This article originally appeared in the April 2011 issue of InfoTECH SPOTLIGHT
Due to the increased usage of 3G mobile devices like smartphones or PCs with air cards, that are accessing Web 2.0 applications for video and social network type of experiences, the amount of data traffic traversing mobile broadband networks is growing at a phenomenal rate. Cisco (News - Alert), for example, predicts mobile data will grow 66 times by 2013.
To meet this skyrocketing demand, mobile operators have been making major investments in their network infrastructures, such as from 3G to LTE (News - Alert), and their focus has been on service creation and overall user experience. They operate in a highly competitive market where service differentiation and customer satisfaction are key elements in increasing customer loyalty and average revenue per user (ARPU).
Unfortunately, the security posture of mobile networks has not evolved along with the growth of the data networks themselves. With some notable exceptions, many mobile/fixed wireless network operators appear to have security postures approximating those of wireline operators eight to 10 years ago.
According to Arbor Networks 2010 Worldwide Infrastructure Security Report, the fastest-growing category of ISPs – mobile and fixed wireless operators – may be the least prepared in terms of network visibility, control and overall ability to defend themselves and their customers against attack. The culmination of survey responses, the report contains industry-wide data that spans roughly a 12-month period from 3Q 2009 through 3Q 2010. Mobile and fixed wireless operators reported that they have little visibility into data traffic on their networks. Data from the report includes the following:
In a sense, mobile operators have become accidental ISPs. In a few short years, they have invested in, and transformed their businesses from voice carriers into providers of mobile data and video experiences. The most basic element underpinning these investments is the very availability of the networks and services themselves. As they transition to all-IP networks and become data-centric, mobile operators are becoming data center operators. The number one security threat to the availability of an Internet Data Center (IDC (News - Alert)) is distributed denial of service attacks (DDoS). This is increasingly true for mobile operators.
Multi-tenant environments like IDCs are prime targets for DDoS attacks because of the potential to cause collateral damage across multiple customers. Attacks are also changing rapidly, moving from volumetric-based, where they try to simply overwhelm the connection with data, to more sophisticated application layerDDoS attacks that target specific services. Application layer DDoS attacks are not high-bandwidth and therefore difficult to identify, threatening a myriad of services. A significant number of mobile network operators indicated in the survey that they experienced application-layer DDoS attacks directed at their supporting ancillary infrastructure elements. These elements include DNS servers, Web portal servers, SMTP servers, Diameter servers and even GTP tunnels and SMS gateways. Additional data from the report includes:
From a security standpoint, mobile network data growth is a game changer. Hackers look for opportunity and they see plenty in mobile networks – from the infrastructure itself, to the ubiquity of connected devices, to users who load them with personal and sensitive information. Mobile operators are struggling with the availability of limitless botnets with ever increasing bandwidth, the vulnerability of the infrastructure itself and with few network control points. As this year’s Worldwide Infrastructure Security Report demonstrates, mobile operators need better ability to see malicious traffic on their networks and be able to influence it in such a way that protects them and their customers.