Protect business critical systems within the core network
The Service Domain of a Communications Service Provider’s network hosts critical services such as DNS servers for address translation, IMS platforms for Voice over LTE (VoLTE) and Voice-Mail servers for messaging applications. These servers are critical to providing a good customer experience and need to therefor be protected from overload risks. In addition, a lot of sensitive data is passing through these servers and they need therefor extra protection from threats from outside and from within the network itself.
SOLUTION
Service Domain Security
The solution includes dedicated firewall platforms providing protection with more intelligence. The firewall understands the signaling and can perform inspection and validation on a deep level. For DNS services a DNS Application Layer Gateway (ALG) is screening all requests and enable blocking of malicious traffic. For IMS platforms the firewall includes a back-2-back user-agent performing stateful handling, inspection and validation of SIP signaling.
For secure traffic request to for instance a Secure Webservices server the firewall is able to host the certificate of the destination server inside the firewall, enabling it to decrypt the traffic and preforming full inspection before delivering the requests to the web-severs. This not only enables a layer of security it also offloads the web-server infrastructure as encryption there is now optional.
With this layer of protection in front of the service domain the CSP can be sure that all traffic is screened and validated. In addition, traffic overload situations can be mitigated using smart shaping strategies.
BENEFITS
1
Protects critical systems
2
Protect privacy
3
Protect the network from disturbances
Clavister Service-Based Firewall Report
Heavy Reading Analyst Jim Hodges explains why traditional firewalls are not sufficient for architectures prepairing for 5G and Next Generaiton Core networks.
Topics covered in this white paper include:
- How the 5G Service Based Architecture (SBA) core network and associated capabilities such as 5G slicing will drive new security enforcement firewall functionality
- The security firewall requirements associated with managing the 5G cloud-distributed new radio (NR) access network
- The implication of these technologies on existing cloud-based Firewall as a Service (FWaaS) deployments
- Clavister’s product strategy for dealing with these new service-driven firewall requirements
Use Cases included in this solution
Network Attack Protection
Intrusion detection and prevention system, GeoIP restrictions and denial of service protection
READ MORE
Control Signalling Validation
Gateway function for specific signalling validation including GTP and SCTP
Products
Virtual Models
High performance virtualized security gateways designed for new carrier networks based on NFV/SDN.