Length: 2 Days
Print Friendly, PDF & Email

5G Network Security Training Workshop

5G Network Security Training Workshop is a 3-day training program designed for network engineers, IT professionals, security analysts and anyone else looking to get a deep  understanding of 5G networks security.

The 5G Networks Security training workshop is a course to analyze 5G networks  cybersecurity protections through the adoption of standards-based features and deployment of more modern information technologies. 5G standards have been designed to support use case–specific capabilities such as enhanced mobile broadband (eMBB) and fixed-wireless access (FWA), ultrahigh reliability and low latency (URLLC) and massive (IoT) connectivity (MTC).

Course Outline

Introduction to 5G Security

  • Security Issues and Challenges in 5G Ecosystem
  • 5G Cyber Threat Intelligence
  • Vulnerabilities and Threat Vectors
  • Threats Mitigation
  • Associated Requirements
  • Device Threats
  • Air Interface Threats
  • RAN Threats
  • MEC & Backhaul Threats
  • 5G Packet Core
  • NFV and SDN Security
  • IMS Security
  • OAM Threats
  • External Network, Applications and Services Threats
  • 5G Gateway Mobile Location Center (GMLC TS 29.518)
  • 5G Number Portability (ENUM)
  • Security Edge Protection Proxy (SEPP TS 33.501)
  • 5G Equipment Identity Register (EIR TS 29.511)
  • Implementing and Auditing 5G Security Controls
  • Reverse-Engineering 5G Analysis Tools and Techniques
  • 5G Cyber Security Risk Management

Network Protocols and Security Fundamentals

  • Ethernet, ARP, DHCP, L2/L3, TCP, Carrier-grade NAT (CGNAT)
  • Risks of IP and Legacy Protocols
  • DIAMETER
  • UCP
  • Service Communication Proxy (SCP TS 23.501)
  • Binding Support Function (BSF TS 129.513)
  • Interworking function for signaling between 4G, 5G, IMS, Fixed/Wi-Fi and IT

5G Networks and System Cybersecurity Assessment and Best Practices

  • Attackers and Assets
  • Attack Surface
  • Attack Trees
  • Security Policy
  • 5G System Vulnerabilities
  • Backdoors
  • Denial of Service (DOS)
  • Defensive Architectures
  • Combating Complexity
  • Defensive Hardware Interfaces
  • Public Key Cryptography (PKI)
  • Protecting Data In Motion
  • Secure Software Process

5G System Vulnerability Analysis

  • 5G System and Network Attacks
  • Exploiting 5G Systems and Devices
  • The Stages of System Exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Modification and Creation of new firmware
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies

5G Security Requirements and Features 

  • 3GPP General security requirements
  • Requirements on the UE
  • Requirements on the gNB
  • Requirements on the ng-eNB
  • Requirements on the AMF
  • Requirements on the SEAF
  • Requirements on the UDM
  • Core network security
  • Trust boundaries
  • Visibility and configurability
  • Requirements for algorithms, and algorithm selection
  • 5G Zero Trust Architecture
  • Build a Zero Trust 5G architecture
  • Create 5G Zero Trust policy
  • Monitor and maintain 5G Zero Trust environment

Monitoring Controls and Controls Frameworks”

  • ISO 27001:2013 as the international standard framework for Information Security Management Systems (ISMS)
  • Evaluating continued confidentiality, integrity and availability of information
  • IEC 62443 applied to 5G and critical infrastructure protection
  • RMF and National Institute of Standards and Technology (NIST) foundation
  • RMF Control Functions applied to 5G
  • Preparing a Secure Evolution to 5G
  • Security Control Map
  • Access Control (AC)
  • Security Assessment and Authorization (CA)
  • Identification and Authentication (IA)
  • Maintenance (MA)
  • Risk Assessment (RA)
  • System and Communications Protection (SC)
  • System and Information Integrity (SI)
  • Software platforms and applications
  • Remote access
  • Network integrity
  • Users, devices, and other assets
  • Data-at-rest
  • Data-in-transit
  • Configuration change control processes
  • Backups of information
  • Response plans (Incident Response and Business Continuity)
  • Recovery plans (Incident Recovery and Disaster Recovery)
  • Analyzing detected events
  • Incident alert thresholds
  • Monitoring for unauthorized personnel, connections, devices, and software

 

 

 

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.