Three security threats keeping service providers on their toes

Author: Boonchareon Chong, Global Solution Architect, Service Providers at F5 Networks

While security threats have always been present, modern technology has provided more avenues for attacks and subsequently amplified the related risks. With broadband and Internet traffic growing ten-fold from the days of 2G and 3G to today’s 4G speeds, security concerns have also escalated with resources available for DoS or DDoS attacks.

Fundamentally, there are three key security threats facing Internet service providers today. These include the removal of the Gi Firewall, dependency of DNS, as well as the inability to differentiate the types of traffic in a network.

1. The removal of Gi Firewall in 3G networks

Service providers had security under control back in the days where 2G was used. However, in exchange for Internet speed, they removed the Gi Firewall and lost out on security in the process. This was done because there was a lack of carrier-grade firewall technology in the early days. Gi Firewall was mainly removed because firewall capacity was not built to handle the amount of traffic expected. This absence of Gi Firewall, which is a crucial network security equipment that prevented DOS/DDoS, causes a depletion of battery life of devices used by subscribers and waste service providers’ precious resources. For service providers, resources are being consumed unnecessarily during attacks, and this results in a waste of resources and a slower network.

2. Dependency of DNS

As the World Wide Web and applications become more sophisticated, dependency on DNS will continue to grow, while planned attacks to take the Internet down have also become more frequent. Without DNS, the Internet will not exist since users are only able to recall domain names and not specific IP addresses. One recent example of a dire DNS attack happened to New Zealand's largest telco and Internet service provider Spark, in September last year. The company suffered a three-day long outage when its DNS infrastructure came under attack. Over 600,000 customers were unable to browse the web and utilise other services requiring name service resolution. Fortunately, service providers are now increasingly becoming aware of the importance of DNS security since case such as this.

3. Inability to differentiate the types of traffic in a network

Service providers today are largely unable to differentiate the types of traffic in a network, especially when separating a real user’s request from that of a DDoS attack. One way to get around this is to build a Security Operations Centre (SOC), which helps in providing visibility over the kind of traffic that’s going through the network. This is a new variation on a familiar theme, however, issues has always been present. With the explosion of the Internet, these issues have in fact been brought to the open. Nevertheless, a key challenge lies in the fact that service providers are unable to tell if the issues apply to them or if they are legitimate. So how can service providers mitigate these security threats?

1. Reinstating the GI Firewall

With vast improvements in security and traffic management solutions over the past few years, organisations can now enjoy the security of a GI Firewall, without sacrificing their Internet speed in the process. F5 solutions, such as Advanced Firewall Manager (AFM) is optimised for today’s network architecture to provide provide app-centric security at the network level to protect against the most aggressive DDoS attacks.

2. Securing DNS infrastructure

While dependency on DNS is not expected to change in the foreseeable future, there are many solutions now available, which organisations can adopt to ensure DNS infrastructure remains secure. In particular, F5’s Global Traffic Manager (GTM) can deliver real-time, signed query response and DNS firewall services for attack protection and enable mitigation of complex threats by blocking access to malicious domains.

Specifically, using high-performance DNS services, Global Traffic Manager (GTM) scales and secures an organisation’s DNS infrastructure during high query volumes and DDoS attacks. GTM also improves the performance and availability of applications by intelligently directing users to the closest or best-performing physical, virtual, or cloud environment. In addition, it enables mitigation of complex threats from malware and viruses by blocking access to malicious IP domains.

Read more: Australia is world's fourth-largest holder of network-security patents, analysis finds

3. Traffic: Detect, report, mitigate

Service providers are increasingly finding it difficult to differentiate the types of traffic in a network. This lack of visibility provides a strong threat to security as service providers can be unaware if a request is legitimate or a DDoS attack. However, there are solutions currently on the market which can help detect, report and mitigate threats in network traffic. F5’s Policy Enforcement Manager (PEM) in particular can deliver the insight service providers need to understand subscriber behaviour and effectively manage network traffic with a wide range of policy enforcement capabilities.

With PEM, organisations can create tailored service plans, regulate network usage, and ultimately increase profitability. Increased network visibility allows service providers to monitor network conditions and manage network capacity in real time. Providers can manage bandwidth consumption and dynamically implement policies to reduce network congestion, implement fair-usage policies and tiered services. Combined with Advanced Firewall Manager (AFM), this solution provides the best defence against increasingly sophisticated and aggressive DDoS attacks.

With a secured network, service providers are able to launch new services that comply with latest regulatory requirements in the mobile payments and content providing spaces. At the same time, service providers are also able to show themselves as secure and reliable organisations that are capable of giving subscribers a peace of mind. Ultimately, a higher quality user experience will inadvertently create a knock on effect on subscriber numbers.

Read more: Three considerations to ensure your network is ready for the Internet of Things

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list. 

Get newsletters, updates, events and more right here

Join the CSO newsletter!

Error: Please check your email address.

Tags security threats3g networksDNS infrastructureDNS attackAdvanced Firewall Manager (AFM)DNSGi FirewallGlobal Traffic Manager (GTM)F5 NetworksDDoS attack3g

More about AdvancedCSOF5

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Boonchareon Chong

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts