware is always backed up.

Strong partnerships pay off

Collaboration is so valuable, and no one should have to reinvent the wheel over and over again. Since there are not yet that many mobile network operators who have implemented a complete signaling firewall solution, independent reports can be helpful in decision-making. The Roaming Consulting Company (ROCCO) regularly collects feedback from mobile network operators on industry tools. An evaluation of signaling firewall providers has been conducted covering a wide range of KPIs such as performance, value and leadership. It provides an overview on how to find reliable partners and support the own evaluation process.

Other key indicators are the vendor’s intelligence and security support capabilities. As operators seek to build competence in SS7, Diameter and other signaling protection, leveraging the expertise of the vendor on an ongoing basis is very important. As we know, the fight against fraud consists of a constant tug-of-war between MNOs and malicious actors, who use the latest technologies to find ways to overcome the barriers. Therefore, the new signaling firewall solution provider should always be one step ahead of the times and provide updates at the earliest possible time to identify and eliminate the latest threat vectors. The proactive search for vulnerabilities protects the customer from future threats and qualifies the provider for a good and long-term cooperation.

Make proactive choices

For more than 12 years, RoamsysNext has been specializing in the software development and project management as the GSMA’s exclusive provider of RAEX solutions. We also offer the only GSMA-compliant hub solution on the market and provide our customers with superior service and competitive pricing. With our Wholesale Roaming Manager, we help MNOs converge roaming partner information and relationships in a precise and secure way with an all-in-one solution from test SIM cards, over tariff, document and contact management.

No, it is not a signaling firewall, but with the help of the Network Configuration Optimizer MNOs can already get all partner network technical data updates in vendor specific formats to automate firewall update processes. In order to protect all signaling interfaces it is essential to carry out further audits. MNOs thus ensure that the correct configurations are implemented in each network node. Regular firewall configuration audits can easily be run with the audit feature to strengthen the core network by spotting missing and incorrect configurations and vulnerabilities.

However, a very important part of implementing security technologies is also to find a good balance between security and usability. With the help of the latest technologies and together with the GSMA, we are working on more efficient solutions. Consequently, we are more and more keeping an eye on upgrading security aspects. Stay tuned for new developments from the house of RoamsysNext.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

“The team is a crucial asset”

It has been an exciting year for RoamsysNext. And as 2023 is coming to an end, we took the opportunity to talk with CEO Michael Grasmück about the past year, the growing team that becomes more and more international, and the comeback of an industry institution.

Reporting at a glance: The RoamsysNext Dashboards

The RoamsysNext tools offer many reporting functionalities of which the dasboards play an important role. Learn more about using them in practice to identify bottlenecks, visualize your team's performance and bring a smile to your management's faces.

How to Stay Secure

What can MNOs do to stand up to the ever-growing tide of telecom fraud and protect their assets? Stay alert, use great tools, collaborate with other market players, and take the fight to the fraudsters.

Telecom Fraud Hurts

Telecom fraud is a rapidly growing area that has serious effects on national critical infrastructure (civil, healthcare, energy, agriculture...) and wider industrial processes.

  • RMX_Insights_Template21

How to Choose a Signaling Firewall Wisely

In times of global turbulences and increasing fraud attacks the decision for a sophisticated signaling firewall becomes more and more a priority. Some general considerations help to narrow down the choice.

Two-Factor Authentication rules!

For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Norbert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.

  • RoamsysNext Insights - Wholesale Roaming Manager

Introducing: The RoamsysNext Wholesale Roaming Manager

The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.