NGN access network technology for network security

The NGN access network technology is currently one of the most important technologies to ensure network security. Many people may not know the characteristics and applications of the NGN access network technology. It does not matter. After reading this article, you will certainly have a lot of GAINS, I hope this article will teach you more things. The signaling, control, and media streams of the NGN access network technology are mainly encapsulated in the IP datagram text, and the IP network is used to carry the multimedia information stream of the NGN. Therefore, the quality of the NGN service is directly affected by the IP network, in the current IP network conditions, it is even the key to influencing the ngn test and operation success. Security is one of the key factors that affect the success of NGN.

Security measures are not deployed for the NGN access network technology. If you deploy the service directly on the IP public network, the following problems may occur.

Security Issues of the operator's business mainly include: service theft and unauthorized use of the NGN service. For example, the user terminal through the H.323 protocol can directly connect to the called Gateway, leading to loss of revenue of the operator; bandwidth theft, using the NGN access network technology device port to connect to the user's private data network, resulting in loss of operator data business revenue and affecting the quality of NGN business; DoS attacks, through the network layer or application layer of large traffic attacks, this prevents NGN devices from responding to normal user service requests or reducing service quality.

Device Security Issues of carriers mainly include: Destroying device programs and data, remotely loading devices through NGN devices, or damaging devices through vulnerabilities in Data configuration procedures, common standard protocols such as TFTP, FTP, and SNMP have security vulnerabilities. virus attacks destroy NGN devices by means of virus intrusion, or users' computers infected with viruses automatically attack NGN devices, this can cause service interruption or deterioration. Hackers use unconventional technical means to gain control over NGN devices. Viruses and hackers generally threaten devices that use general operating systems, such as various servers. Security issues of user services mainly include: User counterfeiting, theft of other users' accounts and permissions to use the business; Illegal listening to the call information or media stream content of other users' calls.

In terms of the technical security framework of the NGN access network, we can divide the NGN access network into four areas: trust zone, non-trust zone, semi-trust zone DMZ), and network management/billing/maintenance network. The NGN network components are connected to the corresponding area based on the network location and device functions. The cross-zone network components are connected to the network area through specific physical interfaces. The trust zone is an isolated area dedicated to NGN services in the bearer network. It is a well-managed and secure region. Devices placed in the security zone include the core components of the NGN network, such as Softswitch, Access Gateway, relay gateway, signaling gateway, in-band network management device, Media Resource device, and intelligent network device; rack-mounted IAD devices can be deployed in well-managed data centers and can also be included in the trust zone.

A non-trust zone is an area that cannot be managed by operators and is not controlled by security. It includes Internet, Community network, and other public IP, campus network, and enterprise network. Some devices deployed by carriers on the user end, such as desktop IAD, smart soft terminals, and smart hard terminals, are included in the untrusted zone. DMZ) similar to a Web site, it is a region between a trust zone and a non-trust zone. The application server and the data network interface belong to this region. Network Management/billing/Maintenance Network is a private network deployed by the operator for network operation support. Billing devices, Internet-connected communication devices, and operation and maintenance terminals should all be deployed in this area.

The main requirements for bearer network to ensure the security of NGN access networks are as follows. First, the core components of NGN, such as Softswitch, Access Gateway, relay gateway, signaling gateway, in-band network management device, Media Resource device, and intelligent network device, are deployed in a security zone, this constitutes the core network of the NGN access network technology. We recommend that you use the following solution for implementation: deploy a VPN using MPLS technology on the IP network, which is an independent Logical Network; A dedicated line technology is used to deploy an independent IP network for the core components of NGN, which is not directly interconnected with the public network. An independent logical network that supports IP resource management is deployed through the IP telecommunication network technology. Secondly, with the extension of the NGN core network, various access technologies can be used to extend the scope of the NGN service coverage, requiring the access network to achieve user isolation at the link layer. We can use VLAN, ATM, and PPPoE access technologies. Third, the application server interface device ParlayGateway should be used to communicate with the application server. Fourth, Internet users, residential areas, campus network users, and enterprise users should be connected through the IP-IPGateway Service proxy device.