1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-1000012.2006(R2011) Signaling System No. 7 (SS7) SS7 Network and NNI Interconnection Security Requirements and Guidelines ATIS is the leading technical planning and standards development organization committed to the rapid development of global
2、, market-driven standards for the information, entertainment and communications industry. More than 250 companies actively formulate standards in ATIS 18 Committees, covering issues including: IPTV, Service Oriented Networks, Energy Efficiency, IP-Based and Wireless Technologies, Quality of Service,
3、 and Billing and Operational Support. In addition, numerous Incubators, Focus and Exploratory Groups address emerging industry priorities including “Green”, IP Downloadable Security, Next Generation Carrier Interconnect, IPv6 and Convergence. ATIS is the North American Organizational Partner for the
4、 3rd Generation Partnership Project (3GPP), a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications Sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, please visit . AMERICAN NATIONAL STA
5、NDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreem
6、ent has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of Am
7、erican National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Stan
8、dards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute
9、. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that ac
10、tion be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer Application Protocols Integrated Services Digita
11、l Network User Part (ISUP) and Transaction Capabilities Application Part (TCAP). Network Transport Layer Protocols Message Transfer Part Level 3 (MTP3) or Signaling Connection Control Part over Message Transfer Part Level 3 (SCCP/MTP3). Link Layer Protocols Message Transfer Part Level 2 (MTP2) or Si
12、gnaling ATM Adaptation Layer (SAAL). A closed SS7 environment is defined by, but is not limited by, the following characteristics: Use of conventional SS7 links (MTP2 or SAAL) deployed over dedicated facilities. Network design to isolate/separate SS7 network and SS7 traffic from other control signal
13、ing network types and signaling traffic (e.g., access signaling network/access signaling traffic). Network design to isolate/separate SS7 network and SS7 traffic from the bearer network and bearer traffic (i.e., user traffic). Network design to isolate/separate SS7 network and SS7 traffic from manag
14、ement/maintenance networks and management/maintenance traffic. 4.1.2 Functional Architecture Architectures, structures and configurations of traditional SS7 networks are specified in T1.110-1999 (R2005) 2 and ATIS-1000111.2005 3. An example functional architecture of a traditional SS7 network is sho
15、wn in Figure 2. ATIS-1000012.2006 8 Figure 2 - Example Traditional SS7 Network Architecture From a security perspective, the objective is to protect the availability and integrity of the SS7 network and its supported application services. This involves continuous security planning, development and i
16、mplementation of mitigation services, and planning and implementation of security practices/processes to protect the SS7 network and its individual Network Elements (signaling links, STPs, SEPs, etc.) and supported application services. Specifically, hardware and software systems, components, and pr
17、otocol interfaces of SS7 network elements must be safeguarded so that their intended functions and services are not compromised intentionally or unintentionally. 4.1.3 SS7 Protocols and Fundamental Security Needs 4.1.3.1 Traditional SS7 Protocol Stack The protocol architecture of the traditional SS7
18、 network is specified in T1.110-1999 (R2005) 2 and is illustrated in Figure 3. From a security perspective, the objective is to protect the individual SS7 protocols and interfaces so that the functions and services are not compromised. ATIS-1000012.2006 9 Figure 3 - Traditional SS7 Network Protocol
19、Architecture 4.1.3.2 Fundamental Security Needs The fundamental challenge for SS7 security is to assure data transfer between two communicating SS7 entities without any external intrusion. Table 1 identifies the resulting security needs of each individual SS7 application or network layer protocol. N
20、OTE: In Table 1, protection against message insertion includes protection against insertion of individual messages and protection against Denial of Service attacks. ATIS-1000012.2006 10 Table 1 - Fundamental Security Needs of SS7 Application and Network Layers Protocols SS7 Protocol Fundamental Secu
21、rity Needs MTP3 Header Protection against alteration and manipulation. Protection against observation by unauthorized entities. MTP3 Management Messages Protection against message insertion and deletion. Protection against mis-sequencing. Protection against alteration and manipulation. Protection ag
22、ainst observation by unauthorized entities. SCCP Header Protection against alteration and manipulation. Protection against observation by unauthorized entities. SCCP Management Messages Protection against message insertion and deletion. Protection against mis-sequencing. Protection against alteratio
23、n and manipulation. Protection against observation by unauthorized entities. ISUP Call Set-up Messages Protection against message insertion and deletion. Protection against mis-sequencing. Protection against alteration and manipulation. Protection against observation by unauthorized entities. ISUP M
24、anagement Messages Protection against message insertion and deletion. Protection against mis-sequencing. Protection against alteration and manipulation. Protection against observation by unauthorized entities. TCAP Application Messages Protection against message insertion and deletion. Protection ag
25、ainst mis-sequencing. Protection against alteration and manipulation. Protection against observation by unauthorized entities. TCAP Management Messages Protection against message insertion and deletion. Protection against mis-sequencing. Protection against alteration and manipulation. Protection aga
26、inst observation by unauthorized entities. 4.2 Security Architecture and Methodology This document uses the Security Architecture and the Methodology defined in ATIS-1000007.2006 1 to specify requirements and guidelines to protect the SS7 signaling network from security threats. This involves securi
27、ty measures to protect the following SS7 entities: 1. The SS7 signaling network infrastructure consisting of the SS7 network elements and the SCCP/MTP transport network. Specifically, this includes the SS7 Signaling End Points (e.g., Switches and Service Control Points), the Signaling Transfer Point
28、s (STPs) and the signaling links (e.g., MTP2 and SAAL links) including the transport facilities. ATIS-1000012.2006 11 2. The SS7 application protocols. This includes the ISUP call control application protocol and the Transaction Capabilities Application Protocol (TCAP) application protocol. 3. Servi
29、ces supported by the SS7 applications (e.g., POTS, ISDN, AIN, LNP, etc.). The Security Architecture defined in ATIS-1000007.2006 1 consists of three Security Layers; 1. Infrastructure 2. Network Services 3. Applications. The Methodology involves applying the following security dimensions defined in
30、detail in ATIS-1000007.2006 1: 1. Access Control 2. Authentication 3. Non-repudiation 4. Data Confidentiality 5. Communication Security 6. Data Integrity 7. Availability 8. Privacy The requirements and guidelines specified in this document are organized based on the Security Layers defined in ATIS-1
31、000007.2006 1 as follows: Application of Security Architecture and Methodology to the SS7 Network Security Layer Security Layer Descriptions Infrastructure Security Layer Transmission facilitates and network elements (e.g., SS7 Links, Switches, SCPs, and STPs) Network Services Security Layer Network
32、 transport layer services and protocols (e.g., MTP and SCCP) Application Security Layer Application protocols and application services. This includes, traditional SS7 application protocols (ISUP, TCAP and OMAP), and application services supported by these protocols (e.g., POTS, IN and LNP). 5 GENERA
33、L REQUIREMENTS Specific network architecture/topology designs to minimize security risks. Specific solutions for administration, operations, and maintenance of the SS7 network, SS7 network elements, SS7 hardware and software systems and components to minimize security risks. Specific vendor designs
34、and implementation of SS7 products and protocol solutions to minimize security risks. Continuous evaluation and adjustment of security plans, practices, and processes and solutions as network conditions changes. The SS7 transport network must be designed to minimize the possibility of external intru
35、sion between two communicating SS7 entities. The following requirements are applicable when planning, designing, and implementing the SS7 network: The signaling association between two communicating SS7 entities shall be protected against intrusions resulting in the alteration or manipulation of the
36、 header fields or of the content of the SS7 messages. The signaling association between two communicating SS7 entities shall be protected against intrusions resulting in insertion, deletion, or replay of SS7 messages. The signaling association between two communicating SS7 entities shall be protecte
37、d against intrusions resulting in unrecoverable mis-sequencing of SS7 messages. The signaling association between two communicating SS7 entities shall be protected against observation of the exchanged SS7 messages by unauthorized entities (i.e., parties other than those authorized by the participati
38、ng service providers). ATIS-1000012.2006 13 The signaling association between two communicating signaling entities shall be implemented to allow participating service providers to use security tools to inspect exchanged SS7 messages. 5.2 Security Plan, Policy & Practices It is recommended that each
39、SS7 network provider and administrator develop and implement a security plan. The security plan should address the entire SS7 network. Specifically, as a best practice, it is recommended that SS7 network providers and administrators define and implement security plans that include (but are not limit
40、ed to) the following considerations: Identification of, SS7 resources, services, and capabilities to be protected. Enumeration of the threats associated with each asset, resource, service, or capability to be protected. Establishment of a security policy regarding each identified SS7 resource, servi
41、ce, and capability to be protected. Implementation of specific measures to protect each SS7 resource, service, or capability. Periodic review of security policies and measures. Implementation of processes to educate and train network personnel to “think security.” 5.3 Network Reliability Interoperab
42、ility Council (NRIC) Best Practices Recommended best practices for network reliability and security are constantly being reviewed and updated by the Network Reliability Interoperability Council (NRIC). Many of the NRIC best practices are applicable to SS7. It is recommended that SS7 network provider
43、s, administrators, and vendors implement SS7 applicable NRIC best practices. 5.4 Documents and Specification Safeguard It is recommended that each SS7 network provider and administrator develop and implement processes and practices to identify and protect proprietary and sensitive SS7 information (e
44、.g., information that can be used in a malicious manner). Such processes and practices include, but are not limited to, the following: Identifying and safeguarding proprietary information (e.g., SS7 network element specifications, documents, and information regarding network architecture and routing
45、 specifications). Identifying and safeguarding dissemination of sensitive information (e.g., preventing unauthorized entities from correlating a Signaling Point Code with the identification and location of an SS7 node). Processes and practices to routinely review and filter sensitive information ass
46、ociated with the SS7 network and SS7 network elements that are disseminated publicly (e.g., on web sites). ATIS-1000012.2006 14 5.5 Management Plane Security Refer to T1.233-2004 5 and ATIS-0300276.2008 for management plane security requirements. 5.6 Security Management System The traditional SS7 ne
47、twork was not specifically designed to interface to a Security Management System. However, as signaling network evolves to include NGN signaling and hybrid infrastructures interfacing to a Security Management System may be necessary based on the network providers solution for security management. Re
48、fer to ATIS-0300074, Guidelines and Requirements for Security Management Systems, for information on security management systems. 6 INFRASTRUCTURE LAYER 6.1 Access Control 6.1.1 SS7 Network Element Access The SS7 network consists of multiple physical network elements (e.g., STPs, SSPs, and databases
49、) that are comprised of hardware and firmware that are capable of hosting multiple software facilities. Also, a network providers operating environment involves operating the SS7 network in conjunction with other networks (e.g., transport, operations, and bearer networks) in a coordinated manner to provide communications services to their customers. SS7 network elements and components (e.g., hardware and software systems) may be operated, managed, maintained, and administered on an individual basis or through c
