In the E-RAN, IPSec and 3GPP features for path protection and integrity are key to ensure service availability and subscriber data privacy.
IPSec is utilized between SN and its RNs, and between SN and the mobile operator security gateway (SeGW). Even when private transport (MPLS, metro Ethernet) is being utilized by an operator, IPSec is used to preserve privacy of subscriber payload.
- An SN can connect to multiple SeGWs for fault tolerance. The SeGWs can also be geo-redundant to protect from cable cuts and power problems that can affect data centers.
- Extensive QoS policy controls over all backhaul access inside the IPSec path and DSCP marking for MPLS CoS handling enable the SN to protect critical traffic when the backhaul experiences congestion.
Security auditing is the final step in ensuring that the system is continuously delivering both confidentiality and integrity of subscriber traffic traversing the system.
- E-RAN is audited and penetration tested routinely by a third-party specialist security vendor as part of QA processes. Any issues found are remediated.
- System is routinely audited/explored by our mobile operator’s technology security team as part of due diligence.
- System hardware and RAN protocol use standards to connect to both the mobile device over air link and the mobile core via security gateway. This means Corning has done a significant amount of interoperability testing with mobile devices of many varieties, SeGW, and evolved packet core (EPC) vendors.
Bolt-on security implies an afterthought. Security should NEVER be an afterthought. Corning’s scalable small cell system makes use of a built-in security approach in its system design, from the ground up, to ensure that it meets the demands of both mobile operators and enterprises.