Embed Size (px)
Citation preview
A SEMINAR REPORT ON
“GPRS SECURITY THREATS AND SOLUTION”
PRESENTED BYSYED JAUWAD
GUIDED BYMiss. Sarita Agrawal
TOPICS COVERED ….• INTRODUCTION• GPRS CORE NETWORK NETWORK ARCHITECTURE• CLASSIFICATION OF SECURITY SREVICES• DATA SERVICES ON Gp AND Gi INTERFACE • THREATS ON Gp INTERFACE• THREATS ON Gi INTERFACE• SECURITY SOLUTION FOR THE Gp INTERFACE• Gp NETWORK SOLUTION• SECURITY SOLUTION FOR THE Gi INTERFACE• Gi NETWORK SOLUTION• DEPLOYING GPRS SECURITY SOLUTION ON
NETSCREEN SECURITY SYSTEM• CONCLUSION
INTRODUCTION
DEFINATION OF GPRS PROVIDE AN OPPORTUNITY BENEFITS FROM GPRS CONNECTED TO EXTERNAL DATA OPERATOR PROTECTS NETWORK
FROM EXTERNAL NETWORK
GPRS CORE NETWORK ARCHITECTURE
CLASSIFICATION OF SECURITY CLASSIFICATION OF SECURITY SERVICESSERVICES
INTEGRITYINTEGRITY CONFIDENTIALITYCONFIDENTIALITY AUTHENTICATIONAUTHENTICATION AUTHORIZATIONAUTHORIZATION AVAILABILITYAVAILABILITY
DATA SERVICES ON THE Gp AND Gi DATA SERVICES ON THE Gp AND Gi INTERFACESINTERFACES
DATA SERVICES ON GpDATA SERVICES ON Gp GTP GTP BGPBGP DNSDNS
DATA SERVICES ON GiDATA SERVICES ON Gi MS SENT OUT TOWORDS INTERNETMS SENT OUT TOWORDS INTERNET TRAFIC SENT OUT FROM GGSN ON Gi TRAFIC SENT OUT FROM GGSN ON Gi
INTERFACEINTERFACE
THREATS ON Gp INTERFACETHREATS ON Gp INTERFACE AVAILABILITYAVAILABILITY
o DNS FLOODDNS FLOODo GTP FLOODGTP FLOODo SPOOFED GTP PDP CONTEXT DELETESPOOFED GTP PDP CONTEXT DELETEo BAD BGP ROUTING INFORMATIONBAD BGP ROUTING INFORMATION
AUTHENTICATION AND AUTHORIZATIONAUTHENTICATION AND AUTHORIZATIONo SPOOFED CREATE PDP CONTEXT REQUESTSPOOFED CREATE PDP CONTEXT REQUESTo SPOOFED UPDATE PDP CONTEXT REQUESTSPOOFED UPDATE PDP CONTEXT REQUEST
THREATS ON Gi INTERFACETHREATS ON Gi INTERFACE AVAILABILITYAVAILABILITY
o Gi BANDWIDTH SATURATIONGi BANDWIDTH SATURATIONo FLOODING ON MSFLOODING ON MS
CONFIDENTIALITYCONFIDENTIALITYo NO PROTECTION OF DATA FROM AN MSNO PROTECTION OF DATA FROM AN MSo CAN BE SEEN BY THIRD PARTY IF IP SECURITY IS NOT CAN BE SEEN BY THIRD PARTY IF IP SECURITY IS NOT
BEING USEDBEING USED
INTEGRITYINTEGRITYo DATA SENT OVER NETWORK CAN CHANGE BY DATA SENT OVER NETWORK CAN CHANGE BY
INTERMEDIARIES IF HIGHER SECURITY IS NOT USEDINTERMEDIARIES IF HIGHER SECURITY IS NOT USED
SECURITY SOLUTION FOR THE Gp SECURITY SOLUTION FOR THE Gp INTERFACEINTERFACE
INGRESS AND EGRESS PACKET INGRESS AND EGRESS PACKET FILTERING FILTERING
STATEFUL GTP PACKET FILTERINGSTATEFUL GTP PACKET FILTERING GTP TRAFFIC SHAPPING GTP TRAFFIC SHAPPING IMPLEMENT IPSEC TUNNELS WITH IMPLEMENT IPSEC TUNNELS WITH
ROMING PARTNERSROMING PARTNERS
Gp NETWORK SOLUTION DIAGRAMGp NETWORK SOLUTION DIAGRAM
SECURITY SOLUTION ON THE Gi SECURITY SOLUTION ON THE Gi INTERFACEINTERFACE
LOGICAL TUNNELS FROM THE GGSN TO LOGICAL TUNNELS FROM THE GGSN TO CORPPORATE NETWORK CORPPORATE NETWORK
TRAFFIC RATE LIMITINGTRAFFIC RATE LIMITING INGRESS AND EGRESS PACKET INGRESS AND EGRESS PACKET
FILTERING FILTERING
Gi NETWORK SOLUTION DIAGRAMGi NETWORK SOLUTION DIAGRAM
DEPLOYING GPRS SECURITY DEPLOYING GPRS SECURITY SOLUTION ON NETSCREEN SOLUTION ON NETSCREEN
SECURITY SYSTEMSECURITY SYSTEM GTP stateful packet filtering GTP stateful packet filtering GTP security policies includingGTP security policies including GTP management and logging featuresGTP management and logging features High availability fail over including High availability fail over including Virtual router supports to separate Virtual router supports to separate
intranet destined trafficintranet destined traffic
CONCLUSIONCONCLUSION
GPRS promises to benefit mobile data users greatly by providing always on higher bandwidth connections than are widely available today. In order to be successful, data connections must be secure and be available all the time from anywhere.
