Muutke küpsiste eelistusi

Securing 5G and Evolving Architectures [Pehme köide]

3.00/5 (4 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 624 pages, kõrgus x laius x paksus: 32x232x178 mm, kaal: 1000 g
  • Ilmumisaeg: 13-Jan-2022
  • Kirjastus: Addison Wesley
  • ISBN-10: 0137457936
  • ISBN-13: 9780137457939
Teised raamatud teemal:
Securing 5G and Evolving ArchitecturesSuurem pilt
  • Formaat: Paperback / softback, 624 pages, kõrgus x laius x paksus: 32x232x178 mm, kaal: 1000 g
  • Ilmumisaeg: 13-Jan-2022
  • Kirjastus: Addison Wesley
  • ISBN-10: 0137457936
  • ISBN-13: 9780137457939
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780137457939.html
Märksõnad:

SECURING and EVOLVING ARCHITECTURES



5G initiates a period of technological evolution where the benefits transcend faster data download speeds and enable services that will change the way we all live and consume technology. Leveraging 5G’s openness, a new developer ecosystem is building breakthrough services that billions of people will consume, delivering immense value to enterprises and subscribers alike. For 5G to achieve its potential, organizations must embrace multi-layered security that goes far beyond 3GPP specifications. Now, leading security architect Pramod Nair helps network professionals climb the steep learning curve associated with securing 5G, fully understand its threat surfaces, systematically mitigate its risks, and maximize the value of their security investments.



This coherent, pragmatic, and vendor-agnostic guide will help you plan for security from the outset, make better choices throughout the lifecycle, and develop the mindset needed to secure new generations of networks. You’ll fi nd all you need: from high-level 5G security concepts to in-depth coverage of specific security controls, end-to-end architectural guidance, 5G security use cases, and cutting-edge “quantum proofing.” Throughout, practical examples and real-life scenarios help you apply Nair’s insights—whether you’re a service provider, an enterprise, an industry vertical, a startup, a cybersecurity vendor, a systems integrator, or even in a defense environment.



Securing 5G and Evolving Architectures is for technical and management audiences at all levels of 5G experience--from enterprise and security architects to network engineers, cloud computing and data center professionals, to CSO and CTO teams.



  • Explore new 5G security challenges—and why you still need external controls, even with recent 3GPP improvements
  • Implement network component security controls for RAN, Transport, 5GC, and devices
  • Safeguard Multi-Access Edge Compute (MEC), SDNs, virtualized 5G cores, and massive IOT
  • Protect Public and Non-Public Networks (Private 5G) deployment scenarios
  • Secure Critical Infrastructure, Vehicle to Everything (V2X), and Smart Factory use cases
  • Optimize end-to-end 5G security architecture across all 5G domains based on zero trust
  • Prioritize 5G security investments in service provider or enterprise environments
  • Preview emerging 5G use cases and ML/AI-based security enhancements


Foreword xiv
Preface xv
Acknowledgments xx
About the Author xxi
Part I Evolution of Cellular Technologies to 5G, Security Enhancements, and Challenges
Chapter 1 Evolution from 4G to 5G
2(24)
Mobile Network Evolution from 4G to 5G
4(1)
5G New Radio Features
5(2)
Disaggregated Architecture
7(3)
Flexible Architecture
10(2)
Service-Based Architecture
12(2)
Adoption of Cloud-Native Technology
14(1)
Multi-access Edge Computing (MEC)
15(1)
Network Slicing
16(2)
Key 5G Features in 3GPP Releases
18(2)
Key 5G Advanced Features
20(1)
Summary
21(1)
Acronym Key
22(2)
References
24(2)
Chapter 2 Deployment Modes in 5G
26(30)
5G NSA and SA Deployments
27(1)
5G Non-Standalone (NSA) Deployments
28(3)
5G Standalone (SA) Deployments
31(9)
Network Slice as a Service (NSaaS)
40(2)
5G Time-Sensitive Networks
42(2)
5G Local Area Network-Type Service
44(2)
Private 5G/Non-Public Networks
46(1)
Standalone Non-Public Network (SNPN)
46(2)
Public Network Integrated Non-Public Networks (PNI-NPN)
48(4)
Summary
52(1)
Acronym Key
52(2)
References
54(2)
Chapter 3 Securing 5G Infrastructure
56(26)
3GPP 5G Security Enhancements
57(1)
5G Trust Model: Non-Roaming
57(2)
5G Trust Model: Roaming
59(1)
Integration of Non-3GPP Network to the 5G Core Network
59(7)
Other Key Security Enhancements in Release 16
66(8)
Security Challenges in 5G
74(1)
IoT and M2M
75(1)
Perimeter-Less Deployments
75(1)
Virtualized Deployments
76(1)
Summary
77(2)
Acronyms Key
79(1)
References
80(2)
Part II Securing 5G Architectures, Deployment Modes, and Use Cases
Chapter 4 Securing RAN and Transport Deployments in 5G
82(60)
5G RAN and Transport Threats
84(1)
Vulnerabilities in Air Interface
84(3)
Vulnerabilities in the Transport Network
87(4)
Rogue/Fake Base Station Vulnerabilities
91(1)
Securing 5G RAN and Transport
92(1)
Securing the Air Interface
93(1)
Using Trusted Transport Network Elements
94(1)
Secure Deployments and Updates Using Secure ZTP
95(2)
Using Security Gateway (SecGW/SEG) to Secure the RAN and Transport Layer
97(28)
Real Scenario Case Study: Examples of Threat Surfaces and Their Mitigation
125(1)
A The Attacker Takes Control of loT Devices with Weak Security and Launches DDoS Attack
126(1)
B The Attacker Uses the Vulnerability in S1 and Insecure Transport to Use Rogue eNBs and Uses MitM Attacks in the 5G NSA Deployment
127(1)
C The Attacker Uses the Insecure Transport and Carries Out MitM Attacks in Back Haul
128(1)
Mitigation
128(8)
Summary
136(2)
Acronym Key
138(2)
References
140(2)
Chapter 5 Securing MEC Deployments in 5G
142(92)
Service Provider Network-Based MEC
144(1)
Enterprise Network-Based MEC
145(1)
MEC Deployment Models
146(4)
Distributed UPF and MEC Application Deployment
150(1)
C-RAN/O-RAN/Open VRAN Deployment Enabled by MEC
151(1)
Enterprise MEC Deployment
152(1)
Hybrid MEC Deployment
153(1)
Threat Surfaces in 5G MEC Deployments
154(1)
Physical Security
155(1)
Hardware and Software Vulnerabilities
156(3)
5G MEC Infrastructure and Transport Vulnerabilities
159(5)
Virtualization Threat Vectors
164(5)
5G MEC API Vulnerabilities
169(5)
DDoS Attacks
174(4)
Securing 5G MEC
178(1)
Physical Security
178(1)
Hardening Hardware and Software
179(4)
MEC Infrastructure and Transport Security
183(6)
Securing Virtualized Deployments in 5G MEC
189(9)
Securing API
198(12)
Validating Both Read and Write Requests
210(2)
DDoS Protection
212(5)
Real Scenario Case Study: MEC Threats and Their Mitigation
217(2)
Threats: Case Study
219(4)
Mitigation Examples
223(5)
Summary
228(3)
Acronym Key
231(2)
References
233(1)
Chapter 6 Securing Virtualized 5G Core Deployments
234(64)
A Brief Evolution of Virtualization in Telecommunications
235(5)
Threats in Virtualized 5G Packet Core Deployments
240(2)
5GC Container Vulnerabilities
242(3)
Insecure Container Networking
245(7)
Container Host and HW Vulnerabilities
252(5)
Securing Virtualized 5G Packet Core Deployments
257(1)
Secure CI/CD
257(8)
Securing 5GC NFs and 5GC NF Traffic
265(6)
Securing 5GC NF Orchestration and Access Controls
271(6)
Securing 5GC CNF in Roaming Scenarios
277(2)
Securing the Host OS and Hardware
279(2)
Real Scenario Case Study: Virtualized 5GC Threats and Mitigation
281(1)
Threats Case Study
282(3)
Mitigation Examples
285(5)
Summary
290(4)
Acronym Key
294(2)
References
296(2)
Chapter 7 Securing Network Slice, SDN, and Orchestration in 5G
298(78)
Network Slicing and Its Enablers--SDN and Orchestration
299(10)
Threat Surfaces in 5G Network Slice, SDN, and Orchestration Deployments
309(3)
Threats in the SDN Controller Layer
312(4)
Threats in the SDN Data Plane
316(2)
Threats in Orchestration Layer
318(1)
Insufficient Slice-Level Isolation
319(3)
Threats in NSaaS Deployments
322(5)
Mitigation of Threats
327(1)
Trusted Components
327(1)
Securing Orchestration
328(3)
Securing the Software-Defined Network (SDN)
331(5)
Mitigating Data Exfiltration
336(1)
Securing Network Slices
337(8)
Securing NSaaS Deployments
345(10)
Real Scenario Case Study: Threats in the 5G Network Slice, SDN, and Orchestration Deployments and Their Mitigation
355(3)
Threats: Case Study
358(8)
Mitigations: Case Study
366(3)
Summary
369(3)
Key Acronyms
372(2)
References
374(2)
Chapter 8 Securing Massive ioT Deployments in 5G
376(48)
Massive loT-Based Threats in 5G
380(2)
Device Vulnerabilities Due to Weak Built-in Security
382(9)
Securing mloT Deployments in 5G Networks
391(1)
Built-in Hardening of the Device
392(22)
Real Scenario Case Study: mloT Threats and Their Mitigation
414(1)
Threats Example
415(2)
Mitigation Example
417(1)
Summary
418(2)
Key Acronyms
420(2)
References
422(2)
Chapter 9 Securing 5G Use Cases
424(44)
Secure 5G Smart Factory and Manufacturing
425(4)
Threats in 5G Smart Factory Deployments
429(3)
Securing the 5G Smart Factory
432(3)
Application-Level Security Controls
435(2)
Critical Infrastructure
437(1)
5G Energy Utility
437(4)
Threats in the 5G-Enabled Energy Utility
441(2)
Securing 5G-Enabled Energy Utility
443(4)
5G Vehicle-to-Everything (5G-V2X)
447(5)
Threats in 5G-V2X Deployments
452(5)
Securing 5G-V2X Deployments
457(6)
Standards and Associations
463(2)
Summary
465(1)
Key Acronyms
465(2)
References
467(1)
Part III End-to-End 5G Security Architecture and Prioritizing Security Investments
Chapter 10 Building Pragmatic End-to-End 5G Security Architecture
468(34)
Foundations of 5G Security
470(1)
Securing 5G and Evolving Network Deployments
471(1)
Securing IT and OT
471(1)
Securing Consumers of 5G and Evolving Technologies
472(1)
Key Tenets of 5G Security Architecture
472(1)
Supply Chain Security
473(1)
Securing User and Device Access Using Zero-Trust Principles
474(6)
Secure Intra/lnter-Network Connectivity
480(4)
Application-Level Security
484(5)
Vulnerability Management and Forensics
489(2)
Enhanced Visibility, Monitoring, and Anomaly Detection
491(3)
Slice-Level Security
494(3)
Secure Interoperability
497(1)
Summary
497(1)
Acronyms Key
498(3)
References
501(1)
Chapter 11 Prioritizing 5G Security Investments
502(34)
Method of Prioritizing Security Controls
505(4)
Scenario 1
509(12)
Scenario 2
521(11)
Summary
532(1)
Acronyms Key
533(1)
References
534(2)
Part IV Emerging Discussions
Chapter 12 5G and Beyond
536(14)
Adoption and Adaptability of 5G and Evolving Technologies
537(2)
Convergence of Wi-Fi and Evolving Cellular Technologies
539(4)
Use of Al and ML in Securing 5G and Evolving Networks
543(3)
Crypto Agility in 5G and Evolving Technologies
546(2)
Summary
548(1)
Acronym Key
548(2)
References 550(2)
Index 552
Pramod Nair is a Lead Security Architect at Cisco Systems focusing on service providers. During his 20 years of experience in the industry, Pramod has worked in multiple areas, including research and development, designing end-to-end mobile networks, and technical consulting on military and defense projects.

Among other responsibilities in his current role within Cisco, Pramod leads 5G Security Architecture, driving its adoption globally, and has been instrumental in architecting secure next-generation networks for customers across the globe. He is a regular speaker on the subject at large conferences and industry events.

Pramod is an active member of the security community. His role is to help mobile network providers, service providers, industry verticals, the national security and defense sectors, and other agencies dedicated to securing critical infrastructures. He is also deeply involved with industry trade organizations, has co-chaired the 5G security white paper within the 5GAmericas work group, and works with the National Institute of Standards and Technology (NIST) on 5G security.

Pramod holds a patent in fraud detection and has published various white papers and articles covering security-related topics.