5G Network Security Training Workshop
5G Network Security Training Workshop is a 3-day training program designed for network engineers, IT professionals, security analysts and anyone else looking to get a deep understanding of 5G networks security.
The 5G Networks Security training workshop is a course to analyze 5G networks cybersecurity protections through the adoption of standards-based features and deployment of more modern information technologies. 5G standards have been designed to support use case–specific capabilities such as enhanced mobile broadband (eMBB) and fixed-wireless access (FWA), ultrahigh reliability and low latency (URLLC) and massive (IoT) connectivity (MTC).
Course Outline
Introduction to 5G Security
- Security Issues and Challenges in 5G Ecosystem
- 5G Cyber Threat Intelligence
- Vulnerabilities and Threat Vectors
- Threats Mitigation
- Associated Requirements
- Device Threats
- Air Interface Threats
- RAN Threats
- MEC & Backhaul Threats
- 5G Packet Core
- NFV and SDN Security
- IMS Security
- OAM Threats
- External Network, Applications and Services Threats
- 5G Gateway Mobile Location Center (GMLC TS 29.518)
- 5G Number Portability (ENUM)
- Security Edge Protection Proxy (SEPP TS 33.501)
- 5G Equipment Identity Register (EIR TS 29.511)
- Implementing and Auditing 5G Security Controls
- Reverse-Engineering 5G Analysis Tools and Techniques
- 5G Cyber Security Risk Management
Network Protocols and Security Fundamentals
- Ethernet, ARP, DHCP, L2/L3, TCP, Carrier-grade NAT (CGNAT)
- Risks of IP and Legacy Protocols
- DIAMETER
- UCP
- Service Communication Proxy (SCP TS 23.501)
- Binding Support Function (BSF TS 129.513)
- Interworking function for signaling between 4G, 5G, IMS, Fixed/Wi-Fi and IT
5G Networks and System Cybersecurity Assessment and Best Practices
- Attackers and Assets
- Attack Surface
- Attack Trees
- Security Policy
- 5G System Vulnerabilities
- Backdoors
- Denial of Service (DOS)
- Defensive Architectures
- Combating Complexity
- Defensive Hardware Interfaces
- Public Key Cryptography (PKI)
- Protecting Data In Motion
- Secure Software Process
5G System Vulnerability Analysis
- 5G System and Network Attacks
- Exploiting 5G Systems and Devices
- The Stages of System Exploitation
- Initial Reconnaissance
- Exploitation
- Firmware Unpacking and Modification
- Detecting
- Extracting
- Analysis
- Modification and Creation of new firmware
- Hacking/exploitation techniques, tools and entry points
- Defensive technologies
5G Security Requirements and Features
- 3GPP General security requirements
- Requirements on the UE
- Requirements on the gNB
- Requirements on the ng-eNB
- Requirements on the AMF
- Requirements on the SEAF
- Requirements on the UDM
- Core network security
- Trust boundaries
- Visibility and configurability
- Requirements for algorithms, and algorithm selection
- 5G Zero Trust Architecture
- Build a Zero Trust 5G architecture
- Create 5G Zero Trust policy
- Monitor and maintain 5G Zero Trust environment
Monitoring Controls and Controls Frameworks”
- ISO 27001:2013 as the international standard framework for Information Security Management Systems (ISMS)
- Evaluating continued confidentiality, integrity and availability of information
- IEC 62443 applied to 5G and critical infrastructure protection
- RMF and National Institute of Standards and Technology (NIST) foundation
- RMF Control Functions applied to 5G
- Preparing a Secure Evolution to 5G
- Security Control Map
- Access Control (AC)
- Security Assessment and Authorization (CA)
- Identification and Authentication (IA)
- Maintenance (MA)
- Risk Assessment (RA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- Software platforms and applications
- Remote access
- Network integrity
- Users, devices, and other assets
- Data-at-rest
- Data-in-transit
- Configuration change control processes
- Backups of information
- Response plans (Incident Response and Business Continuity)
- Recovery plans (Incident Recovery and Disaster Recovery)
- Analyzing detected events
- Incident alert thresholds
- Monitoring for unauthorized personnel, connections, devices, and software