Signaling System No.7 Protocol Architecture And Sevices part 56

ummary This chapter focused on the key SigTran protocols and their role in a nextgeneration architecture of voice products. The SigTran work grew from a desire to decompose a traditional circuit switch into specialized components. It focused on the following two areas
Nội dung trích xuất từ tài liệu:
Signaling System No.7 Protocol Architecture And Sevices part 56ummaryThis chapter focused on the key SigTran protocols and their role in a next-generation architecture of voice products. The SigTran work grew from a desire todecompose a traditional circuit switch into specialized components. It focused onthe following two areas: • A transport protocol that is suitable for meeting the requirements of carrying telecommunication protocols, especially SS7, over a packet network. • The creation of adaptation layers that support the primitives of SCN telephony signaling protocols.SCTP was developed as the new generic transport protocol. It providesperformance and reliability benefits for telephony signaling transport over the UDPand TCP transport protocols.The common elements of the adaptation layers were introduced and described insome detail, as were the following key adaptation layers: • M3UA— Provides for the transport of MTP Level 3 user part signaling (for example, ISUP and SCCP). • SUA— Provides for the transport of SCCP user signaling (for example, TCAP). • M2UA— Provides for the transport of MTP Level 2 user signaling (for example, MTP Level 3). • M2PA— Provides a means of creating an IP SS7 link by replicating MTP Level 2 and supporting the MTP Level 2 primitive boundary to MTP Level 3. • IUA— Provides for the transport of Q.921 user signaling (for example, Q.931).In addition, two protocols related to SigTran were introduced: TALI and the earlyCisco backhaul protocol stack. Finally, some examples of SS7 to SIP and H.323interworking were provided to provide a context for how SigTran protocols can beused with other VoIP protocols. < Day Day Up > < Day Day Up >Chapter 15. SS7 Security and MonitoringSignaling System No. 7 (SS7) is a castle in terms of security, although the castlewalls are increasingly coming under attack. The main forces acting on the protocolto wear down its defenses are market liberalization and ever-increasingconvergence.When SS7 was designed and initially deployed, comparatively few telephonecompanies with well-defined network boundaries existed. That environment nolonger exists because of market liberalization; there are more telephony providersthan could have been imagined when SS7 was first drawn up.The convergence of SS7 with next generation architectures such as IP networkshas created the need for additional security enforcement. SS7 has relied on anisolated signaling network for much of its security and the interconnection with IPnetworks and interworking with other packet protocols changes this paradigm.The lack of security inherent in the SS7 protocol is likely to be increasinglyexposed in line with communications convergence and with the ever-increasingnumber of operator interconnects.At present, traditional SS7 has no security mechanisms to ensure that a sender iswho he says he is, nor is there cryptographic protection against alteration ofmessages. Securing traditional SS7 currently focuses on screening incoming trafficand monitoring for unusual traffic. This chapter examines each of these securitymeasures. < Day Day Up > < Day Day Up >Traffic ScreeningThis section provides a practical overview of SS7 traffic screening. Trafficscreening is normally applied at Signal Transfer Points (STPs) because these arenormally the gateways between operator networks. Network operators areresponsible for ensuring the security of their own SS7 networks to defend againstany unwarranted incoming traffic. At present, SS7 traffic can be altered, injected,or deleted after physical access to the signaling links is gained.STPs normally have extensive screening functionality. Typically, the screeningrules are specified on a per-linkset basis. Usually the STP can support something inthe range of a few thousand conditional statements that can be applied to eachlinkset. Screening usually adds only a couple milliseconds to cross STPtransmission time.STP gateway screening is typically applied to provide access-control mechanismsto nonhome SS7 networks (interconnects). Figure 15-1 illustrates this concept. Figure 15-1. STPs May Be Used to Filter Incoming SS7 MessagesBefore an incoming Message Signal Unit (MSU) is accepted, it should pass aseries of filtering rules that ensure conformance to the specified criteria. If an MSUdoes not pass the test, it should be discarded. This operation is known as messagescreening. Screening normally is applied only to the incoming internetwork SS7MSUs. Screening procedures normally are not applied to outgoing or intranetworkMSUs. Internetwork MSUs are of high importance because they constitute thetraf ...