Conceptual information about 4G/LTE Equipment ID security.
Billions of subscribers use 4G/LTE mobile networks,
often to connect the Internet of Things. Networks require context-aware
security to prevent financial and operational risks for service
providers and enterprise customers using private 4G networks. Malware
that infects User Equipment (UE), including smart phones, tablets,
laptops connected via a dongle, and cellular IoT devices, could
prevent the UE from accessing the mobile network and could be part
of a botnet launching an attack against the mobile network infrastructure.
The impact of such malware to the customer includes battery exhaustion damage
to the device, degraded service, excessive billing, and more. The
impact to the service provider can include customer churn, help
desk calls, billing issues, and excessive use of network resources
by compromised subscribers and devices. Detection of these threats
in 4G/LTE mobile networks requires identification of compromised
equipment; prevention requires the ability to apply network security
based on equipment ID, which is an International Mobile Equipment
You can use GTP security to investigate
a security event related to a device or equipment in a 4G network
when you have the IMEI. You can look at the traffic, threat, URL
filtering and WildFire
logs and reports.
You can also apply network security based
on the equipment identity of any device or equipment that is trying
to access your 4G network. You can secure such things as:
Internet of small/sensing things
An area of Massive IoT (smart metering, smart waste management, anti-theft,
and asset management)
Critical IoT (such as health care), wireless payments, home
control, vehicle communication, phone, and tablet
The following graphic illustrates two 4G/LTE only deployment
options. In the first option, the firewall is on the S11 and S1-U
interfaces. S11 is the interface between the MME and SGW; S1-U is
the interface between the eNodeB and SGW in the 4G/LTE network.
In the second option, the firewall is on the S5/S8 interfaces, which
are between the SGW and PGW in the 4G/LTE network.
You can apply the following per equipment ID: application control,
Antivirus, Anti-Spyware, URL filtering, intrusion prevention, and
advanced threat prevention with WildFire based on an IMEI or a group
Security policy rules allow you to specify external dynamic lists
(EDLs) that can specify IMEIs so that you can dynamically add IMEIs
to the rule.
When deciding which firewall model to purchase, consider the
total number of 3G, 4G, and 5G network identifiers (Subscriber IDs
and Equipment IDs) you need to include as EDL entries or static
entries. The table in 5G Equipment ID and Subscriber ID Security provides
capacities of EDL entries and static entries for each firewall model.