[VoiceOps] The big ENUM question (Was: VPFs)
abalashov at evaristesys.com
Thu Aug 6 17:31:29 EDT 2009
There's nothing preventing someone from throwing garbage into the SS7
network, it's just that as has been repeated already several times, the
barriers to entry for that rather exclusive, proprietary and expensive
world are rather high.
The issue with setting up a secure and trusted signaling plane over the
Internet isn't so much making the communication pathways secure; VPNs
do a perfectly good job of that. That's not the problem. The problem
is the security of all the other things that are also connected to the
IP network into which those VPN tunnels land. If an ordinary server is
broken into, it can be used as a jump-off point by someone who knows
what they're looking for to compromise the signaling plane as well by
forwarding packets through the right gateway destination.
No, it's not terribly easy, but at the same time, the chances of it
happening are orders of magnitude higher in a generalised IP scenario.
That's much harder to do with SS7 endpoints; one would have to break
not only into a network element via IP, but also stick an exploit into
what is usually a very proprietary and reasonably secure black box.
The other related factor is that as many participants in the SS7 network
as there are, that's a very, very small pool of deployments, generalised
user experience and far-reaching knowledge as compared to anything IP.
Ubiquitous operating systems and open-source packages enjoy thousands of
times the volume of bugs, cracks, exploits and open QA feedback on which
there is a lot of sunshine as compared to something so exclusive.
That's not to say that there isn't already plenty of SS7 over public IP
going on. I've seen more than my fair share of CLECs - usually little
ones created to support the back side of some VoIP product -
interconnect with the ILEC via SIGTRAN over Internet VPN to a
third-party provider that actually works the A-links. I don't know if
VeriSign still offers this product, but it was plenty popular.
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (678) 237-1775
More information about the VoiceOps