day1_Hacking-telco-equipment-The-HLR-HSS-Laurent-Ghigonis-p1sec

More documents

Recommendations

Info

Other aspects of Telecom Security • We talked here about equipment security – It’s a work in progress, and only HLR/HSS – Mainly Network Equipment Vendor responsibility • Also consider – Other Network Elements security – GRX / IPX / SCCP Providers security – Deployment security (passwords policies, filtering…), Operator responsability – Telecom Network Fraud (SS7 spoofing, Call/SMS Spoofing, …), Operator responsability 2014, Hackito Ergo Sum - Security Conference
References Governance literature on critical infrastructure: • European level – 2007: http://www.nato-pa.int/default.asp?COM=1165&LNG=0 – 2012 http://www.nato.int/cps/en/natolive/news_88054.htm?selectedLocale=en – 2013 http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/crisis-andterrorism/critical-infrastructure/index_en.htm http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/crisis-andterrorism/critical-infrastructure/docs/swd_2013_318_on_epcip_en.pdf • France – 2012 http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000026638421 &dateTexte=&categorieLien=id – 2013 http://www.gouvernement.fr/gouvernement/livre-blanc-2013-de-la-defense-etde-la-securite-nationale 2014, Hackito Ergo Sum - Security Conference
Page 1 and 2:
Hacking Telco equipment The HLR/HSS
Page 3 and 4:
Mobile Operators • Conveys the ma
Page 5 and 6: Mobile Operators and governance •
Page 7 and 8: HLR/HSS in Mobile Core Network 2014
Page 9 and 10: HLR/HSS in Mobile Core Network 2014
Page 11 and 12: HLR/HSS in Mobile Core Network HLR/
Page 13 and 14: 2014, Hackito Ergo Sum - Security C
Page 15 and 16: HLR/HSS Virtualization No, it’s n
Page 17 and 18: An HLR/HSS is an ecosystem • HLR
Page 19 and 20: Where to start • Most exposed fro
Page 21 and 22: Virtualization of HLR/HSS Frontend
Page 23 and 24: Qemu/KVM • Faster than VirtualBox
Page 25 and 26: Qemu/KVM • Solaris 10 - Qemu/KVM
Page 27 and 28: System Analysis 2014, Hackito Ergo
Page 29 and 30: The filesystem • ZFS offers good
Page 31 and 32: Some packages installed application
Page 33 and 34: Local roots • Of course, we often
Page 35 and 36: Example of Telco network stack: NSN
Page 37 and 38: Fuzzing SS7: M3UA • Example: Floo
Page 39 and 40: Fuzzing SS7: SCCP 2014, Hackito Erg
Page 41 and 42: Fuzzing Diameter • Process Crash
Page 43 and 44: Binaries reverse 2014, Hackito Ergo
Page 45 and 46: Signalware Kernel modules • Examp
Page 47 and 48: Signalware userland binaries • Pa
Page 49 and 50: • Misconceptions! So verdict ? -
Page 51 and 52: Consequences • Mobile Network cra
Page 53 and 54: Recommendations: securing the OS
Page 55: To be continued • Telecom Network
show all

day1_Hacking-telco-equipment-The-HLR-HSS-Laurent-Ghigonis-p1sec

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?