Pentests or Penetration testing is ethical hacking that is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. They are performed to identify weaknesses or vulnerabilities, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
Sébastien Dudek, Founder and Security Engineer at PentHertz did a presentation at No Hat conference 2021. The outline of his talk says:
Expected to be released in 2021, we only see the early stage of 5G-NR connectivity in rare places around the world and we cannot talk yet about "real 5G" as current installations are put on the Non-Standalone mode (NSA) using 4G infrastructures. But in the meantime, it is important to get prepared for this upcoming technology and ways we can practically simulate real-world attacks in the future, with Standalone (SA) mode-capable devices and networks. In this presentation, we will see how to conduct practical security assignments on future 5G SA devices and networks, and how to investigate the protocol stack. To begin the presentation, we briefly present the differences with 2G-5G in terms of security applied to security assessment contexts, i.e. the limit we are left with, and how to circumvent them. Then we see how a 5G-NR security testbed looks like, and discuss what type of bugs are interesting to spot. Third, we make more sense about some attacks on devices by showing attacks that could be performed on the core side from the outside. Finally, we briefly introduce how we could move forward by looking at the 5G protocol stack and the state of the current mean.
Slides are available here and the video is embedded below:
A post on their website also looks at penetration of standalone 5G core. The post contains a video as well which can also be directly accessed here.
A new white paper from 5G Americas provides nearly annual updates around the topic of security in wireless cellular networks. The current edition addresses emerging challenges and opportunities, making recommendations for securing 5G networks in the context of the evolution to cloud-based and distributed networks.
New whitepaper from 5G Americas, 'Security for 5G' provides a good overview of security in 3GPP Rel-15 & 16 - https://t.co/z0SxZUTWRK#Free5Gtraining #5GAmericas #5G #5GTechnology #5GSecurity #5GCore #SBA #Security #OpenRAN #SuuplyChain #Transportation #ZTN #APIs pic.twitter.com/fnWCIArTFv
— Free 5G Training (@5Gtraining) December 13, 2021
Additionally, the white paper provides insight into securing 5G in private, public, and hybrid cloud deployment models. Topics such as orchestration, automation, cloud-native security, and application programming interface (API) security are addressed. The transition from perimeter-based security to a zero-trust architecture to protect assets and data from external and internal threats is also discussed.
Related Posts:
- 3G4G: 5G Security Overview by Mpirical
- The 3G4G Blog: Everything you need to know about 5G Security
- The 3G4G Blog: Impact of 5G on Lawful Interception and Law Enforcement
- The 3G4G Blog: Key Technology Aspects of 5G Security by Rohde & Schwarz
- The 3G4G Blog: 5G Roaming with SEPP (Security Edge Protection Proxy)
- 3G4G: Security in 2G, 3G, 4G & 5G Mobile Networks
- Free 6G Training: 6G Security Considerations
