Conceptual information about 4G Subscriber ID security.
4G/LTE mobile networks are used by billions of subscribers
worldwide, increasingly to connect the Internet of Things. This
evolution needs context-aware security in the network to prevent
financial and operational risks for service providers and enterprise
customers using private 4G networks. Malware that infects User Equipment
(UE), including smart phones, tablets, laptops connected via a dongle,
and cellular IoT devices, could prevent the UE from accessing the
mobile network and could be part of a botnet launching an attack
against the mobile network infrastructure.
The impact of such malware to the customer includes battery exhaustion
damage to the device, degraded service, excessive billing, and more. The
impact to the service provider can include customer churn, help
desk calls, billing issues, excessive use of network resources by
compromised subscribers and devices, and more. Detection of these
threats in 4G/LTE mobile networks requires identification of compromised
subscribers; prevention requires the ability to apply network security
based on subscriber ID, which is an International Mobile Subscriber
You can use GTP security to investigate
a security event related to a subscriber or user in a 4G network
based on the IMSI. You can look at the traffic, threat, URL filtering
logs and reports.
You can apply network security based
on the subscriber identity of a user who is trying to access your
The following graphic illustrates two 4G deployment options.
In the first option, the firewall is on the S11 and S1-U interfaces.
S11 is the interface between the MME and SGW; S1-U is the interface
between the eNodeB and SGW in the 4G/LTE network. In the second
option, the firewall is on the S5/S8 interfaces, which are between
the SGW and PGW in the 4G/LTE network.
You can apply the following per equipment ID: application control,
Antivirus, Anti-Spyware, URL filtering, intrusion prevention, and
advanced threat prevention with WildFire based on an IMSI or a group
Security policy rules allow you to specify external dynamic lists
(EDLs) that can specify IMSIs so that you can dynamically add IMSIs
to the rule.
When deciding which firewall model to purchase, consider the
total number of 3G, 4G, and 5G network identifiers (Subscriber IDs
and Equipment IDs) you need to include as EDL entries or static
entries. The table in 5G Equipment ID and Subscriber ID Security provides capacities
of EDL entries and static entries for each firewall model.