P1 Telecom Monitor (PTM)
Telecom Network IDS
SS7 and SIGTRAN networks lack precision monitoring such as that found in the IP world. IDS and specifically NIDS technologies do not yet exist for these types of networks, until today.
PTM is the first Intrusion Detection System to provide security monitoring and detection for SS7 and SIGTRAN. It enables security and Telecom engineers to monitor attacks in real time. By detecting intrusions as early as possible and considerably more responsive than Fraud Detection Systems, P1 Telecom Monitor (PTM) enables engineers and managers to react to attacks and protect the operator’s assets.
PTM ensures that the CIO, CTO, Operation Teams, Telecom Engineering department, Fraud and Revenue Assurance department, decision makers and top management can control the onslaught of diverse and evolving attacks on their core network using a dashboard of key indicators.
Few Telecom companies have a real understanding of the present and emerging risks for their Telecom Signalling network from new connections being deployed between their Core Network and the external world. Such interconnection is growing more and more thanks to the Internet and convergent services, Femto-cells, 3G and even further services such as IMS and LTE. Monitoring them is now key to protecting the infrastructure security.
PTM offers Telecom and Mobile operators the capability to monitor and detect their core network and signalling perimeters, continuously.
P1 Telecom Monitor technology
- Native SS7 and SIGTRAN security monitoring solution
- SS7 Interconnect security monitoring
- Network Element, DPC and SSN constant monitoring
- External and Internal security monitoring
- Web based administration, event display and reporting
- Multiple Signalling perimeters support
P1 Telecom Monitor provides mass-monitoring of fraud cases, suspicious behaviours, instability causes and direct intrusion attacks.
Currently, PTM detects successfully more than 200 different attack types specific to signalling infrastructure and Core Networks.
Below is a selection of vulnerabilities and attacks categorised according to severity of impact:
- Location request with privacy-attacking HLR Request (SendRoutingInfo SRI Request) – Intelligence category (low impact)
- SCCP Flooding Attempt – Infrastructure DoS (medium impact)
- TCAP Session Flooding – Infrastructure DoS (high impact)
- VLR Stuffing attack – Infrastructure DoS (high impact)
- Region availability attack – Infrastructure DoS (high impact)
- CAMEL / CAP illegal calls – Signaling attack & fraud category (high impact)
- Billing System flooding – Signaling attack & fraud category (high impact)
- SMSC fingerprinting – Intelligence category (low impact)
- USSD mapping – Intelligence category (low impact)
- Hostile Location Update – Targetted DoS (high impact)
- Signaling Decoding Bomb – Signaling attack & fraud category (high impact)
- SCTP Peering Point Enumeration – Intelligence category (low impact)
Monitored protocols and equipment
| SS7 | Message Transfer Part 3 (mtp3), SCCP, TCAP, ISUP, TUP, MAP, OMAP, INAP, BICC, CAMEL, BSSAP, RANAP, UMA |
| SIGTRAN | SCTP, M3UA, M2PA, M2UA, IUA (ISDN, Q.931), SUA, V5UA |
| GPRS | GTP-U, GTP-C, GTP’, GPX DNS |
| AAA | Radius, Diameter |
| VoIP / ToIP | SIP, H323, Skinny / SCCP, H248, MGCP, MEGACO |
| Core network protocols | MPLS, LDP, BGP, VPLS, L2TP, GRE, IPsec, SAAL, LDP, BGP |
Interconnection interfaces
- Interfaces C, D, E, F, G, I and optionally A, B
- SIGTRAN Ethernet-based networks (100Mbit/s or 1Gbit/s hardware)
- IMS Ethernet-based networks (100Mbit/s or 1Gbit/s hardware)
- SS7 legacy TDM interfaces (specific quote required, T1, E1, V11 or V35)
- SS7 ATM connections (specific quote required)
Acision, Acterna, Adventnet, Alcatel-Lucent, Anritsu, Apertio, Asterisk, Bercut, Cisco, CMG, Comverse, Cyrpack, DataKinetics, Digital, Ericsson, HP, Huawei, IBM, Logica, Marconi, Motorola, Nokia, Nortel, NSN, Siemens, Squire, Sysmaster, SS8, Tellabs, Tektronix, Unica, Tekelec, ZTE.
Deployment and updates
PTM is easily deployed with a single lightweight Virtual Appliance using VMware technology and a web-based control and reporting server using SaaS technology.
PTM integrates seamlessly with your Signalling Infrastructure, co-located as a non-blocking passive probe that does not disrupt normal operations. It ensures extra operational security by being totally passive on the network on the monitored interface.
PTM only requires an IP address to communicate its detected event. No Signaling Point Code or interconnection is needed.
PTM is ready for deployment in both legacy SS7 and state-of-the-art SIGTRAN, UMTS/CDMA 3G, IMS and LTE environments.
PTM rule base is updated weekly with emergency patterns being deployed in real time to all our customers so that fast emerging threats are countered immediately.
More information
Contact us for more information about P1 Telecom Monitor.