FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines

Thursday 2 May 2019 | Deployment | Operational |

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines image

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply appropriate firewall rules to protect its network.

Audience: Technical security practitioner

Resource technology specifics: Core network

Resource type: Guideline

Resource enforcement: Voluntary

Resource certification type: Self-assessment

Advantage Disadvantage
  • Guides Operators, at a high level and in a non-vendor specific way, on how to monitor SS7 traffic including the establishment of firewall rules and data sharing capabilities.
  • Provides guidelines on how SS7 traffic on the interconnect links can be monitored, what abnormalities to look for, and how to report them.
  • ‎Contains a risk assessment of all GSM-MAP and CAMEL packet types
  • ‎Provides descriptions of recommended SS7 firewall rules for the handling of MAP and CAMEL vulnerabilities
  • SS7 attacks listed are not exhaustive
  • S7 signalling firewall requirements are high level
  • GSMA member confidential