首頁 > 最新消息
News最新消息
    • 2014
    • -
    • 02
    • -
    • 25
  • The Growing Challenges of Service Provider Security Breaches (服務提供商的安全漏洞)

     

    By Marc Meulensteen 

     

    首先,我們需要來看看安全漏洞是如何發生的。有許多不同的方式能夠讓服務提供商很容易受到安全性的破壞。最明顯的是實際服務和直接相關的設備的脆弱性。當SNC ,類似以前的PABX或電話交換機,遭到了DDoS的攻擊,而造成停止工作。這將關閉手機流量並造成收入損失,另外公司形象受損,更糟的是由於安全漏洞所造成的公共危險。另外的弱點可能深藏在網絡內,或是網絡底層的裝置,像路由器或者交換機。此外當一個核心路由器受到攻擊時,它會停止工作並致使整個地區沒有服務。這種攻擊的後果可能是災難性的。

     

    In light of recent high-profile security breaches, new rules and regulations regarding breach reporting have been in the spotlight lately. While some service providers and Internet Service Providers (ISPs) have protested the new directives, the larger question is, “What can operators do to protect themselves and their customers?”

     

    First, we need to take a look at how security breaches happen in the first place. There are many different ways service providers are vulnerable to security breaches. The most obvious is the vulnerability of the actual service or device directly related to the service. When a SNC, similar to the ancient PABX or phone switch, gets attacked by a DDoS, it stops working. This shuts down phone traffic causing revenue loss, image damage, and worse—public danger due to the security breach.

     

    Another vulnerability resides deeper in the network, or lower on the OSI model within a network device and/or a router or switch. When a core router is under attack, it stops working and an entire region is without service. The fallout from such an attack can be devastating.

     

    Additionally, network traffic is increasing, yet bandwidth usage is fixed. The mobile experience is exploding and the wealth of applications running on mobile devices, laptops, computers, etc. are all competing for bandwidth. This traffic makes it easier for hackers to overload and attack a system.

     

    So, how do service providers protect themselves and their customers? Security is a trade-off between performance, functionality, and profit on one side and protection and risk on the other. You can protect a system 100% by disconnecting it from the Internet, disabling all external connections like USB, Bluetooth, Ethernet etc., but that’s the same logic as protecting your new car by leaving it parked in the garage.

     

    A realistic, yet comprehensive approach to security involves awareness and strong security policies at various organizational levels. A technology solution with next-generation firewalls is a must, as well as, protection for crucial network devices such as core routers. Testing is key. Devices must be tested for risk prior to deployment. Service providers must perform regular penetration testing, essentially simulating an attack on its own network before the hackers do. This enables them to identify potential security risks and fix them before data breaches occur.

     

    How confident are you about the safety of your network?