Focus turns to network security: while many consider the telecoms infrastructure a vulnerable target for terrorists, the more immediate threats are attacks by individual hackers and authors of malicious code, which are presenting new security challenges for service providers

Telecom Asia, Jan, 2005 by Dan Sweeney

Following the 9/11 attacks in the US, many within the telecommunications industry felt that a thorough security audit of all public networks was desperately needed. Some industry executives assumed that the country's infrastructure--especially the telecommunications system--represented a key target whose vulnerabitities would likely be exploited sooner or later.

Although the anticipated ideologically motivated sabotage hasn't occurred, technological advancements have presented new security challenges to enterprise and public networks.

Public networks today are hardly secure avenues of communication. If orchestrated attacks by terrorist organizations have yet to take place, individual exploits by hackers and authors of malicious code have become much more commonplace.

Such individuals often succeed in swamping both public and private networks with denial-of-service assaults. More frequently, they spread viruses and worms that are destructive to individuals using the public networks, rather than impacting the networks directly.

Other problems involve spam, spyware, and unwanted commercial messages and surveillance that interfere with the ability of subscribers to use networks expeditiously. In the past such annoyances were of little concern to carriers, but as the volume of such traffic increases, more and more subscribers are turning to their service provider for some kind of relief.

Clearly, security is a complex topic, a fact that is highlighted in interviews contributing editor Dan Sweeney conducted with three network security experts--Vinton Cerf, senior vice president of data architecture for MCI's data and information services division; Dave Passmore, research director for the Burton Group's telecommunications division; and Jeff Pulver, founder and head of Pulver Innovations. The three spoke candidly about how network security needs are evolving and the role they believe service providers should play in solving security issues.

Vinton Cerf,

Senior vP of technology

strategy at MCI

Telecom Asia: Let's start with securing the network infrastructure.

Then let's start with the physical layer of the network, and let's begin by differentiating wireline from wireless networks because the physical vulnerabilities are different. Wireless networks are almost completely exposed and are open to jamming and surveillance. Wireline, on the other hand, has come to mean fiber in terms of core infrastructure, and there the chief danger today appears to be accidental fiber breaks caused by backhoes and so forth. And then maybe we should begin to look at 802.11-based wireless networks. They're starting to become part of the telephone system as well, and they have their own vulnerabilities involving contention and resulting packet loss.

What's the most significant physical layer vulnerability in public networks today?

That's not easy to answer. It's one thing to identify a vulnerability, but then you have to determine whether there is a credible threat, a likelihood that the vulnerability will be exploited. Having said that, I would say that the weak points are where infrastructure comes together--peering points are a good example. Attack such a point and you can take out a lot of different networks simultaneously. Could this happen? I think you have to accept the possibility of such threats today.

It all goes back to the concept of asymmetric warfare. If I'm lacking in military resources, and I want to inflict a maximum amount of damage on a powerful nation with the least expenditure of resources, I'll attack core infrastructure at its weakest point. And this is not entirely speculative thinking.

Several years ago an accident on a bridge destroyed a conduit through which passed several purportedly redundant fiber paths. All of the strands were adjacent to one another, and they were all severed simultaneously so the redundancy was only theoretical. This one accident caused major disruptions in service. Now suppose this had been a deliberate act and suppose it had been repeated elsewhere?

How do you harden networks to address such vulnerabilities?

I'm not sure hardening is the complete answer. A better approach might be to parallel the network with an entirely different physical layer for instance, a wireless ground network could back up the fiber network, and a satellite network could back up both of them. You're not just depending on one physical infrastructure. During the '70s we did an experiment with the ARPANET where we simulated the destruction of the wireline connections and then fell back on packet radios to maintain the integrity of the network. And we proved the validity of the approach.

What are some of the threats higher up the stack?

Ironically, the biggest threat is at Layer 3 where packet devices operate. Packet touters and ATM switches are more vulnerable than old-fashioned circuit switches.

Why?

Because in a telephone switch the control protocol is largely inaccessible. SS7 is not propagated through a public network. It doesn't terminate where an intruder would have easy access to it. That's not true when you consider router protocols. And with VolP the telephone system becomes subject to attacks across multiple layers.