Chapter 15. SS7 Security and Monitoring

Signaling System No. 7 (SS7) is a castle in terms of security, although the castle walls are increasingly coming under attack. The main forces acting on the protocol to wear down its defenses are market liberalization and ever-increasing convergence.

When SS7 was designed and initially deployed, comparatively few telephone companies with well-defined network boundaries existed. That environment no longer exists because of market liberalization; there are more telephony providers than could have been imagined when SS7 was first drawn up.

The convergence of SS7 with next generation architectures such as IP networks has created the need for additional security enforcement. SS7 has relied on an isolated signaling network for much of its' security and the interconnection with IP networks and interworking with other packet protocols changes this paradigm.

The lack of security inherent in the SS7 protocol is likely to be increasingly exposed in line with communications convergence and with the ever-increasing number of operator interconnects.

At present, traditional SS7 has no security mechanisms to ensure that a sender is who he says he is, nor is there cryptographic protection against alteration of messages. Securing traditional SS7 currently focuses on screening incoming traffic and monitoring for unusual traffic. This chapter examines each of these security measures.