FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines
This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply appropriate firewall rules to protect its network.
Audience: Technical security practitioner
Resource technology specifics: Core network
Resource type: Guideline
Resource enforcement: Voluntary
Resource certification type: Self-assessment
- Guides Operators, at a high level and in a non-vendor specific way, on how to monitor SS7 traffic including the establishment of firewall rules and data sharing capabilities.
- Provides guidelines on how SS7 traffic on the interconnect links can be monitored, what abnormalities to look for, and how to report them.
- Contains a risk assessment of all GSM-MAP and CAMEL packet types
- Provides descriptions of recommended SS7 firewall rules for the handling of MAP and CAMEL vulnerabilities
- SS7 attacks listed are not exhaustive
- S7 signalling firewall requirements are high level
- GSMA member confidential
Like what you read? Share.