5G: improving end-to-end network security

The rollout of 5G across the country could be considered one of the most anticipated technological advancements in recent memory. While many focus on consumer benefits, organizations are also poised to reap the benefits. However, despite all the fanfare about next-gen cellular performance and low latency, some still worry about whether 5G for business will meet all the security requirements of modern enterprise networks.

In fact, cellular wireless WAN (WWAN) has been able to deliver enterprise-grade security at the network edge for many years. Additionally, 5G may be even more secure than 4G, given new developments at the network core.

Improved security at the network level: from 4G to 5G

The opportunity to improve security presents itself with each new generation of cellular technology. In particular, 5G has brought several key changes:

  • New authentication framework: With the 5G protocol, a a new authentication framework has been introduced. This is based on a well established and widely used computer protocol called Extensible Authentication Protocol (EAP) which is open, network independent and more secure.
  • Improved Subscriber Privacy: 5G offers privacy enhancements against attacks that occur when a fake base station calls the user’s equipment to tell it to come out of idle. In 5G, the International Mobile Subscriber Identity (IMSI) is not used in paging, there is less text exchanged, and the network performs analysis on the radio environment, detecting abnormal base stations .
  • Improved core network agility and security: The core of the 5G network is moving to a service-based architecture (SBA). This is provided by a set of interconnected Network Functions (NFs), with permission to access each other’s services. An SBA enables plug-and-play software, agile programming, and network slicing, which streamline operations and support greater innovation.
  • Extended Roaming Security: The 5G standard introduces enhanced interconnect security between network operators, centered on a network function called Security Edge Protection Proxy (SEPP). SEPP sits at the edge of each network operator’s 5G network; each operator’s SEPP is authenticated and application layer security protects the traffic.
  • Advanced User Plane Integrity Protection: The 5G standard introduces a new feature that protects user-plane traffic between a device and the cell tower, aimed at mitigating high-level man-in-the-middle attacks that interfere with sensitive and unprotected information of the live user plan.

Cellular Broadband Security at the Network Edge

While enterprises will continue to employ the advanced network security tactics they used with wired broadband and 4G at the network edge, now is the time for them to consider following 5G-related technologies:

Private 5G networks: Organizations with large areas requiring secure LAN-like connectivity can deploy their own Private cellular network (PCN). Enterprises can control their own PCNs by implementing micro-towers and small localized cells, similar to access points. It’s like a scaled-down version of a public network, except you control quality of service as well as security.

5G is the first cellular network specification to truly embrace virtualization, offering significant cost savings for implementing otherwise expensive physical network cores.

Network slicing: The reliability, speeds and low latency of 5G can only be balanced if the network components share the right information with the appropriate virtual network functions (VNFs). This is achieved through network slicing within the SBA.

Consider how cloud computing transitioned to containerization and VNFs; similar to this, the 5G core switches to this model and creates microservices contained in security groups, or slices, that work to fulfill promises made for specific traffic based on its quality of service marks (service information). Single Network Slice Selection Assistance, or S-NSSAI).

Network slicing allows operators to offer network services tailored to the unique needs of each organization. At the same time, it gives businesses the ability to select the right level of security for each use case.

Securing wired and wireless networks

If network security professionals haven’t installed new security protocols suitable for protecting their traditional wired network, now is the time to implement those security architectures to secure both wired and wireless endpoints.

Zero Trust Network Access (ZTNA): ZTNA is a concept of security it assumes that anyone trying to access a network or application is a malicious actor – and someone who will need to be checked constantly. It uses an adaptive verification policy on a per-session basis that is able to take into account things like the user’s device, location, identity, time and date of the request, as well than any usage patterns that have been observed previously.

The rapid growth of the Internet of Things (IoT) and other connected use cases means that organizations will need to be more diligent and remotely control the authentication and identification of devices and the flow of data between them. With this in mind, ZTNA will be a key part of 5G security at the network edge.

Secure Access Service Edge (SASE): With so much data now headed to the cloud, most security services reside there as well. Combining networking and security functions, SASE is a cloud-delivered security model in which traffic is encrypted and directed to a cloud service where a complex stack of security technologies is applied.

Canadian companies are on the verge of rolling out 5G connectivity for a range of applications, if they haven’t already. Mining, retail and restaurant pop-ups, sprawling branches, vehicles and more – all of these organizations can improve their ability to scale safely and quickly with the deployment of cloud-manageable wireless edge routers and layers of security consistently. WWAN and SASE integrate seamlessly with the distributed edge.

5G’s enhanced edge-to-core security capabilities, in addition to current edge-to-cloud security technologies such as SASE and ZTNA, will enable enterprises to adopt 5G while significantly improving their end-to-end security posture. at the end.

Kevin M. Risinger