(1) Network function virtualization
Security risks: first, under the virtual environment, the management and control functions are highly centralized. Once the functions fail or are controlled illegally, the safe and stable operation of the whole system will be affected. Second, multiple virtual network functions (VNF) share the underlying resources, if a virtual network function is attacked will affect other functions; Third, due to the large number of network virtualization using open source and third-party software, the possibility of introducing security vulnerabilities is increased.
Technical countermeasures: one is to reinforce the security of the system, conduct security tracking and auditing of the management and control operations, and improve the anti-attack capability. The second is to provide end-to-end, multi-level resource security isolation measures, key data encryption and backup. Third, strengthen the security management of open source third-party software.
(2) Network slices
Security risk: network slice is based on virtualization technology to achieve logical isolation on Shared resources. If appropriate security isolation mechanism and measures are not taken, when a network slice with low protection ability is attacked, the attacker can use this as a springboard to attack other slices, thus affecting its normal operation.
Technical measures: in view of the above security risks, can use cloud and virtualization isolation measures, such as physical isolation, virtual machine (VM) resource isolation, virtual firewall, achieve precise and flexible slicing isolation, ensure effective isolation of resources between different section of the user, at the same time slicing operations should be network operation safety management, to ensure that the corresponding technical measures to be implemented.
(3) Edge calculation
Security risks: first, the edge computing node sinks to the edge of the core network and is more likely to be physically attacked when deployed to a relatively insecure physical environment. Second, multiple applications can be deployed on the edge computing platform and related resources can be Shared. Once the protection of a weak application is breached, it will affect the safe operation of other applications on the edge computing platform.
Technical countermeasures: first, to strengthen the physical protection and network protection of edge computing facilities, make full use of the existing security technology to reinforce the platform and enhance the edge facilities themselves anti-theft and anti-damage measures. Second, strengthen the security protection of the application, improve the security authentication and authorization mechanism for the application layer to access the edge computing node, and clarify the security responsibilities of each party according to the deployment mode and coordinate the implementation of the third-party application.
(4) Open network capability
Security risks: first, network capacity opening will open users' personal information, network data and business data from the closed platform inside network operators. Network operators' ability to manage and control data is weakened, which may bring the risk of data leakage. Second, the network capability open interface adopts the Internet general protocol, which will further introduce the existing security risks of the Internet into the 5G network.
Technical countermeasures: first, strengthen the protection of 5G network data and strengthen the monitoring and disposal of security threats. The second is to strengthen the ability of network open interface security protection, to prevent attackers from infiltrating into the operator network from the open interface.
