05.arcsight
TRANSCRIPT
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 119
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Mobile TelecommunicationsAn Overview of Vulnerabilities
Damanjit S Uberoi
Chief Solutions Architect
amp Evangelist South Asia
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 219
983105983143983141983150983140983137
bull 983124983144983154983141983137983156 983148983137983150983140983155983139983137983152983141
bull 983107983151983149983149983151983150 983109983160983152983148983151983145983156983155
bull 983124983141983139983144983150983151983148983151983143983161 983122983141983153983157983145983154983141983149983141983150983156983155
bull 983122983141983155983152983151983150983155983141 983120983151983155983156983157983154983141
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 319
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 419
983113983150983156983141983154983150983137983148 983124983144983154983141983137983156983155
Configuration tampering - for financial gain
Insider collaborator
983124983144983141 983124983144983154983141983137983156 983116983137983150983140983155983139983137983152983141
983109983160983156983141983154983150983137983148 983124983144983154983141983137983156983155
Undetected unauthorized use
National security concerns
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 519
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Common Exploits
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 219
983105983143983141983150983140983137
bull 983124983144983154983141983137983156 983148983137983150983140983155983139983137983152983141
bull 983107983151983149983149983151983150 983109983160983152983148983151983145983156983155
bull 983124983141983139983144983150983151983148983151983143983161 983122983141983153983157983145983154983141983149983141983150983156983155
bull 983122983141983155983152983151983150983155983141 983120983151983155983156983157983154983141
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 319
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 419
983113983150983156983141983154983150983137983148 983124983144983154983141983137983156983155
Configuration tampering - for financial gain
Insider collaborator
983124983144983141 983124983144983154983141983137983156 983116983137983150983140983155983139983137983152983141
983109983160983156983141983154983150983137983148 983124983144983154983141983137983156983155
Undetected unauthorized use
National security concerns
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 519
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Common Exploits
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 319
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 419
983113983150983156983141983154983150983137983148 983124983144983154983141983137983156983155
Configuration tampering - for financial gain
Insider collaborator
983124983144983141 983124983144983154983141983137983156 983116983137983150983140983155983139983137983152983141
983109983160983156983141983154983150983137983148 983124983144983154983141983137983156983155
Undetected unauthorized use
National security concerns
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 519
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Common Exploits
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 419
983113983150983156983141983154983150983137983148 983124983144983154983141983137983156983155
Configuration tampering - for financial gain
Insider collaborator
983124983144983141 983124983144983154983141983137983156 983116983137983150983140983155983139983137983152983141
983109983160983156983141983154983150983137983148 983124983144983154983141983137983156983155
Undetected unauthorized use
National security concerns
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 519
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Common Exploits
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 519
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Common Exploits
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 619
983124983161983152983145983139983137983148 983117983151983138983145983148983141 983107983151983149983149983157983150983145983139983137983156983145983151983150983155 983105983154983139983144983145983156983141983139983156983157983154983141
Cell
Towers
BSC
HLR
MSC Switch
VMS
MediationDevice
BillingSystemBSC
CDR
CellTower
s
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 719
983123983139983141983150983137983154983145983151 1 983085 983112983116983122 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141983155
Cell
Towers
BSC
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
Unauthorized user can exploit this resource by adding VAS and other fixedbilling elements in the HLR without the same being available in the BSSThe VAS can then be used unrestrictedly without being charged
Solution Correlation of
configurationchange Logs inHLR can providereal time alertson such threats users other thanOSS should notbe makingchanges
CellTowers
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 819
983123983139983141983150983137983154983145983151 2 991251 983117983123983107 983107983151983150983142983145983143983157983154983137983156983145983151983150 983107983144983137983150983143983141
Cell
Towers
BSC
FixedPhones
HLR
MSC Switch
VMS
MediationDevice
BillingSystem
DLC
By modifying the CDR creation mechanism of a MSC an unauthorized user can disable the CDR
generated by some user accounts resulting in utilization of the network without a record of the usageever being sent to the billing system and subsequently in huge loss of revenues to the organization
Solution
Correlation ofconfigurationchange Logsin MSC canprovide realtime alerts on
such threats
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 919
983123983139983141983150983137983154983145983151 3 991251 983117983123983107 983107983108983122 983116983141983158983141983148 983107983144983137983150983143983141983155
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
A switch can also be exploited by switching off CDR for a particular number forparticular duration The fraudulent user can utilize the network without a record ofthe usage ever being sent to the billing system for that particular durationhellip
SolutionCorrelation of
configurationchange Logs inMSC canprovide real timealerts on such
threats alongwith alerts onCDRmodifications
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1019
983123983139983141983150983137983154983145983151 4 991251 983109983160983152983148983151983145983156983145983150983143 983156983144983141 983126983117983123Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
m
BillingSyste
m
BSC
This system can be exploited by adding an invalid mailbox number (ie mobile telephone number) toa VMS registry When the fraudster dials into the VMS and is asked for their mobile identification
number they simply enter in the false mailbox number Once authenticated the caller is able to makeoutbound calls using the added functions and call back features of the VMS The CDR from this usagecannot be billed because the switch records the invalid mailbox number as the calling number
res o cases
SolutionCorrelation ofthreshold violation
in DIDDOD Logs
in VMS canprovide real time
alerts on suchthreats along withalerts on CDR
modifications
Pattern
Discovering amplogging highthreshold cases
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1119
983123983139983141983150983137983154983145983151 5 983085 983108983141983158983145983139983141 983116983141983158983141983148 983116983151983143983155 983117983151983140983145983142983145983139983137983156983145983151983150
Cell
Towers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
System administrators of all the critical devices can completely delete the logs fromthe respective devices after making all fraudulent changes within device thus deletingall the records and evidences of fraud
SolutionLog oncecollected cannot bemodified(WORM) thusall theevidence and
logs would becentrallystored
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1219
983123983139983141983150983137983154983145983151 6 991251 983123983117983123983107 amp 983126983116983122 983107983144983137983150983143983141983155Cell
Towers
BSC
CellTowers
HLR
MSCVLR
SMSC
MediationDevice
BillingSystem
BSC
A fraudster can simulate non PLMN numbers and trick the SMSC into believing that alegitimate roaming users in sending SMSs This can go unnoticed till such time theinterconnect settlement is disputed by the roaming partner carrier
Solution Real timecorrelation alertsby comparing thelogs of VLR andMSME and alertson configurationlevel changes of
VLRDynamic Logpolling is requiredhere
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1319
983123983139983141983150983137983154983145983151 7 991251 983109983160983156983141983154983150983137983148 983110983154983137983157983140 983137983156 983123983124983120 amp 983117983123983107
CellTowers
BSC
CellTowers
HLR
Switch
VMS
MediationDevice
BillingSystem
BSC
External threats around missed calls from an international amp premium numbers haveincreased in which while calling back to that particular number users are chargedsudden high amount by third-party international operators which leads to customerdissatisfaction and harms the base operators brand reputation
Solution Using pattern
discovery of callrelease code onlyfrom premiumnumber andsetting upthreshold for suchincidents we canreport and providereal time alert
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1419
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Technology Requirements
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1519
983117983157983148983156983145983140983145983149983141983150983155983145983151983150983137983148 983107983151983149983152983137983154983145983155983151983150
983107983151983149983152983137983154983141 983137983154983138983145983156983154983137983154983161 983142983145983141983148983140983155 983151983150 983152983141983154983085983139983137983155983141 983138983137983155983145983155bull 983110983148983141983160983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983139983151983148983148983141983139983156983145983151983150
bull 983120983137983154983155983145983150983143bull 983107983148983137983155983155983145983142983145983139983137983156983145983151983150 983151983142 983158983137983154983145983151983157983155 983151983139983139983157983154983154983141983150983139983141983155
bull 983110983151983154983141983150983155983145983139 983107983137983152983137983138983145983148983145983156983145983141983155bull 983109983142983142983145983139983145983141983150983156 983155983156983151983154983137983143983141 983137983150983140 983153983157983141983154983161 983149983141983139983144983137983150983145983155983149983155bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
bull 983105983140983137983152983156983137983138983145983148983145983156983161 983156983151 983141983158983151983148983158983145983150983143 983155983139983141983150983137983154983145983151983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1619
copy2011 Hewlett-Packard Development Company LPThe information contained herein is subject to change without notice
Response Posture
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1719
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155
983122983141983137983148 983156983145983149983141983103
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983117983137983155983155983145983158983141 983151983158983141983154983144983141983137983140983155 983137983156 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983107983137983152983137983139983145983156983161 983148983145983149983145983156983137983156983145983151983150983155 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983127983141983145983143983144 983156983145983149983141983148983145983150983141983155983155 983158983155 983122983119983113991270
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1819
983127983144983141983150 983123983144983151983157983148983140 983129983151983157 983120983154983151983139983141983155983155991270 (983139983151983150983156983140983086)
983119983142983142983148983145983150983141 983085 983106983137983156983139983144 983117983151983140983141
bull 983110983141983137983155983145983138983145983148983145983156983161 983145983150 983156983141983154983149983155 983151983142 983148983151983143 983158983151983148983157983149983141983155bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983151983148983148983141983139983156983145983151983150 983148983137983161983141983154
bull 983109983137983155983141983155 983152983154983141983155983155983157983154983141 983151983150 983139983137983152983137983139983145983156983161 983151983142 983141983158983141983150983156 983152983154983151983139983141983155983155983145983150983143
bull 983106983141983150983141983142983145983156983155bull 983116983151983159983141983154 983139983151983155983156 983101 983123983156983154983151983150983143983141983154 983114983157983155983156983145983142983145983139983137983156983145983151983150 983142983151983154 983122983119983113
bull 983106983141983156983156983141983154 983155983157983145983156983141983140 983142983151983154 983140983141983141983152 983152983137983156983156983141983154983150 983137983150983137983148983161983155983145983155
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015
8112019 05ArcSight
httpslidepdfcomreaderfull05arcsight 1919
THANK YOU
DAMANJITUBEROIHPCOM
+91 9650972015