NEW-AGE MOBILE NETWORKS: THREATS AND SOLUTIONS
Nitin VigSenior Systems EngineerJuniper Networks
AGENDA
Mobility Trends1111
Attacks and their impact2222
2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Thwarting the attacks3333
Summary4444
SECURITY IS IMPACTED BY TWO TRENDS
Industry Trends
Workforce Behavior IT Infrastructure Business Drivers
Compliance Requirements
Business
3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Security Trends
Attacker Behavior New Attack TargetsEvolving Threat Vectors
INDUSTRY TRENDS
Business DriversWorkforce Behavior IT Infrastructure
Branch
Data
Cente
r * Clo
ud
4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Campus
Mobile Clients
Data
Cente
r * Clo
ud
SECURITY TRENDS
Attacker
Notoriety Profitability .gov /.com .me / .you
So
ph
istica
tio
n
(Ma
turi
ty)
Type of Attack
Botnets
APT
5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Threats
Target
So
ph
istica
tio
n
(Ma
turi
ty)
Botnets
Trojans
VirusWorms
DOSDOSDOS
MalwareMalwareMalware
New Devices
ERP
Internet Information Services
New Applications
6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
ATTACKS AND THEIR IMPACT
THE THREAT OF MOBILE MALWARE IS NOW REAL!
Mobile device threats reach
Threats to mobile devices
are now a reality!
7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
…to include malware,
loss/theft, data comm
interception, exploitation
and misconduct, and direct
attacks.
Mobile device threats reach
FAR beyond simple viruses
and SMS exploits…
EVOLUTION OF MOBILE MALWARE
Criminals now using PC-style malware attacks to infect
mobile devices
Mobile Apps in App Stores
Greatest mobile malware risk comes from rapid proliferation of
applications in app stores
8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
mobile devices applications in app stores
FlexiSpy, Mobile Spy, MobiStealth…
*Information obtained from analysis of Junos Pulse Mobile Security Suite virus definition database dated 10/15/2010
Mobile spyware is prevalent and now commercialized
THE MOBILE MALWARE EXPLOSION
While mobile malware grew
quickly between 2009 and 2010…
9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
…malware samples for Google
Android grew even faster!
MOBILE MALWARE EXAMPLES
Trojans that send SMS messages to premium rate numbers
Background calling apps that rack up exorbitant long distance bills
SMS
₤ € $ ¥
$
¥€
₤ ₤€ $
¥₤
€$¥₤
$
10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
“Credit Card:1-2-3-4-5…”
“Credit Card:1-2-3-4-5…”
Keylogging applications that compromise
passwords and credit card or bank account numbers
Self-propagating code that infects devices and spreads to additional devices listed in
a user’s address book
…
Malware growing more sophisticated, now with
polymorphic attacks
MOBILE MALWARE EXAMPLES AND TARGETS
'Most Sophisticated' Android Trojan Surfaces in China –December 30, 2010
� Geinimi, highly sophisticated botnet-like Trojan, detected in Android devices in China
� Sends location information, device identity, even stored contacts to unknown server
� Found in apps, mostly games, infected and repackaged to resemble legitimate apps, then uploaded onto Chinese third-party app stores
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
2011 Cyberattack Targets: iPhone, Facebook, Foursquare –December 29, 2010
'Phishing' Scams Cast Net on Mobile Banking – January 30, 2010
� Developer published an app supposedly for accessing online bank accounts
� After installation, users were presented with their bank’s URL and were prompted for login credentials
� After login credentials were submitted, they were then sent to an unknown location, presumably for fraudulent activities
ATTACKS: IMPACT ON THE NETWORK
OSS / BSSApplications & Services Signalling links
Mobile Core / InfrastructureDC
1
2
4
57
6
3
3 3 3
3
3
12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
AccessClients
Internet
Peering Network
1. RNC Connections (RAN)
2. Airtime (RAN)
4. Data Records
5. DNS Queries
7. Subscriber Billing Complaints
6. Battery Drain Issues3. Bandwidth
3
BUSINESS IMPACT OF NETWORK OUTAGE
Tier-1 European SP suffered a massive network outage (HLRs)
40 million customers unable to make calls or send texts for 4 hours.
Approximately $100 million in lost revenues to Operator
13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Approximately $100 million in lost revenues to Operator
After a similar network outage back in 2004 at Bouygues Telecom in France, the operator sued its HLR supplier, Tekelec, for $81 million in damages
http://www.unstrung.com/document.asp?doc_id=175678&piddl_msgid=180879
14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
THWARTING THE ATTACKS
STATIC SECURITY IS NOT ENOUGH ANYMORE
Growing importance of real-time, dynamic security decisions and security policies enforcements
“If you can detect an attack in the first hour, you have a 90% chance of preventing a data breach,” said Jonathan Nguyen-Duy, director of Verizon product management.
15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Duy, director of Verizon product management.
“By detecting an attack before that packet ever reaches a clients’ perimeter, we can block it, route it or quarantine it”
http://telephonyonline.com/business_services/news/verizon-managed-security-0805/?smte=wl
THE FUTURE OF SECURITY
MobilityMobility ConsolidationConsolidation
16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
VisibilityVisibility
Global HighGlobal High--Performance NetworkPerformance Network
CONSOLIDATION
Branch
NAT
Firewall
IPS
IDS
UTM
VPN
NAT
Anti-malware
Consolidation of security services (everywhere)
17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Da
ta C
en
ter
Data/App Consolidation
Campus
Mobile Clients
NAT
Firewall
Anti-malware
IDS
IPS
VPN
LAN Acceleration
Anti-virus
Remote Access
Remote Lock/wipe
Backup & Restore
IPS
Firewall
IDS
VPN
UAC
Firewall
VISIBILITY
Global HighGlobal High--Performance NetworkPerformance Network
Consolidation of security services (everywhere)
Comprehensive Application Visibility and Control
Source to Source to Source to
What UserWhat User
What ApplicationWhat ApplicationBranch
18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Source to DestinationSource to
DestinationSource to
Destination
Da
ta C
en
ter
What ApplicationWhat Application
User DeviceUser Device
User LocationUser Location
Campus
Mobile Clients
MOBILITY
Notebook
Global HighGlobal High--Performance NetworkPerformance Network
Consolidation of security services (everywhere)
Comprehensive Application Visibility and Control
Secure Mobility
19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Netbook
Smartphone
Tablet
Campus
Branch
SGSN GGSN
MOBILE PACKET CORE
RAN
OSS• SOC• NOC
IMS• IP PBX• MMS• WAP
VAS•Music•IPTV•Maps
CSS•CGW•AAA•DNS
OSS IMS VAS CSS
SSL VPNSSL VPN
OSS IMS VAS CSS
Gi IPSGn IPS Gi FWGn FW
SECURING THE MOBILE INFRASTRUCTURE
Secure the Applications
SSL VPN
20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Roaming Exchange
Other PLMNOther PLMN
Secure the Devices
Secure the Network
Gp IPS
Gp FW
Manage at Scale
21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
SUMMARY
COMPREHENSIVE SECURITY STRATEGY
Mobile Device Security Application Security
• AppSecure Strategy• User mapping to
Datacenter Security
Secure Mobile Infrastructure
• Scale throughput &
NetworkDevice Application
22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
• Security • Secure Connectivity • Acceleration
• User mapping to application • Virtual security
• Bridge the physical and virtual• Datacenter scale
• Scale throughput & Sessions• Signaling and control plane security• Security for new applications
Expanded Go To Market