Penetration Testing mailing list archives

RE: GPRS security

From: "Ofir Arkin" <ofir () sys-security com>
Date: Sat, 2 Mar 2002 11:42:09 -0000

All,
There is a Firewall aware of GTP as it had been announced lately
Checkpoint software technologies and Nokia have that solution.

From their Press Release:

"Check Point Software First to Ship Advanced Security Solutions for GPRS
Infrastructures"

More Information can be found at:
http://www.checkpoint.com/press/2002/firewall-1gx021902.html


Ofir Arkin [ofir () sys-security com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA 

-----Original Message-----
From: Toni Heinonen [mailto:Toni.Heinonen () teleware fi] 
Sent: ד 27 פברואר 2002 20:11
To: OPITZ,PAUL (HP-France,ex2); pen-test () securityfocus com
Subject: RE: GPRS security

Does anybody knows well known threats and vulnerabilities in 
the GPRS world
and countermesures ?


I've heard a lot of fuss going lately about operators protecting their
core network well from attacks from the Internet, but forgetting to
secure the other end, ie. the mobile station end of the core network.
However, I think there's little risk here as the client's traffic is
tunneled through the GPRS core. But it's basically IP traffic, and a
good IP firewall will protect you. There is only one oddity in the GPRS
core, and that is the GPRS tunneling protocol, GTP. It would be nifty to
filter on the tunneled packets' headers too or on other GTP-specific
information, but I am not aware of any firewalls that understand GTP.
One might however think that the Nokia IP430 (or whatever the number
was) would be capable of filtering on GTP headers, as it does come from
a big GPRS network eq. vendor that also recommends it be used with the
GPRS core.

The security of the wireless airway itself is a wholly different
question.

TONI HEINONEN
   TELEWARE OY
   Telephone  +358 (9) 3434 9123  *  Fax  +358 (9) 3431 321
   Wireless  +358 40 836 1815
   Kauppakartanonkatu 7, 00930 Helsinki
   toni.heinonen () teleware fi  *  www.teleware.fi

------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

RE: GPRS security Ofir Arkin (Mar 04)