"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Codenomicon Whitepaper
Developing secure NGN infrastructure
Ovum research for Codenomicon
Graham Titterington, Principal Analyst, Information security, Ovum
info@codenomicon.com
Codenomicon Ltd.
Abstract
Next Generation Networks (NGNs) provide a rich range of IP-based services for telecommunications operators, including voice, data, video, TV and messaging. The use of IP protocols as the foundation of NGNs gives great flexibility, but also exposes the networks to all the security threats found on the Internet. Operators have to address a set of issues that is very different to those on the tightly constrained but functionally limited legacy networks. NGNs do not have a strong separation between signaling and control channels, and the payload channels. Denial of service attacks, toll fraud, information theft, and user privacy threats are real in NGNs. Networks also connect to user endpoint devices and other networks, where the NGN operator cannot control the status and "hygiene" of the equipment. The complexity of the network makes it difficult to secure.
NGN component vendors and operators are working together to address security challenges. They are using secure development processes, supported by a large range of security testing tools. It is essential that they continue, and strengthen, these initiatives. NGN services are business critical, and in some cases safety critical, and people expect the same levels of reliability that they associated with conventional telephony.
Security assurance can be delivered by using a range of methods in conjunction' with each other, including secure development and deployment processes, peer reviews at all stages in the development life cycle, "static" analysis of code and configuration, and "dynamic" testing of components. Security testing needs to examine the communication layers below layer 7 of the OSI stack, while security testing of applications examines functional correctness at layer 7.
"Fuzz testing" is particularly suitable for testing the reliability and robustness of components that handle NGN protocols. The fuzz testing tools that are now available can make a major contribution to ensuring the security of NGNs.
Fill in your contact details to download the full whitepaper.
Whitepaper Download:
Fill in your details to download the full whitepaper:
