Thursday October 10, 2019

FS.11 SS7 Interconnect Security Monitoring and Firewall Guidelines

This document describes how to monitor SS7 traffic, including prevention and detection techniques against suspected attacks. It allows an operator to assess whether received SS7 MAP or CAMEL messages are legitimate or not, and apply appropriate firewall rules to protect its network.

Audience: Technical security practitioner

Resource technology specifics: Core network

Resource type: Guideline

Resource enforcement: Voluntary

Resource certification type: Self-assessment

Key benefits
  • Guides Operators, at a high level and in a non-vendor specific way, on how to monitor SS7 traffic including the establishment of firewall rules and data sharing capabilities.
  • Provides guidelines on how SS7 traffic on the interconnect links can be monitored, what abnormalities to look for, and how to report them.
  • ‎Contains a risk assessment of all GSM-MAP and CAMEL packet types
  • ‎Provides descriptions of recommended SS7 firewall rules for the handling of MAP and CAMEL vulnerabilities