As we all know, Softswitch networks are composed of service layer, core switch layer, control layer, and access layer, but they are facing threats, PSTN is gradually migrating to the next-generation NGN, which is represented by the softswitch network. The softswitch network has the features of open service interfaces, rich access means, single load and transmission, and centralized equipment capacity, these features are the advantages of the softswitch network, but at the same time make the softswitch network face more security threats.
Based on the characteristics of the softswitch network and the operator's actual operation experience, this paper analyzes and explores the security threats and requirements of the softswitch network. For the bearer layer, this article only discusses the security requirements of the service layer for the bearer network, and does not involve the security measures and requirements of the IP bearer network data layer.
Analysis of softswitch network security threats
A typical softswitch network consists of four layers: business layer, core switch layer, control layer, and access layer. They face security threats: the capacity of softswitch devices and various gateway devices can be very large, once interrupted, it affects geometric progression amplification. The bearer network of the softswitch system is based on the IP network, if the bearer network is faulty or unstable, the heartbeat mechanism is chaotic, the service cannot be normally carried out, the core node is unstable, or the network is disconnected, and the link and Route status are abnormal; the softswitch system provides a wide range of services and applications through open business interfaces, but open business interfaces pose a risk of being attacked; the intelligent user terminals of the softswitch system and the complexity of access methods impose high requirements on the fault tolerance of the softswitch protocol processing. The public access areas make the softswitch network in a more open network environment, more vulnerable to attacks. The following is an in-depth analysis of these threats.
1) security threats of core devices
The softswitch network adopts the separation of call and bearer control technology, which greatly improves the processing capability of network devices. It can handle more traffic and carry more business loads, but it is followed by security issues. For network devices designed using boards, a single board can carry more traffic and load under normal circumstances, which may cause a larger range of business interruptions in the event of a fault.
At present, the security of softswitch devices is completely dependent on the vendor's hardware and software security design, failover and isolation are implemented in the case of faults through Master/Slave, 1 + 1, N + 1 backup, automatic switching, software and hardware modular design, and other methods. However, there are still some security risks in actual operation.
Reliability of backup and replacement is not guaranteed: Replacement of key devices, especially some key interface boards, usually affects the operation of services or devices. The success rate of replacement is currently not guaranteed, the switch may fail in an emergency. Software reliability cannot be guaranteed: there are some problems with the software versions and patch policies of some vendors. Too many software and patches bring about compatibility and reliability problems.
2) security threats to bearer Networks
The bearer network of the softswitch system uses an IP group network. communication protocols and media information are transmitted in the form of IP packets. The main security threats facing the bearer network include network storms, virus and worms, and hacker attacks. Network storms and viruses consume a large amount of network resources and bandwidth, leading to slow access to normal services, or even access to network resources, leading to network paralysis. Hackers attack key devices in the network, tamper with their routes and user data, and cause route exceptions and network access failures. According to the actual operation, the bearer network has the greatest impact on the softswitch network, mainly due to the unstable quality of the IP network.
3) Access Network Security Threats
The Softswitch Network provides flexible and diverse network access methods, and any location that can access the IP network can access the terminal. This feature brings security risks while providing convenience for users. Some users use illegal terminals or devices to access the network, occupy network resources, illegally use services and services, and even initiate attacks to the network. In addition, the access is unrelated to the location, making it difficult to locate the exact location of the security attack after a security event occurs, and the responsible person cannot be traced.
4) network layer security threats
Although the security of a single or regional core node can be guaranteed by load balancing or backup, there are still security risks at the network level. In the existing softswitch network, there are many platform devices, such as SHLR, NP service platform, and SCP. These nodes often exist in the form of single points. Once these nodes fail, it will seriously affect network services. In terms of actual operation, the current threats at the network layer are mainly business interruptions, congestion, and overflow caused by the paralysis of important business nodes, among which SHLR and general number conversion platform No. 1) and other key platforms have the greatest impact. Therefore, we should pay attention to the phenomenon such as the depletion of traffic resources caused by sudden traffic shocks.
Analysis of softswitch network security requirements
The concept of "security domain" is introduced in the Process of describing and analyzing Softswitch Network Security. The security domain is a model that describes how to manage and control network security, if you have the same security protection requirements in a security domain, you can implement the same security protection mechanism. Security domains can deploy isolation, control, and other security policies at security domain boundaries based on different security levels.