5G, LONG ANTICIPATED and now soon to hit the mainstream, may be a double-edged sword. While the extra speed and bandwidth are welcome, extra security worries will force integrators and IT solution providers to add extra protection.
"IoT devices and 5G are a nightmare for security," says Joe Molick, founder of Molick Enterprises, a small managed services provider in the San Diego area.
One issue is that 5G “requires a lot more base stations, which increases your attack surfaces, and there will be lots more devices added, like Internet of Things nodes," says Todd Kelly, chief security officer for Cradlepoint, a global provider of cloud-delivered LTE and 5G-ready wireless edge solutions.
Carriers are addressing such issues by building in more network protection, he continues, but channel pros need to proactively protect SMB customers implementing 5G anyway. Applications have scattered from the data center to a variety of clouds, so every connection is a new security issue.
Kelly says Cradlepoint is a big fan of Zero Trust Network Access (ZTNA), a technique for allowing application access without network access. "We always tell customers to treat the network as untested because you don't know what you'll connect over," he says.
Channel pros with public sector clients that fall under the “second responder” banner (organizations that support first responders such as utilities, hazardous waste cleanup firms, and first aid services) may be able to take advantage of first responder networks like FirstNet from AT&T and Verizon's private core network for public safety, Kelly adds. They come with end-to-end security and better user authentication.
He also suggests getting a jump on 5G security by adding new 4G network equipment today. "[Band] 14 LTE addresses some 5G security features such as protection against ‘bidding down’ attacks," says Kelly. In such an attack, a device between the endpoint and the tower tricks the device into downgrading security. "5G will push internet access closer to the edge with mobile edge computing, so pushing security from the data center to the edge will be important," he says.
For IoT devices, Kelly prefers to go beyond network segmentation. "Add a separate IoT network that doesn't touch the corporate network," he suggests, such as a private network over a carrier network. 5G's ability to handle more end devices than 4G will help.
Be aware, too, that hackers can—and probably will—use inexpensive tools to attack 5G equipment. For instance, the hardware needed to run a bidding down attack costs less than a thousand dollars.
Finally, make sure IoT devices going on 5G networks have security right out of the box, adds Molick. "Don't connect the device until it initiates security." Good advice for both 5G and current networks.