[NNagain] FCC - delete, delete, delete

Richard Roy dickroy at alum.mit.edu
Fri Mar 14 15:05:18 EDT 2025 

Bob,



You are certainly correct.  Complexity of implementation always leads to the potential for more attack surfaces.  As importantly, security as an add-on is really no security at all.  If security is not designed in at the outset, optimal security can rarely if ever be achieved.  First and foremost at the core of security is "credential material" that MUST be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x).  It is nearly impossible to secure a system without this capability, and not all of the systems out there today are so "equipped" making system-wide trust nearly impossible. ☹☹☹



Cheers,

RR



-----Original Message-----
From: Nnagain <nnagain-bounces at lists.bufferbloat.net> On Behalf Of Robert McMahon via Nnagain
Sent: Friday, March 14, 2025 11:53 AM
To: Tara Stella <tara at tara.sh>
Cc: Robert McMahon <rjmcmahon at rjmcmahon.com>; Network Neutrality is back! Let´s make the technical aspects heard this time! <nnagain at lists.bufferbloat.net>
Subject: Re: [NNagain] FCC - delete, delete, delete



> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.



I'm not an expert here either - but I do think complexity does increase the attack service. Breaking up the control and data planes seems like a good idea to me.



Also, devices like CPUs that run programmable logic are a target because their logic flows can be hijacked. Hardware solutions for simple functions like forwarding packets cannot be reprogrammed at the data plane level, minimizing their attack service.



Moving the control plane(s) into a management domain where security experts do their work everyday seems a must to me. Pushing this into consumer premises and adding more and more seems like a disaster in the making.



https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html



Bob



On Fri, Mar 14, 2025 at 1:16 AM Tara Stella <tara at tara.sh<mailto:tara at tara.sh>> wrote:

>

> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote:

>

> Indeed. Yet here on ground SS7 remains vulnerable and exploitable too?

>

>

> I'm working for a big telco in Europe, and I'm just marginally involved in the telco network.

> AFAIK, in our infrastructure, SS7 is a niche in some very old equipment sitting somewhere.

> On fixed broadband, we migrated everything over IP, voice is SIP, including VAS services, that are somehow fading away as well (IMS still in place for voicemail).

> On 5G Standalone, everything is HTTP on the control plane and GTP encapsulation on the user plane.

>

> I'm not an expert, but I wonder if the complexity has increased the potential attacking surface.

> Cheers,

> Tara

>

_______________________________________________

Nnagain mailing list

Nnagain at lists.bufferbloat.net<mailto:Nnagain at lists.bufferbloat.net>

https://lists.bufferbloat.net/listinfo/nnagain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/nnagain/attachments/20250314/9bdb1828/attachment-0001.html>

More information about the Nnagain mailing list