Although Diameter is an improvement from SS7, it is subject to the same vulnerabilities and many more. Messages sent over Diameter are prone to man-in-the-middle attacks because they are read at several stages and by several systems. Diameter, like GSM MAP delivers various user-related data called Attribute Value Pairs (AVPs). These can be easily modified or inserted, and therefore, to defend against attacks, all AVPs must be screened and signalling controlled on all messages.
Unified or Independent
Diameter Firewall can be deployed standalone or can be complemented with additional protocols as additional modules of the Unified Signalling Firewall as needed in the future.
- All modules intercept both national and international messages
- Uses REST API integration
- All Cellusys products support virtual deployment or can be installed on our customised servers
The GSMA categorises not only different Diameter messages and interfaces, but also different anomalies of packet networks and levels of filtering. Cellusys Diameter Firewall incorporates all four levels of filtering.
- Category 0 screening is a basic low-level look at non-application information such as format, IP address, and host addresses.
- Category 1 looks at an individual Diameter interface and ensures that the proper command and application identifier are allowed.
- Category 2 drills down further by looking at the actual data being sent (AVPs).
- Category 3 examines location and time-based feasibilities.
Equipped with powerful (yet agile) reporting and alerting features, not only will your network be secure, you can be sure to have the most accurate information about your network traffic and security at your fingertips.
Customise real-time alerts to be notified the moment a threat occurs. Everyone on your team can be provided proper access levels and customise reports to suit their individual needs (no matter their level of technical expertise) thanks to the intuitive GUI.
Easily set alerts or publish reports as broad as traffic overview or drill down to monitor a suspicious caller ID. Troubleshoot VIP complaints and monitor message volumes with the touch of a button.
Signalling Providers and Signalling Hubs
Signalling is your business — at least make it secure. We have provided many Tier 1 signalling hubs with the capability to control and secure their signalling.
Fully compliant with GSMA FS.19
GSMA FS.19 Diameter Interconnect Security was first approved by the GSMA in 2015 and has been updated regularly since then. Version 7.0 was published in May of 2019. It outlines known threats in the context of LTE roaming and SS7 interconnect and recommends countermeasures to detect unwanted and malicious messages and set firewall policies. GSMA guidelines are often the basis for public policy and regulation regarding signalling security.
Network Security Test
How secure is your network?
Learn more about our Managed Service for Security
WE INSTALL, WE MANAGE, YOU WIN
Download Signalling Firewall Data Sheet
The Cellusys Unified Signalling Firewall is a powerful cross-protocol solution for signalling security and SMS monetisation. The firewall is able to mitigate complex threat scenarios through internal correlation across SS7, Diameter, GTP, SIP, and SMPP. Every layer-Every message.