Conceptual information about 4G/LTE Equipment ID security.
Billions of subscribers use 4G/LTE mobile networks,
often to connect the Internet of Things. Networks require context-aware
security to prevent financial and operational risks for service
providers and enterprise customers using private 4G networks. Malware
that infects User Equipment (UE), including smart phones, tablets,
laptops connected via a dongle, and cellular IoT devices, could
prevent the UE from accessing the mobile network and could be part
of a botnet launching an attack against the mobile network infrastructure.
The impact of such malware to the customer includes battery exhaustion damage
to the device, degraded service, excessive billing, and more. The
impact to the service provider can include customer churn, help
desk calls, billing issues, and excessive use of network resources
by compromised subscribers and devices. Detection of these threats
in 4G/LTE mobile networks requires identification of compromised
equipment; prevention requires the ability to apply network security based
on equipment ID, which is an International Mobile Equipment Identity (IMEI).
You can use GTP security to investigate
a security event related to a device or equipment in a 4G network
when you have the IMEI. You can look at the traffic, threat, URL
filtering and WildFire® logs and reports.
You can also apply network security based
on the equipment identity of any device or equipment that is trying
to access your 4G network. You can secure such things as:
Internet of small/sensing things
An area of Massive IoT (smart metering, smart waste management, anti-theft,
and asset management)
Critical IoT (such as health care), wireless payments, home
control, vehicle communication, phone, and tablet
The following graphic illustrates two 4G deployment options.
In the first option, the firewall is on the S11 and S1-U interfaces.
S11 is the interface between the MME and SGW; S1-U is the interface
between the eNodeB and SGW in the 4G/LTE network. In the second
option, the firewall is on the S5/S8 interfaces, which are between
the SGW and PGW in the 4G/LTE network.
You can apply the following per equipment ID:
application control
Antivirus
Anti-Spyware
URL filtering
intrusion prevention
advanced threat prevention with WildFire based on an IMEI or
a group of IMEIs
Security policy rules allow you to specify external dynamic lists
(EDLs) that can specify IMEIs so that you can dynamically add IMEIs
to the rule.
When deciding which firewall model to purchase, consider the
total number of 3G, 4G, and 5G network identifiers (Subscriber IDs
and Equipment IDs) you need to include as EDL entries or static
entries. The table in 5G Equipment ID and Subscriber ID Security provides
capacities of EDL entries and static entries for each firewall model.