SECURITY

Security Capabilities are a Critical Element to 5G Success

5G Americas | December 10, 2021

Security Capabilities are a Critical Element to 5G Success
5G networks based on standard technical specifications from the Third Generation Partnership Project continue to be the most widely adopted and secure wireless cellular technology in existence. 5G Americas, the voice of 5G and LTE for the Americas announced the publication of a new white paper entitled ‘Security for 5G’ which details features and recommendations for securing 5G networks and provides an update on the security enhancements introduced by 3GPP in Releases 15 and 16.

The increased speeds and lower latency of 5G networks are beginning to impact nearly every facet of life for consumers and enterprises. Fortunately, security has been the built into 5G right from its inception and has been required throughout its development, planning and deployment.”

Chris Pearson, President of 5G Americas

As increased bandwidth, higher data rates, and a surge of new devices and connections have made managing network security more complex, 5G Americas has provided nearly annual updates around the topic of security in wireless cellular networks. ‘Security for 5G’ is the latest update, building on prior work and focuses on evolving 5G security considerations.

This white paper addresses emerging challenges and opportunities, making recommendations for securing 5G networks in the context of the evolution to cloud-based and distributed networks:

  • 3GPP security enhancements in 5G
  • 5G security considerations
  • Zero-trust networks
  • 3GPP Release 16 security enhancements
  • Security for 5G vertical segments, such as transportation, manufacturing, and critical infrastructure
  • Supply chain security
  • Open RAN security

Additionally, the white paper provides insight into securing 5G in private, public, and hybrid cloud deployment models. Topics such as orchestration, automation, cloud-native security, and application programming interface (API) security are addressed. The transition from perimeter-based security to a zero-trust architecture to protect assets and data from external and internal threats is also discussed.

Pramod Nair, Technical Solutions Architect - Security, Cisco and 5G Americas group co-leader on the paper commented, “5G will allow operators to evolve toward new business models. For 5G to achieve its potential, organizations must embrace multi-layered security that goes far beyond 3GPP specifications by using a pragmatic, multi-layered approach. End-to-End Security should cater to RAN, SDN, MEC, and hybrid, multi-cloud deployments based on a cloud native architecture, secure CI/CD, and zero trust security for 5G.”

Scott Poretsky, Director of Security, North America, Network Product Solutions at Ericsson and 5G Americas group co-leader further added, “5G continues to integrate with other key technology enablers. In the cloud’s multi-stakeholder environment, cloud-native function software vendors, platform vendors, mobile network operators, hyperscale cloud providers, and system integrators must collaborate to clearly define requirements, roles and responsibilities for implementing security architecture and controls.”

About 5G Americas: The Voice of 5G and LTE for the Americas
5G Americas is an industry trade organization composed of leading telecommunications service providers and manufacturers. The organization’s mission is to facilitate and advocate for the advancement and transformation of LTE, 5G and beyond throughout the Americas. 5G Americas is invested in developing a connected wireless community while leading 5G development for all the Americas. 5G Americas is headquartered in Bellevue, Washington.

5G Americas’ Board of Governors Members include Airspan Networks Inc., Antel, AT&T, Ciena, Cisco, Crown Castle, Ericsson, Intel, Liberty Latin America, Mavenir, Nokia, Qualcomm Incorporated, Samsung, Shaw Communications Inc., T-Mobile US, Inc., Telefónica, VMware, and WOM.

Spotlight

Gain the benefits of having pooled storage in a convenient, affordable way. With storage pooling, each machine’s allotted data storage of 1TB will now be pooled across all machines within your customers account for a given service level. We made the building blocks for a disaster recovery service like no other. Choose the cloud configuration that best meets your needs and budget.

Spotlight

Gain the benefits of having pooled storage in a convenient, affordable way. With storage pooling, each machine’s allotted data storage of 1TB will now be pooled across all machines within your customers account for a given service level. We made the building blocks for a disaster recovery service like no other. Choose the cloud configuration that best meets your needs and budget.

Related News

Cisco's 6 Unpatched Internal Servers Supporting Virtual Networking Service Compromised

Cisco | June 01, 2020

Cisco gave no details on exactly what, if any, damage was done as a result of the attacks, but said a "limited set of customers" was impacted. Despite this warning, Cisco placed six servers in service on May 7 that were not patched against these vulnerabilities, and the servers were immediately attacked. The vulnerabilities in SaltStack were originally uncovered by security firm F-Secure. Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities, according to a security advisory sent to customers this week. Cisco gave no details on exactly what, if any, damage was done as a result of the attacks, but said a "limited set of customers" was impacted. If exploited, these zero-day vulnerabilities potentially could have allowed an attacker to gain full remote code execution within the servers. In its Thursday advisory, Cisco states that on April 29, the Salt Open Core team informed those using the SaltStack open-source configuration management and orchestration tool about two critical-rated vulnerabilities, an authentication bypass flaw, CVE-2020-11651, and a directory traversal problem, CVE-2020-11652. Read More: Virtualized Desktop Infrastructure and Storage Solutions Driving Intel's Optane Memory & Storage Sales Despite this warning, Cisco placed six servers in service on May 7 that were not patched against these vulnerabilities, and the servers were immediately attacked, the company acknowledges. "A software component of the Cisco Virtual Internet Routing Lab service was affected by a third-party software vulnerability that was disclosed in late April. Cisco applied the patch in May, and a limited set of customers were impacted by exploitation attempts of the vulnerability," a company spokesperson tells Information Security Media Group. SaltStack Vulnerabilities The vulnerabilities in SaltStack were originally uncovered by security firm F-Secure, which describes them as allowing an attacker "to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the 'master' server file system and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it." SaltStack published its own advisory on April 20 and patched the vulnerabilities the following week with the release of versions 2019.2.4 and 3000.2, Alex Peay, a senior vice president at SaltStack, tells ISMG. Cisco's six servers that were compromised are used to support Internet Routing Lab Personal Edition, or VIRL-PE, and Modeling Labs Corporate Edition, or CML, a platform that enables engineers to emulate various Cisco operating systems, including IOS, IOS XR, and NX-OS, Cisco says in the advisory. The servers are: • us-1.virl.info • us-2.virl.info • us-3.virl.info • us-4.virl.info • vsm-us-1.virl.info • vsm-us-2.virl.info The exploitability of the vulnerabilities in the six servers depends upon how the products that the servers' support are enabled. The company advises those using Cisco CML and Cisco VIRL-PE software releases 1.5 and 1.6, which have the salt-master service reachable on TCP ports 4505 and 4506, to inspect the software for compromise, re-image it and then patch it with the latest update. F-Secure described the unpatched vulnerabilities as particularly easy to exploit. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure says. Attackers Looked for Easy Exploits Peay of SaltStack added that exploits immediately began to show up after the patches were released and publicized as malicious actors attempted to take advantage of the zero-day vulnerabilities before companies were able to install patches. Scott Caveza, research engineering manager at the security firm Tenable, offers a quick rundown of how threat actors use patch information to crack a system. Attackers will often review the code and look at what changes have been made in a patch or release update to determine how the fix was applied. Then working backwards, they can use this information to develop a working exploit and begin scanning and probing for targets across the internet, Scott Caveza, research engineering manager at the security firm Tenable. SaltStack went to great lengths to communicate the problem to its users and offer tools so mitigation efforts were conducted properly, Peay says. This included direct assistance for those lacking skills handling SaltStack along with a service that would scan to validate that the patches were properly applied, he adds. Some security experts question why Cisco did not immediately patch its servers when it was notified of the zero day vulnerabilities. There are management tools that can help with the automation of checking, but even that requires someone setting it up to check for a version of software on a set of servers, so in the end it's the IT person who has to do the work, Jayant Shukla, CTO and co-founder of K2 Cyber Security. Caveza of Tenable notes identifying systems that need a patch involves IT staff checking the version of SaltStack and verifying that versions 2019.2.4, 3000.2 or later have been applied. He points out that plugins are available to assist with this task. Read More: How Virtualization Helps Businesses Overcome Cloud Migration Problems About Cisco Cisco enables people to make powerful connections--whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible--providing easy access to information anywhere, at any time.

Read More

VPN

The World’s First Layer 1 Blockchain for Bandwidth, PKT, to List on Bittrex Global

PKT | January 04, 2022

Bittrex Global announced PKT, the world’s first layer-1 blockchain for bandwidth, will list on its exchange later this month. PKT is an open-source community project that monetizes unused internet bandwidth and provides an economic incentive for people to expand internet connectivity and network infrastructure with minimal technical knowledge required. The blockchain is Bitcoin-fork designed for microtransaction scalability with near-zero fees and 60 second block times. PKT divides the Internet Service Provider (ISP) roles of infrastructure provider and network operator. In effect, this lowers the barrier of entry for entrepreneurs to become ISPs, and decentralizes internet access for billions of people worldwide. We are excited to welcome such a unique blockchain project onto the exchange. Bittrex Global is pleased that it can serve as a vehicle of momentum for PKT and we look forward to seeing its many use cases come to fruition over the coming year.” Stephen Stonberg, CEO of Bittrex Global “I am excited to see the PKT community activated around the vision of taking the internet back from monopolistic telecom companies,” says Caleb James DeLisle, lead developer of PKT, “and for Bittrex Global providing the community with an on-ramp to participate.” There are an estimated 200,000 cores mining the PKT Network globally and the mining pools have reported seeing over 100 Gb/s of sustained bandwidth, powered entirely by people from around the world. Mining difficulty and network bandwidth have increased more than 10,000% since January 2021. The PKT Network use cases will include free VPN, launching in 2022, localized mesh networking, internet sharing, and a new token issuance protocol called Token Strike, which provides token and NFT issuance with near-zero cost gas fees. TokenStrike will launch in 2022 and enables anyone to tokenize and trade bandwidth in a decentralized bandwidth market. PKT is an internet built by the people, for the people. About PKT PKT is a decentralized high-speed data network that enables anyone to monetize their unused internet bandwidth. Powered by PacketCrypt, the world’s first bandwidth-hard proof-of-work, people who connect to the PKT Network are paid in PKT Cash ($PKT) every 60 seconds. PKT provides an economic incentive for people to grow internet connectivity and infrastructure with minimal technical knowledge. As the network grows, PKT drives bandwidth demand, which in turn drives down the cost of bandwidth, increases the speed of the PKT Network, and improves internet connectivity in both urban and rural areas worldwide. PKT is a decentralized community project with no company, no investors, and no pre-mine. The project is an extension of the open source cjdns mesh networking protocol, created by PKT lead developer Caleb James DeLisle in 2011, which makes it so people can get onto the internet without requiring a traditional ISP. About Bittrex Global Bittrex Global, the most secure digital asset exchange in the world, serves both retail and institutional clients, globally. Committed to helping users build wealth, Bittrex Global facilitates the purchase and trade of over 250 tokens. Through its use of cutting-edge technology, advanced security protocols, and a sophisticated elastic multi-stage wallet strategy, the company provides a high-level experience for professional and novice customers alike. Bittrex Global is a key player in driving widespread adoption of secure and decentralized methods to building wealth while remaining compliant and adhering to the wide array of regulatory measures across the globe.

Read More

Envistacom Partners with NOVELSAT for High-Performance Satellite Access Waveforms to Power Its Transport Virtualization Ecosystem

Envistacom LLC | July 10, 2020

Envistacom, LLC, a leading technology enterprise which delivers advanced communications, cyber and other related services to customers in the aerospace, defense, and intelligence communities, announced today that NOVELSAT, a global leader in content connectivity via satellite, will incorporate its high-performance satellite access waveforms into Envistacom’s Transport Virtualization Ecosystem (TVE).

Read More