p1 training description ts-270 20170928 v3 jbt · · 2017-10-10• sgw – pgw infrastructure and...
Post on 01-Apr-2018
220 Views
Preview:
TRANSCRIPT
©2017P1Security.Allrightsreserved.
²
TrainingDescription
2017
TS-270LTESecurityandInsecurity
©2017P1Security.Allrightsreserved.
TS-270LTESecurityandInsecurity
Descriptionoftraining
Learnaboutmoderntelecom,mainlineandmobile,systemsandnetworksfor4GLTEmobilenetworkservice.UnderstandthesecuritymechanismofLTEandtheEvolvedPacketCorenetworksecurityandvulnerabilities.LearnindetailsthevariousproblemsthatmayhappeninLTEnetworksanddefineaplanofstudytobecomeanLTENetworkauditor.DurationUniqueversion:2days.Attendeeswillreceive
• Trainingmaterial:copyofthepresenter’sslidesthroughIntralinksWebplatformtoolforaoneYeardurationafterthetraining’sdelivery.
Prerequisitesfortraining
• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G,4G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies.
• LaptopwithKaliLinuxinstalledeitherinVMornative;• GoodknowledgeandusageofWireshark;
Coveredinthistraining
• LTEIntroduction;• LTESecurityarchitecture;• LTENetworkelementsoverviewandsecurityroles&functions;• LTECommunicationsecurity,cryptographyandkeymanagement;• StudyofLTEprotocols:
o S1AP;o X2AP;o Diameter;o GTP-C;o GTP-U;o GTPv2;o GTP’;o NAS.
• TypicalattacksonLTEinfrastructure;• RecapofSS7attackscenariosandcomparisonto4G;• RoleoflegacyinLTEsecurity;
©2017P1Security.Allrightsreserved.
• Networkelementsandtheirfunctions:HSS,DRA/DEA,MME,PCRF,eNodeB,PGW,SGW;• DRAremoteandRCEcompromiseviaDiameter;• VulnerabilitiesinVoLTE;• AnalysisofGenericLTENetworkelementandvulnerabilities:• DiametersecurityandcomparisontoSIGTRANandRadiusprotocols;• Diameterfuzzingandscanning;• Diameterinaroamingcontext;• NASsecurity,protocolreviewandknownattacks;• SCTPprotocolbasics,scanningandattackscenarios;• SGW–PGWinfrastructureanddesignandGTPv2scanningandfuzzing;• S1APinterfaceprotocolstudyandknownvulnerabilities;• AttackscenariosovertheS1APinterface;• AttackingO&M(OAM&Management)ofnetworkelements;• CrackingRADIUSprotocol;• GRX/IPXcompromisecasestudies,architectureanddesignandknownvulnerabilities;• ScenariosofattackofLTEnetwork:
o Radio-based,subscriberrole;o Infrastructure-based,transmissionorRANvector;o Internal-basedattack;o Interconnectbasedattackscenarios.
top related