I have a few blogs to post, but I am not sure the audience is here right now. I was shocked to see how much noise was coming out of some of the previous posts. I was talking to some good friends about security issues.
Lots of people talking about finding new opportunities in security from the telecom world, but I am not sure they have a real understanding about the role they would have. Many friends have suggested that they would be adding security functionality, but in truth the best that a telcom person should hope for is to be the interface to where the action is.
Lets take the recent Facebook & Twitter Denial of Service attacks as an example. It turns out the attack was not on the site itself but the content of a specific user on the system. This focused attack is related to the content.
Telecom does not normally look at the message it just provides the transport media.
The point of making this observation is that to the security experts wearing the black / white hats the migration to 4G wireless is just more of the same of the Internet. The concepts associated with ISUP and other out of band control signals are periphereal to where the attack is most likely to occur, which is the application layer.
Lots of people talking about finding new opportunities in security from the telecom world, but I am not sure they have a real understanding about the role they would have. Many friends have suggested that they would be adding security functionality, but in truth the best that a telcom person should hope for is to be the interface to where the action is.
Lets take the recent Facebook & Twitter Denial of Service attacks as an example. It turns out the attack was not on the site itself but the content of a specific user on the system. This focused attack is related to the content.
Telecom does not normally look at the message it just provides the transport media.
The point of making this observation is that to the security experts wearing the black / white hats the migration to 4G wireless is just more of the same of the Internet. The concepts associated with ISUP and other out of band control signals are periphereal to where the attack is most likely to occur, which is the application layer.
The OWASP list of attacks are not about signaling. They are about attacks in the application itself
Leave a comment