公路、房建、市政项目部监理工作考核31.pptVIP

Disclaimer The speech is oriented towards the penetration testing methodology used while working with a GSM operator and its legal working framework. We do not recommend that you use this material for unauthorised access to telecommunications operators’ infrastructure or systems. We cannot be held responsible if you decide nevertheless to explore such systems, find it fascinating, start getting sloppy and leave tracks that finally get you busted. The information contained within this presentation does not infringe on any intellectual property nor does it contain tools or recipe that could be in breach with Chinese laws. Contents GSM: a quick security overview Infrastructure of GSM operators Review of systems used Common fraud techniques Uncommon fraud techniques Future challenges Conclusions / Questions GSM Overview GSM operators typically split their network between IT (the incompetent team running the mail, the domains, the printers and the proxy/firewall) and Engineering (the telco side). Usually there is distrust between the two entities, poor communications and certainly no common policy towards security. IT of course believe they are important, but in fact they just have a support role. The GSM core network GPRS network GPRS details GSM security Only provides access security – communications and signalling traffic in the fixed network are not protected. Does not address active attacks, whereby some network elements (e.g. BTS: Base Station) are faked Only as secure as the fixed networks to which they connect Lawful interception only considered as an after-thought Terminal identity cannot be trusted Difficult to upgrade the cryptographic mechanisms Lack of user visibility (e.g. doesn’t know if encrypted or not) Attacks on GSM networks Eavesdropping. This is the capability that the intruder eavesdrops signalling and data connections associated with other users. The required equipment is a modified MS. Impersonation of a user. This is the capability whereby