{ "$schema": "https://glossary.p1sec.com/terms.schema.json", "name": "P1 Security TelcoSec Glossary", "publisher": { "name": "P1 Security", "url": "https://www.p1sec.com", "contact": "https://www.p1sec.com/contact" }, "license": "Free for educational and professional use with attribution.", "canonical": "https://glossary.p1sec.com/terms.json", "generatedAt": "2026-04-28", "counts": { "terms": 537, "whitepapers": 9, "webinars": 16, "quizzes": 7, "trainings": 4 }, "terms": [ { "term": "1G", "expansion": "First Generation Mobile Network", "definition": "The original analog cellular network technology deployed in the 1980s. 1G systems like AMPS (Advanced Mobile Phone System) used analog radio signals for voice calls but offered no data capability, limited encryption implementation, and coverage constraints compared to modern networks.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/1g-first-generation-mobile-network" }, { "term": "2G", "expansion": "Second Generation Mobile Network", "definition": "Digital cellular technology introduced in the 1990s, most notably GSM (Global System for Mobile Communications) in Europe and CDMA in the US. 2G enabled SMS text messaging, basic data services, and introduced the first mobile security mechanisms (SIM-based authentication). Data speeds reached up to 14 kbps.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/2g-second-generation-mobile-network" }, { "term": "3G", "expansion": "Third Generation Mobile Network", "definition": "Mobile network technology emerging in the early 2000s offering significantly faster data speeds (up to 2 Mbps) than 2G. Standards like UMTS (Universal Mobile Telecommunications System) and CDMA2000 enabled mobile internet browsing, video calling, and multimedia services. 3G introduced stronger authentication (AKA) and improved encryption compared to 2G.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/3g-third-generation-mobile-network" }, { "term": "3GPP", "expansion": "Third Generation Partnership Project", "definition": "An international standardization body developing specifications for 3G, 4G, 5G, and future mobile network generations. 3GPP includes major telecommunications standards organizations from different regions (ETSI from Europe, ARIB from Japan, etc.), ensuring interoperability and consistency across global networks. 3GPP is responsible for security requirements in modern mobile networks.", "tags": [ "Protocols and Standards", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/3gpp-third-generation-partnership-project" }, { "term": "4G", "expansion": "Fourth Generation Mobile Network", "definition": "High-speed mobile network technology deployed globally from 2009 onward, primarily using LTE (Long Term Evolution) standards. 4G provides average speeds exceeding 100 Mbps (peak 1 Gbps+) and enabled smartphones, streaming video, and real-time applications like high-quality video conferencing.", "tags": [ "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/4g-fourth-generation-mobile-network" }, { "term": "5G", "expansion": "Fifth Generation Mobile Network", "definition": "The latest deployed mobile network generation offering dramatically faster speeds (up to 10+ Gbps peak), ultra-low latency (1-10ms), and massive device connectivity enabling IoT deployments. 5G uses technologies like Massive MIMO, beamforming, and network slicing. It includes enhanced security features addressing 4G vulnerabilities. Deployment globally began in 2019-2020.", "tags": [ "Radio Access Network", "Core Network", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-fifth-generation-mobile-network" }, { "term": "5G SA", "expansion": "5G Standalone", "definition": "5G Standalone is the 3GPP Release 15+ deployment mode where both the radio access network (gNB) and the core (5GC with AMF, SMF, UPF, AUSF, UDM, SEPP, etc.) are 5G-native, with no dependency on 4G EPC. 5G SA unlocks the full 5G feature set — network slicing, URLLC, SUCI-based identity protection, SEPP, and the service-based architecture — and is the target architecture for new commercial deployments.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-sa-standalone" }, { "term": "5G NSA", "expansion": "5G Non-Standalone", "definition": "5G Non-Standalone is the initial 5G deployment mode, used by most operators launching 5G between 2019 and 2023. It pairs a 5G NR radio (gNB) with a 4G LTE anchor (eNB) and the 4G EPC core for control-plane signalling, delivering 5G data rates without requiring a full 5G core. NSA inherits LTE's security model and is being progressively migrated to Standalone.", "tags": [ "Radio Access Network", "Core Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-nsa-non-standalone" }, { "term": "5G SBA", "expansion": "5G Service-Based Architecture", "definition": "The modern 5G core network design using microservices and HTTP/2-based APIs instead of point-to-point connections. 5G SBA separates control plane from user plane and introduces Network Functions (NFs) that communicate through standardized service interfaces. SBA security requires OAuth2 authentication, mutual TLS, and API-level access controls.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-sba-service-based-architecture" }, { "term": "5GNR", "expansion": "5G New Radio", "definition": "The radio access technology standard for 5G networks specified by 3GPP, supporting both Sub-6 GHz (e.g., 2.6 GHz) and millimeter-Wave (mmWave) frequency bands (e.g., 28, 39 GHz). NR enables flexible deployment from wide-area coverage to ultra-high-speed urban and indoor scenarios.", "tags": [ "Radio Access Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5gnr-5g-new-radio" }, { "term": "6G", "expansion": "Sixth Generation Mobile Network", "definition": "Next-generation mobile network technology currently under development, expected to launch in the 2030s. Research directions include terabit-per-second data rates, quantum-resistant encryption, integrated satellite communication, and AI-native architecture. Quantum-resistant cryptography and distributed security models are research focus areas; these are not guaranteed standards.", "tags": [ "Radio Access Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/6g-sixth-generation-mobile-network" }, { "term": "8PSK", "expansion": "8-ary Phase Shift Keying", "definition": "8-PSK encodes three bits per symbol by selecting one of eight phases of the carrier wave, providing higher spectral efficiency than QPSK at the cost of needing a higher signal-to-noise ratio. 8-PSK is used in EDGE for 2.75G mobile data, in some satellite return channels, and in other systems where the noise budget allows.", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/8psk-8-ary-phase-shift-keying" }, { "term": "AAA", "expansion": "Authentication, Authorization, and Accounting", "definition": "The fundamental security framework in telecom networks providing three functions: Authentication (verifying user identity), Authorization (determining allowed access), and Accounting (recording usage for billing and auditing). DIAMETER and RADIUS are common AAA protocols.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/aaa-authentication-authorization-and-accounting" }, { "term": "ACL", "expansion": "Access Control List", "definition": "A set of rules defining which users, devices, IP addresses, or applications are permitted or denied access to network resources or services. ACLs are foundational security controls in firewalls, routers, and servers. In telecom, ACLs protect signaling protocols, management systems, and critical network functions.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/acl-access-control-list" }, { "term": "ADSL", "expansion": "Asymmetric Digital Subscriber Line", "definition": "Broadband technology delivered over standard copper telephone lines enabling simultaneous voice and data transmission. ADSL provides up to 24 Mbps downstream and typically 1-10 Mbps upstream. ADSL has been largely superseded by fiber and cable technologies.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/adsl" }, { "term": "AES", "expansion": "Advanced Encryption Standard", "definition": "A symmetric encryption algorithm standardized by NIST in 2001 and widely used in telecommunications. AES operates with 128, 192, or 256-bit keys and is the de facto encryption standard for VPNs, mobile networks, and data protection globally.", "tags": [ "Core Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/aes-advanced-encryption-standard" }, { "term": "A5/0", "expansion": "GSM Null Cipher", "definition": "A deprecated GSM encryption algorithm that provides no encryption (plaintext transmission). A5/0 was historically used in countries with export restrictions on strong cryptography and is a critical vulnerability. Modern networks must reject A5/0.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/a5-0" }, { "term": "A5/1", "expansion": "GSM Standard Cipher", "definition": "The standard stream cipher used in GSM networks for voice and data encryption. A5/1 was designed with 54-bit effective key length and has been cryptanalyzed successfully. A5/1 is considered broken and should be phased out, but remains operational in many networks.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/a5-1" }, { "term": "A5/2", "expansion": "GSM Weaker Cipher", "definition": "A deliberately weakened GSM cipher with lower security margin than A5/1, designed for countries with export restrictions. A5/2 is cryptographically broken and must be removed from networks. If a device can only use A5/2, the network has a critical vulnerability.", "tags": [ "Threats and Attacks", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/a5-2" }, { "term": "A5/3", "expansion": "GSM Modern Cipher (UEA1)", "definition": "A modern stream cipher used in 3G (UMTS) networks as UEA1, also called A5/3 when referenced in GSM contexts. A5/3 uses the KASUMI algorithm and provides stronger security than A5/1. However, use of A5/3 on 2G networks is not recommended for new deployments; transition to 3G or later networks is preferred. A5/3 should be treated as a legacy control with modern alternatives prioritized.", "tags": [ "Radio Access Network", "Core Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/a5-3" }, { "term": "AKA", "expansion": "Authentication and Key Agreement", "definition": "Authentication and Key Agreement is the family of mutual-authentication protocols used in 3G UMTS, 4G LTE (EPS-AKA), and 5G (5G-AKA and EAP-AKA'). The USIM and the home network share a long-term key K. During each authentication, the home network sends a challenge that proves it knows K, and the USIM responds with a value that proves the same to the network — defeating false base station attacks possible against pure 2G GSM. The procedure also derives session keys for ciphering and integrity protection on the air interface and beyond.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/aka-authentication-and-key-agreement" }, { "term": "AMF", "expansion": "Access and Mobility Management Function", "definition": "The Access and Mobility Management Function is the 5G control-plane network function that terminates the N1 NAS interface from the UE and the N2 interface from the gNB. It handles registration, connection management, mobility, and reachability, delegates authentication to the AUSF, and steers session requests to the appropriate SMF. The AMF is the 5G analogue of the 4G MME and is a high-value target because compromise enables tracking, denial of service, and forced bidding-down of security capabilities.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/amf-access-and-mobility-management-function" }, { "term": "AMPS", "expansion": "Advanced Mobile Phone System", "definition": "Advanced Mobile Phone System was the analog 1G cellular standard launched commercially in Chicago in 1983, using FDMA and FM voice modulation in the 800 MHz band. AMPS calls were transmitted in the clear, trivially eavesdropped with consumer scanners, and famously vulnerable to cloning fraud. AMPS networks were sunset across North America by 2008.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/amps" }, { "term": "Anomaly Detection", "expansion": null, "definition": "A security technique identifying unusual patterns or deviations from normal network behavior using statistical analysis or machine learning. In telecom, anomaly detection systems monitor signaling traffic, call patterns, and data flows to flag potential attacks.", "tags": [ "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/anomaly-detection" }, { "term": "Any-Time Interrogation (ATI)", "expansion": null, "definition": "An SS7 signaling service allowing authorized entities to query current subscriber location and status information in real-time. ATI is subject to abuse if authentication controls are insufficient, enabling unauthorized location tracking. Legal restrictions govern ATI access.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/any-time-interrogation-ati" }, { "term": "AP", "expansion": "Access Point", "definition": "A networking device allowing wireless devices (Wi-Fi, cellular) to connect to a wired network. In enterprise and carrier environments, APs include security features like WPA2/WPA3 encryption and 802.1X authentication.", "tags": [ "Radio Access Network", "Security Controls", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ap-access-point" }, { "term": "API", "expansion": "Application Programming Interface", "definition": "A set of protocols and standards allowing different software applications to communicate and exchange data. In telecommunications, APIs enable third-party developers to integrate with carrier networks but introduce security risks if not properly authenticated, rate-limited, and validated.", "tags": [ "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/api-application-programming-interface" }, { "term": "APT", "expansion": "Advanced Persistent Threat", "definition": "A sophisticated, targeted cyber attack campaign conducted by skilled threat actors (often state-sponsored or well-funded criminal groups). APTs targeting carrier infrastructure can compromise network integrity, intercept communications, and steal data.", "tags": [ "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/apt-advanced-persistent-threat" }, { "term": "ARPU", "expansion": "Average Revenue Per User", "definition": "A key business metric in telecommunications calculated as total revenue divided by the number of active subscribers. ARPU helps carriers assess service profitability and monitor the financial impact of security breaches.", "tags": [ "Identity and Subscriber", "Operations and Business", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/arpu" }, { "term": "Artificial Traffic Inflation", "expansion": "Fraud Context", "definition": "A fraud scheme where attackers artificially generate high volumes of billable traffic to revenue-sharing third parties. Often orchestrated through SIM boxes, botnets, or compromised network elements.", "tags": [ "Identity and Subscriber", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/artificial-traffic-inflation" }, { "term": "ASN", "expansion": "Autonomous System Number", "definition": "A globally unique identifier assigned by IANA to networks controlling collections of IP address prefixes. ASNs are critical for internet routing but are vulnerable to BGP hijacking attacks if not secured with RPKI.", "tags": [ "Security Controls", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/asn-autonomous-system-number" }, { "term": "Attack Surface Mapping", "expansion": null, "definition": "The process of identifying and documenting all potential entry points, interfaces, and vulnerabilities in telecom networks. Comprehensive mapping requires reviewing architecture documentation, network topology, and protocol specifications.", "tags": [ "Signaling", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/attack-surface-mapping" }, { "term": "Authentication", "expansion": null, "definition": "The process of verifying the claimed identity of a user, device, or system. In telecommunications, authentication mechanisms range from SIM-based (2G) to AKA (3G/4G/5G), biometric, and certificate-based approaches.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/authentication" }, { "term": "Authorization", "expansion": null, "definition": "Authorisation is the process of deciding what an authenticated principal is allowed to do, distinct from authentication (who they are). Models include role-based, attribute-based, and policy-based access control. In modern telecom, authorisation is enforced at many layers — OAM access controls, OAuth2 scopes between 5G Network Functions, fine-grained API gateways — under least-privilege principles.", "tags": [ "Core Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/authorization" }, { "term": "AUSF", "expansion": "Authentication Server Function", "definition": "The Authentication Server Function is the 5G core network function that performs subscriber authentication on behalf of the AMF, executing the 5G-AKA or EAP-AKA' procedure with credentials supplied by the UDM. It generates session keys that bind the subscriber to the serving network, helping defeat false base station and interconnect attacks. AUSF compromise would allow forged authentication, so it must be deployed in the operator's most trusted security zone with strong API controls.", "tags": [ "Radio Access Network", "Core Network", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ausf" }, { "term": "Availability", "expansion": null, "definition": "One of the three pillars of the CIA (Confidentiality, Integrity, Availability) security triad. Availability ensures that network services are accessible to authorized users when needed. Network availability is often measured by uptime percentages (e.g., 99.999% \"five nines\").", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/availability" }, { "term": "Backhaul", "expansion": null, "definition": "The network connection between a remote cell site and the core network. Backhaul can be provided via fiber optic cables, microwave links, or satellite. Secure backhaul is critical to prevent interception of user data.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/backhaul" }, { "term": "Bandwidth", "expansion": null, "definition": "The maximum amount of data that can be transmitted over a network connection in a given timeframe, typically measured in bits per second (bps), Mbps, or Gbps.", "tags": [ "Radio Access Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bandwidth" }, { "term": "Base Station (BS)", "expansion": null, "definition": "A base station is the radio infrastructure that connects mobile devices to a cellular network — termed BTS in 2G GSM, Node B in 3G UMTS, eNodeB in 4G LTE, and gNB in 5G. Each generation defines distinct interfaces to the core (Abis, Iub, S1, NG) and progressively richer security capabilities including air-interface ciphering, integrity protection, and mutual authentication.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/base-station-bs" }, { "term": "Behavioral Signaling Detection", "expansion": null, "definition": "Behavioural signalling detection applies statistical and machine-learning techniques to interconnect traffic to identify anomalies that signature-based filtering cannot catch. Examples include impossible subscriber velocity, unusual MAP/Diameter operation mixes from a given peer, sudden spikes in PSI/SRI activity targeting high-value subscribers, and slow-and-low reconnaissance. It complements rule-based signalling firewalls and is increasingly important as attackers move to low-volume, targeted operations.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/behavioral-signaling-detection" }, { "term": "BGP", "expansion": "Border Gateway Protocol", "definition": "The exterior gateway routing protocol used on the internet to exchange IP routing information between autonomous systems. BGP is vulnerable to misconfigurations and BGP hijacking attacks.", "tags": [ "Threats and Attacks", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bgp-border-gateway-protocol" }, { "term": "BGP Hijacking", "expansion": null, "definition": "BGP hijacking occurs when an autonomous system announces IP prefixes it does not legitimately own, causing internet traffic for those prefixes to be misrouted to or through the attacker. Incidents have caused major service disruptions and enabled traffic interception. RPKI Route Origin Validation, peerlocking, and IRR-based filtering are the principal defences.", "tags": [ "Security Controls", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bgp-hijacking" }, { "term": "Billing System", "expansion": null, "definition": "A telecom billing system rates usage events (calls, messages, data sessions, content purchases), applies tariffs and discounts, generates invoices, handles payments, and integrates with revenue assurance and fraud management. Billing systems hold large volumes of personal and financial data and are subject to PCI DSS for card payments and to operator-specific regulatory audits.", "tags": [ "Radio Access Network", "Fraud", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/billing-system" }, { "term": "Blue Team", "expansion": null, "definition": "A blue team is the internal security function responsible for defending an organisation's networks, systems, and services — operating the SOC, hardening configurations, running detection engineering, and leading incident response. In telecom, the blue team's scope spans IT estate, signalling and RAN protection, fraud management, and integration with national CERTs and GSMA T-ISAC.", "tags": [ "Radio Access Network", "Security Controls", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/blue-team" }, { "term": "Botnet", "expansion": null, "definition": "A botnet is a network of compromised devices under the control of an attacker via command-and-control infrastructure, used to launch DDoS attacks, distribute spam and malware, mine cryptocurrency, or proxy abuse traffic. Telecom-relevant botnets such as Mirai, Mozi, and successors have largely been built from poorly secured CPE and IoT devices, including those provisioned by carriers.", "tags": [ "Threats and Attacks", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/botnet" }, { "term": "Broadband", "expansion": null, "definition": "Broadband is the umbrella term for high-speed always-on internet access, distinguished from narrowband dial-up. Technologies include DSL and VDSL over copper, DOCSIS over coaxial cable, FTTH/FTTP over fibre, fixed wireless access over 4G/5G, and LEO satellite. Regulators define minimum broadband speeds in their universal-service frameworks, and the threshold rises over time.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/broadband" }, { "term": "BSS", "expansion": "Business Support System", "definition": "The software systems and processes handling business operations in telecommunications including billing, customer relationship management, order management, product catalog, and revenue assurance. BSS systems interface with OSS (Operations Support Systems) to enable end-to-end service delivery and monetization.", "tags": [ "Radio Access Network", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bss-business-support-system" }, { "term": "BTS", "expansion": "Base Transceiver Station", "definition": "A Base Transceiver Station is the radio equipment at a 2G GSM cell site, comprising transceivers, antennas, and supporting infrastructure that connect mobile devices to the network's core via a Base Station Controller. BTS is also used loosely for cell-site equipment in later generations. Vulnerabilities in BTS firmware or configuration have enabled documented interception and rogue-base-station scenarios.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bts-base-transceiver-station" }, { "term": "BTS Impersonation (Fake BTS)", "expansion": null, "definition": "BTS impersonation is the attack in which an adversary deploys equipment that impersonates a legitimate base transceiver station, exploiting the lack of mutual authentication in 2G GSM and weaknesses in early 3G to capture IMSIs, downgrade encryption, or relay calls and SMS. It is the implementation pattern behind IMSI catchers and is mitigated by 4G/5G mutual authentication, the use of integrity-protected paging in 5G, and operator policies that disable 2G fallback in high-risk areas.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bts-impersonation-fake-bts" }, { "term": "CAMARA Project", "expansion": null, "definition": "An open-source project within the Linux Foundation focused on defining, developing, and testing standardized telecommunications APIs. CAMARA works in collaboration with GSMA and TM Forum to create interoperable APIs that enable developers to access network capabilities across multiple operators. CAMARA APIs cover areas including authentication, location services, quality-on-demand, device management, and edge computing.", "tags": [ "Signaling", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/camara-project" }, { "term": "CAP", "expansion": "CAMEL Application Part", "definition": "CAMEL Application Part is the SS7 protocol that lets a service control point trigger and influence calls in real time, enabling prepaid charging, virtual private networks, and other intelligent network services in 2G and 3G. CAP runs on top of TCAP and is functionally similar to INAP. Because it can authorise or extend calls, malicious or misconfigured CAP messages can enable revenue leakage and toll fraud, so CAP traffic is filtered alongside MAP at the SS7 firewall.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cap-camel-application-part" }, { "term": "Capacity Planning", "expansion": null, "definition": "Capacity planning is the discipline of forecasting traffic demand and ensuring that compute, storage, transport, and radio resources are provisioned to meet it within agreed performance and availability targets. In mobile networks it spans radio (sites and spectrum), transport (backhaul and fronthaul), and core (signalling and user plane), and is increasingly automated with ML.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/capacity-planning" }, { "term": "CAPEX", "expansion": "Capital Expenditure", "definition": "Capital Expenditure is the up-front investment in physical or intangible assets that a telecom operator capitalises and depreciates over multiple years — radio sites, fibre, core network equipment, spectrum licences. CAPEX is balanced against OPEX (recurring operating cost) in business cases; the ongoing shift toward cloud-hosted network functions converts much traditional CAPEX into OPEX.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/capex" }, { "term": "CASB", "expansion": "Cloud Access Security Broker", "definition": "A Cloud Access Security Broker is a security control point — usually deployed inline or via API — between users and cloud services, providing visibility, access control, threat protection, and DLP for SaaS and IaaS usage. As operators adopt cloud-hosted OSS/BSS and 5G workloads, CASBs become part of the wider Zero Trust and exposure-management toolkit.", "tags": [ "Security Controls", "Threats and Attacks", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/casb" }, { "term": "CDMA", "expansion": "Code Division Multiple Access", "definition": "Code Division Multiple Access is the air-interface technique used by 2G IS-95 (cdmaOne) and 3G CDMA2000/EV-DO networks, originally championed in North America. Multiple users share the same frequency by being separated through orthogonal pseudo-random code sequences. CDMA networks have largely been migrated to LTE and 5G, and the technology is operationally retired in most markets, though the underlying CDMA principle survives in WCDMA and 5G NR control-channel coding.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cdma" }, { "term": "Cell Phone (Mobile Phone)", "expansion": null, "definition": "A cell phone is a portable wireless device that connects to a cellular mobile network for voice, messaging, and data. Modern smartphones are general-purpose computers running iOS or Android, exposed to malware, phishing, network-based attacks, and SIM-swap-driven account takeovers. Operating-system updates, app-store hygiene, and FIDO-based MFA are the principal user-level defences.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cell-phone-mobile-phone" }, { "term": "Certification Authority (CA)", "expansion": null, "definition": "A Certification Authority is the trusted third party that issues and revokes X.509 certificates, binding a public key to a verified subject identity. Public CAs (subject to CA/Browser Forum rules and Certificate Transparency) issue certificates for the public web; private CAs serve enterprise PKIs and operator infrastructure such as 5G inter-NF mTLS, SEPP authentication, and IPsec tunnels. CA security — root key protection, issuance audit, and revocation hygiene — is the foundation of every PKI-based system.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/certification-authority-ca" }, { "term": "CGNAT", "expansion": "Carrier Grade Network Address Translation", "definition": "Carrier Grade NAT lets a single public IPv4 address be shared by many subscribers, mitigating IPv4 exhaustion. While necessary in IPv4-only deployments, CGNAT complicates abuse attribution (multiple subscribers behind one public IP), undermines lawful-interception logging precision, and causes problems for inbound services. IPv6 deployment is the long-term answer.", "tags": [ "Identity and Subscriber", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cgnat" }, { "term": "Charging System", "expansion": null, "definition": "The telecom infrastructure responsible for collecting, rating, and recording network usage events for billing purposes. Includes both online charging (real-time) and offline charging (post-processing). Charging systems interface with network elements via protocols like Diameter (Ro/Rf interfaces) and generate Call Detail Records (CDRs) or Usage Detail Records (UDRs).", "tags": [ "Signaling", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/charging-system" }, { "term": "Cipher", "expansion": null, "definition": "A cipher is the cryptographic algorithm that transforms plaintext into ciphertext (and back) under control of a key. Modern symmetric ciphers in telecom include AES (used in IPsec, TLS, EEA2/EIA2 for LTE, NEA2/NIA2 for 5G), ChaCha20, and the SNOW family used in 3G/4G/5G air-interface encryption. Asymmetric ciphers (RSA, ECDSA, ECDH, EdDSA) are used in PKI and key exchange. Cipher choice and key length must follow current NIST/ENISA guidance to avoid downgrade and quantum-readiness gaps.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cipher" }, { "term": "Cipher Downgrade Attack", "expansion": null, "definition": "A cipher downgrade attack manipulates a security negotiation so that the parties end up using a weaker cipher than they would otherwise choose, opening the way to subsequent cryptanalysis. Examples include FREAK and Logjam against TLS, and forced fallback from A5/3 to A5/1 in GSM. Modern protocols (TLS 1.3, 5G AKA) explicitly bind negotiated parameters to defeat downgrades.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cipher-downgrade-attack" }, { "term": "CLI Spoofing", "expansion": "Calling Line Identification Spoofing", "definition": "An attack where an attacker forges the calling number displayed to the called party. Prevention requires strong CLI authentication in networks (e.g., STIR/SHAKEN).", "tags": [ "Security Controls", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cli-spoofing" }, { "term": "Cleartext (Plain Text)", "expansion": null, "definition": "Cleartext (or plaintext) refers to information that is unencrypted and directly readable. Transmitting credentials, subscriber identifiers, or sensitive content in cleartext over untrusted networks is a baseline failure of modern security practice. Telecom-specific examples include legacy SS7, plaintext SNMPv1/v2c, Telnet, and unencrypted SIP — all to be avoided or wrapped in TLS/IPsec.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cleartext-plain-text" }, { "term": "Cloud RAN", "expansion": null, "definition": "Cloud RAN, often called C-RAN, centralises baseband units in a regional data centre and connects them to remote radio heads via a high-bandwidth, low-latency fronthaul (CPRI or eCPRI). It enables coordinated multi-cell processing, easier upgrades, and elastic capacity. Security implications include the need to protect the fronthaul itself (which carries unciphered traffic in some splits), to harden the cloud platform, and to ensure timing and key material handling meet the stringent requirements of the radio interface.", "tags": [ "Radio Access Network", "Signaling", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cloud-ran" }, { "term": "Conformance Testing", "expansion": null, "definition": "Conformance testing verifies that equipment or software implements a standard correctly — for example, a UE conforming to 3GPP NAS specifications, or a SIP softswitch to RFC 3261. In mobile, GCF and PTCRB run formal conformance and interoperability programmes that vendors must pass before equipment can be deployed on operator networks.", "tags": [ "Core Network", "Signaling", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/conformance-testing" }, { "term": "Confidentiality", "expansion": null, "definition": "Confidentiality, one of the three pillars of the CIA security triad, is the property that information is disclosed only to parties authorised to see it. In telecom it is delivered by air-interface ciphering (EEA/NEA), TLS/IPsec on transport links, SUCI for identity protection in 5G, mTLS in the SBA, and database/disk encryption at rest in core systems.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/confidentiality" }, { "term": "Control Plane Security", "expansion": null, "definition": "Security measures protecting the control plane, which carries signaling and management traffic that directs network operations. Control plane security includes encryption of signaling and authentication of network elements.", "tags": [ "Signaling", "Security Controls", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/control-plane-security" }, { "term": "Core Network", "expansion": null, "definition": "The central switching and routing infrastructure of a telecom network, distinct from the radio access network (RAN). 5G introduces Network Functions (NFs) in a service-based architecture.", "tags": [ "Radio Access Network", "Core Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/core-network" }, { "term": "Core Network Security Assessment", "expansion": null, "definition": "A core network security assessment audits the controls protecting an operator's mobile core — encryption configuration on user-plane and signalling links, AAA and key-management hygiene, exposure of management interfaces, IDS/firewall coverage, and patching state of NFs. Findings are mapped against 3GPP SCAS, GSMA NESAS, and operator policy, and feed prioritised remediation.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/core-network-security-assessment" }, { "term": "CPE", "expansion": "Customer Premises Equipment", "definition": "Customer Premises Equipment is the network equipment installed at the subscriber's location: modems, ONTs, residential gateways, IP phones, set-top boxes, and increasingly 5G fixed-wireless-access routers. CPE security is critical because compromised devices feed botnets (Mirai, Mozi) and can be used as pivots into the operator's network; remote management via TR-069/TR-369 must be hardened and patched.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cpe-customer-premises-equipment" }, { "term": "Cryptanalysis", "expansion": null, "definition": "Cryptanalysis is the study of how to recover plaintext, keys, or other secret material from cryptographic systems without authorised access. Modern cryptanalysis has produced practical breaks of weak telecom ciphers (A5/2, GEA1) and theoretical advances against widely used ones, and motivates the ongoing migration to AES, modern AKA variants, and post-quantum algorithms.", "tags": [ "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cryptanalysis" }, { "term": "Cryptography", "expansion": null, "definition": "Cryptography is the mathematical discipline that provides confidentiality, integrity, authentication, and non-repudiation through algorithms and key material. Modern cryptography spans symmetric ciphers, hash functions, public-key systems, key-exchange protocols, and post-quantum candidates, and underpins every meaningful telecom security control from SIM authentication to inter-PLMN signalling protection.", "tags": [ "Core Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cryptography" }, { "term": "CSCF", "expansion": "Call Session Control Function", "definition": "The Call Session Control Function is the SIP-based control plane of the IMS network. It exists in three roles: the Proxy-CSCF, the first contact for the UE; the Interrogating-CSCF, which routes registrations to the correct Serving-CSCF; and the Serving-CSCF, which handles registration, authentication via the HSS over Diameter Cx, and call control. CSCFs anchor VoLTE, VoNR, and RCS services and are exposed to SIP abuse such as registration hijacking, toll fraud, and DoS.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cscf" }, { "term": "CSPM", "expansion": "Cloud Security Posture Management", "definition": "Cloud Security Posture Management is a category of tooling that continuously scans cloud accounts for misconfigurations, excessive permissions, and policy violations against benchmarks such as CIS. As 5G core and OSS workloads migrate into hyperscaler clouds, CSPM becomes a baseline control alongside cloud workload protection and identity governance.", "tags": [ "Core Network", "Identity and Subscriber", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cspm" }, { "term": "CVE", "expansion": "Common Vulnerabilities and Exposures", "definition": "Common Vulnerabilities and Exposures is the publicly maintained catalogue of disclosed software vulnerabilities, each assigned a unique CVE-YYYY-NNNN identifier by a CVE Numbering Authority. The system, run by MITRE with CISA sponsorship, is the lingua franca of vulnerability management worldwide and feeds into NVD severity scoring (CVSS) and operator patching workflows.", "tags": [ "Radio Access Network", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cve-common-vulnerabilities-and-exposures" }, { "term": "Cybersecurity", "expansion": null, "definition": "Cybersecurity is the practice of protecting computers, networks, services, and data from unauthorised access, damage, or disruption through a combination of technical controls (cryptography, segmentation, monitoring), organisational controls (governance, risk management, training), and incident response. Telecom cybersecurity adds the specifics of signalling, RAN, and lawful-interception protection.", "tags": [ "Radio Access Network", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cybersecurity" }, { "term": "Data Localization", "expansion": null, "definition": "Data localisation is the requirement, increasingly common in national legislation, that certain categories of personal or sensitive data must be stored and processed within the country's borders. For multinational telecom operators it complicates cloud strategy, OSS/BSS architecture, and incident-response logistics, and intersects with cross-border data-transfer regulations such as GDPR.", "tags": [ "Radio Access Network", "Cloud and Virtualization", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/data-localization" }, { "term": "Dayparting", "expansion": null, "definition": "Dayparting in telecom is the practice of varying tariffs or service behaviour by time of day or day of week — for example, off-peak voice rates or scheduled bulk-data windows. Modern dynamic-pricing systems can also adjust based on real-time network congestion, and analogous techniques are used in advertising and content scheduling.", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dayparting" }, { "term": "Detection Engineering", "expansion": null, "definition": "Detection engineering is the discipline of designing, building, testing, and maintaining the rules, queries, and analytics that turn telemetry into actionable alerts. Telecom detection engineering spans IT (EDR, SIEM) and signalling (SS7/Diameter/GTP/SIP/N32 monitoring), and is typically organised against MITRE ATT&CK and the telecom-specific FiGHT knowledge base.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/detection-engineering" }, { "term": "DDoS", "expansion": "Distributed Denial of Service", "definition": "A Distributed Denial of Service attack uses many compromised hosts (a botnet) or amplification techniques to overwhelm a target with traffic, exhausting bandwidth or compute and rendering services unavailable. Telecom-specific DDoS targets include SIP servers, DNS resolvers, signalling endpoints, and increasingly 5G control-plane interfaces. Defence relies on upstream scrubbing, anycast, rate limiting, and protocol-aware filtering.", "tags": [ "Signaling", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ddos" }, { "term": "Decryption", "expansion": null, "definition": "Decryption is the reverse of encryption: converting ciphertext back into plaintext using the appropriate key. In symmetric schemes the same key encrypts and decrypts; in asymmetric schemes the holder of the private key decrypts what was encrypted with the matching public key. Authorised decryption depends on rigorous key management; unauthorised decryption is the goal of cryptanalysis.", "tags": [ "Core Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/decryption" }, { "term": "Demarcation Point (Demarc)", "expansion": null, "definition": "The demarcation point (demarc) is the physical and contractual boundary between the carrier's network and the customer's premises wiring. Responsibility for fault-finding and equipment shifts at the demarc. In modern fibre deployments the ONT typically sits at the demarc; in copper it has historically been the network interface device on the building exterior.", "tags": [ "Internet and Routing", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/demarcation-point-demarc" }, { "term": "Denial of Service (DoS)", "expansion": null, "definition": "Denial of Service is any attack that disrupts the availability of a network or service. Classic DoS uses a single source; DDoS uses many. Telecom-specific DoS targets include SS7 and Diameter signalling, GTP user plane, SIP servers, DNS resolvers, and 5G control-plane interfaces. Defences combine upstream scrubbing, rate limiting, and protocol-aware filtering.", "tags": [ "Signaling", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/denial-of-service-dos" }, { "term": "Diameter", "expansion": null, "definition": "The IETF AAA protocol that replaces RADIUS in modern mobile cores, standardised in RFC 6733 and extended by 3GPP for use across LTE, IMS, and parts of 5G. Diameter handles authentication, authorisation, charging, and policy interactions between elements such as MME, HSS, PCRF, and OCS. While it adds peer-to-peer transport (TCP/SCTP) and TLS/IPsec capability, in practice operators often deploy it without strong inter-PLMN authentication, leaving it exposed to many of the same location-tracking, interception, and denial-of-service attacks that affect SS7. GSMA FS.19 defines the equivalent Category 1/2/3 filtering controls.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/diameter" }, { "term": "Diameter Interconnect Security", "expansion": null, "definition": "Security controls specific to Diameter protocol communications between interconnecting networks and carriers. Includes Diameter Edge Agent (DEA) deployment, message validation, topology hiding, encryption of credentials, and protection against diameter-specific attacks (redirect abuse, subscription data harvesting). Critical for roaming and wholesale scenarios.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/diameter-interconnect-security" }, { "term": "Digital Signature", "expansion": null, "definition": "A digital signature is a cryptographic construction using a private key to sign data such that anyone with the corresponding public key can verify both the origin and the integrity. Algorithms include RSA-PSS, ECDSA, EdDSA, and post-quantum candidates. Digital signatures underpin X.509 certificates, code signing, JWT tokens, and STIR caller-ID attestation.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/digital-signature" }, { "term": "DLP", "expansion": "Data Loss Prevention", "definition": "Data Loss Prevention is a category of security tooling that inspects data in motion, at rest, and in use to detect and block exfiltration of sensitive information — credentials, source code, customer data, regulated personal data. In telecom, DLP complements egress filtering at OSS/BSS and corporate boundaries and is tied into incident response workflows.", "tags": [ "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dlp-data-loss-prevention" }, { "term": "DMZ", "expansion": "Demilitarized Zone", "definition": "A Demilitarised Zone is a network segment positioned between an internal trusted network and an external untrusted network (typically the internet), used to host services that must be reachable from outside — web, email, DNS — while limiting the blast radius if those services are compromised. DMZ design is a long-standing perimeter-security pattern, complementary to modern Zero Trust approaches.", "tags": [ "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dmz-demilitarized-zone" }, { "term": "DNS", "expansion": "Domain Name System", "definition": "The Domain Name System (RFCs 1034/1035 and many extensions) is the distributed hierarchical database that translates human-readable domain names into IP addresses and other resource records. DNS is critical infrastructure exposed to spoofing, cache poisoning, amplification DDoS, and tunneling-based exfiltration. DNSSEC adds origin authentication, and DoH/DoT add transport encryption between client and resolver.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dns-domain-name-system" }, { "term": "DOCSIS", "expansion": "Data Over Cable Service Interface Specification", "definition": "Data Over Cable Service Interface Specification (DOCSIS) is the CableLabs standard for delivering broadband internet over hybrid fibre-coaxial cable networks. Successive versions (1.1, 2.0, 3.0, 3.1, 4.0) have raised speeds into the multi-gigabit range. DOCSIS includes BPI/BPI+ for link encryption and uses certificate-based modem authentication to deter cloning and theft of service.", "tags": [ "Radio Access Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/docsis" }, { "term": "DRP", "expansion": "Disaster Recovery Plan", "definition": "A Disaster Recovery Plan documents the technical and organisational procedures for restoring services after major disruption — natural disaster, large-scale outage, ransomware. For a telecom operator, the DRP covers core network elements, OSS/BSS, customer-facing services, and the dependencies between them, and is exercised regularly through tabletop and live drills.", "tags": [ "Radio Access Network", "Core Network", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/drp-disaster-recovery-plan" }, { "term": "DSL", "expansion": "Digital Subscriber Line", "definition": "Digital Subscriber Line is the family of technologies that deliver broadband over copper telephone pairs, including ADSL, VDSL, SDSL, and G.fast. DSL services share the existing local loop with voice and use frequency-division multiplexing to keep them separate. DSL is being progressively replaced by FTTH and fixed wireless, but remains common in many markets.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dsl-digital-subscriber-line" }, { "term": "DSLAM", "expansion": "DSL Access Multiplexer", "definition": "A DSL Access Multiplexer aggregates many DSL subscriber loops into a smaller number of upstream links to the operator's network. DSLAMs are typically deployed in central offices or street cabinets and contain the modems for every served line. They are a frequent target for fibre-to-the-cabinet upgrades that move the aggregation point closer to subscribers.", "tags": [ "Identity and Subscriber", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dslam" }, { "term": "E.164", "expansion": null, "definition": "E.164 is the ITU-T international public telecommunication numbering plan, defining the structure of telephone numbers up to 15 digits comprising a country code and a national subscriber number. It is the format used by MSISDNs in mobile networks, by SIP URIs that carry phone numbers, and by SS7 signalling. STIR/SHAKEN attestation operates on E.164 numbers in SIP INVITEs.", "tags": [ "Signaling", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/e-164" }, { "term": "E911", "expansion": "Enhanced 911", "definition": "Enhanced 911 is the US emergency-services capability that automatically delivers the caller's location and callback number to the dispatcher answering a 911 call. E911 imposes specific obligations on wireless and VoIP carriers (Phase I and Phase II location accuracy, handling of nomadic VoIP) enforced by the FCC, and is the model for similar services worldwide such as E112 in the EU.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/e911" }, { "term": "EAP", "expansion": "Extensible Authentication Protocol", "definition": "The Extensible Authentication Protocol (RFC 3748) is a framework for carrying arbitrary authentication methods over a transport such as 802.1X, RADIUS, IPsec, or PPP. Common EAP methods include EAP-TLS (mutual certificate authentication), EAP-TTLS, EAP-PEAP, and EAP-AKA' used for 5G authentication. EAP method selection determines the actual security properties; EAP-TLS and EAP-AKA' are the strongest commonly deployed.", "tags": [ "Radio Access Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/eap-extensible-authentication-protocol" }, { "term": "EDGE", "expansion": "Enhanced Data Rates for GSM Evolution", "definition": "Enhanced Data Rates for GSM Evolution, commonly called 2.5G or 2.75G, extended GSM/GPRS with 8-PSK modulation to deliver up to ~384 kbit/s. EDGE allowed operators to launch usable mobile data on existing GSM hardware while UMTS networks were rolled out. It is now confined to coverage fallback and IoT applications in remaining 2G networks; security-wise it inherits all of GSM's weaknesses, including weak ciphering and lack of mutual authentication.", "tags": [ "Radio Access Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/edge" }, { "term": "EDR", "expansion": "Endpoint Detection and Response", "definition": "Endpoint Detection and Response is a security technology that continuously monitors endpoints — workstations, servers, sometimes mobile devices — for behaviours indicative of attack, records detailed telemetry, and supports investigation and remote remediation. EDR is a cornerstone of modern enterprise SOC operations and is increasingly deployed on telecom OSS/BSS infrastructure.", "tags": [ "Security Controls", "Threats and Attacks", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/edr-endpoint-detection-and-response" }, { "term": "Egress", "expansion": null, "definition": "Egress refers to traffic leaving a network or system. Egress filtering blocks unauthorised outbound flows and is a critical control against data exfiltration, command-and-control communication by malware, and the operator becoming a source of spoofed traffic (per BCP 38). Mature egress policy combines firewall rules, DNS filtering, and DLP tooling.", "tags": [ "Security Controls", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/egress" }, { "term": "EIR", "expansion": "Equipment Identity Register", "definition": "The Equipment Identity Register is the database of mobile-device identities (IMEIs) in a mobile network, classified into white (allowed), grey (monitored), and black (blocked) lists. The MSC, SGSN, MME, or AMF queries the EIR during attach to enforce equipment policy — refusing service to stolen, cloned, or non-type-approved devices. EIRs feed and are fed by industry-shared blocklists (e.g. GSMA IMEI Database) to deter device theft across operators.", "tags": [ "Core Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/eir-equipment-identity-register" }, { "term": "Encryption", "expansion": null, "definition": "Encryption is the cryptographic transformation of plaintext into ciphertext such that only holders of the key can recover the original. It comes in symmetric (AES, ChaCha20, the air-interface ciphers EEA/NEA) and asymmetric (RSA, ECC) forms, and underpins every modern telecom security control: TLS, IPsec, mTLS in 5G SBA, SUCI in 5G identity protection, and disk and database encryption at rest.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/encryption" }, { "term": "Endpoint", "expansion": null, "definition": "An endpoint is any device that connects to a network and acts as a source or sink of traffic — workstation, server, mobile phone, IoT sensor, IP phone. Endpoints are the most numerous and often the least controlled assets in any environment, making endpoint hygiene (patching, EDR, configuration baselines) one of the highest-leverage security investments.", "tags": [ "Internet and Routing", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/endpoint" }, { "term": "eSIM (Embedded SIM, eUICC)", "expansion": null, "definition": "An eSIM (Embedded SIM) is a soldered, non-removable Embedded UICC that can be remotely provisioned with one or more operator profiles via the GSMA SGP.21/SGP.22 (consumer) and SGP.01/SGP.02 (M2M) standards. eSIMs improve device design and user experience, support multi-IMSI use cases, and rely on a secure remote SIM provisioning ecosystem certified under GSMA SAS-SM.", "tags": [ "Identity and Subscriber", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/esim-embedded-sim-euicc" }, { "term": "ETSI", "expansion": "European Telecommunications Standards Institute", "definition": "The European Telecommunications Standards Institute is a non-profit standards organisation based in Sophia Antipolis, France, that produces telecom and ICT standards used globally. ETSI is one of the seven Organisational Partners of 3GPP, and authors security-critical specifications including the Lawful Interception series (TS 102 232/103 221), the EN 303 645 IoT security baseline, and many MEC and NFV standards.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/etsi" }, { "term": "Event Logging", "expansion": null, "definition": "Event logging is the recording of significant events — authentication attempts, configuration changes, error conditions, security alerts — by network systems for forensics, compliance, and operational troubleshooting. Telecom logging spans IT systems, signalling elements, and lawful-interception activations, and feeds the SIEM, fraud, and audit pipelines simultaneously.", "tags": [ "Identity and Subscriber", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/event-logging" }, { "term": "Exfiltration", "expansion": null, "definition": "Exfiltration is the unauthorised removal of data from a system or network by an attacker, often the final stage of a targeted intrusion. In telecom, exfiltration may target subscriber databases, call detail records, or lawful-interception material; defences include strict egress filtering, DLP tooling, monitoring of unusual outbound flows, and segmentation of high-value data stores.", "tags": [ "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/exfiltration" }, { "term": "Exposure Mapping", "expansion": null, "definition": "Exposure mapping is the continuous discovery, classification, and tracking of every internet-reachable asset, signalling endpoint, API, and service that an operator exposes — intentionally or otherwise. It feeds prioritised hardening, vulnerability management, and red-team scoping, and is increasingly delivered as continuous threat exposure management (CTEM) tooling.", "tags": [ "Signaling", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/exposure-mapping" }, { "term": "FASG", "expansion": "GSMA Fraud and Security Group", "definition": "In telecom networks, the GSMA Fraud and Security Group (FASG) is the industry body that produces FS-series technical documents covering interconnect security (SS7, Diameter, GTP, 5G), fraud, and operational best practices. FASG outputs feed the T-ISAC, NESAS, and operator security baselines, and coordinate fraud and security initiatives across mobile operators worldwide.", "tags": [ "Signaling", "Roaming and Interconnect", "Fraud" ], "aliases": [ "GSMA FASG", "Fraud and Security Group" ], "url": "https://glossary.p1sec.com/telcosec-glossary/fasg" }, { "term": "FCC", "expansion": "Federal Communications Commission", "definition": "The Federal Communications Commission is the independent US federal agency that regulates interstate communications by radio, television, wire, satellite, and cable. The FCC issues spectrum licences, enforces the STIR/SHAKEN caller-ID authentication mandate, oversees lawful interception requirements (CALEA), and publishes equipment authorisation rules under Part 15 and Part 22.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fcc-federal-communications-commission" }, { "term": "FDD", "expansion": "Frequency Division Duplex", "definition": "Frequency Division Duplex uses different frequency bands for uplink and downlink, allowing simultaneous bidirectional transmission. FDD has historically dominated cellular deployments because it is robust and well-suited to symmetric voice traffic. Its alternative TDD reuses one band by alternating in time and is more flexible for asymmetric data, with 5G mid-band largely TDD.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fdd-frequency-division-duplex" }, { "term": "Femtocell", "expansion": null, "definition": "A femtocell is a small, low-power cellular base station designed for indoor use in homes and small offices, backhauled over the subscriber's broadband connection to the operator core. Femtocells improve indoor coverage but expand the operator's trust boundary into customer premises and have been the subject of security research demonstrating IMSI capture and traffic interception.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/femtocell" }, { "term": "Firewall", "expansion": null, "definition": "A firewall is a network security control that inspects traffic at a defined boundary and applies policy to permit, deny, or transform it. Modern firewalls range from stateful packet filters and next-generation firewalls (with application identification and IPS) for IT networks, to highly specialised SS7, Diameter, GTP, SIP, and 5G N32 signalling firewalls in mobile networks. Effective firewalling depends on accurate policy, segmentation, ongoing rule hygiene, and integration with detection and response tooling.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/firewall" }, { "term": "Firmware", "expansion": null, "definition": "Firmware is the persistent low-level software embedded in hardware devices — modems, base stations, routers, IoT sensors, SIM cards. Firmware vulnerabilities are particularly impactful because they often run with full hardware privileges and can persist across OS reinstalls. Signed updates, secure boot, and a documented vulnerability response process are baseline expectations for any telecom equipment.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/firmware" }, { "term": "Fixed Wireless Access (FWA)", "expansion": null, "definition": "A broadband technology using wireless radio links to provide high-speed internet connectivity to fixed locations (homes, businesses) as an alternative to wired connections (DSL, cable, fiber). FWA typically uses 4G LTE or 5G cellular technology with Customer Premises Equipment (CPE) installed at the user location receiving signals from a nearby base station. FWA enables rapid deployment in underserved or rural areas where wired infrastructure is not economically viable.", "tags": [ "Radio Access Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fixed-wireless-access-fwa" }, { "term": "Flash Call Fraud", "expansion": null, "definition": "Flash call fraud uses very brief incoming calls (often called missed-call attacks) to manipulate billing systems or trigger callbacks to high-cost numbers, generating IRSF revenue. A related variant uses flash calls as a frictionless OTP delivery mechanism, where the calling number itself is the OTP — a pattern operators must specifically distinguish from genuine fraud.", "tags": [ "Threats and Attacks", "Fraud", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/flash-call-fraud" }, { "term": "Fronthaul", "expansion": null, "definition": "Fronthaul is the network segment between the Remote Radio Head (or O-RAN Radio Unit) and the centralised baseband processing in Cloud RAN and vRAN architectures. It typically uses CPRI or the packet-based eCPRI over fibre, with strict latency and synchronisation requirements. Some functional splits expose unciphered user data, so fronthaul must be physically protected or encrypted with MACsec or IPsec.", "tags": [ "Radio Access Network", "Security Controls", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fronthaul" }, { "term": "Fuzzing", "expansion": "Telecom Protocols", "definition": "Fuzzing is a software testing technique that feeds malformed, unexpected, or random inputs into a program to discover crashes and security vulnerabilities. Telecom protocol fuzzing targets SS7, Diameter, GTP, SIP, and 5G SBA APIs, and has historically uncovered exploitable bugs in core network functions, IMS elements, and signalling firewalls themselves.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fuzzing" }, { "term": "FS.07", "expansion": "GSMA Reference Document", "definition": "GSMA FS.07 is the Permanent Reference Document defining baseline security recommendations for 2G/3G/4G international roaming. It covers SS7 and Diameter interconnect controls, the responsibilities of home and visited operators, and minimum filtering and monitoring requirements. FS.07 is one of the foundational GSMA security documents that operators reference when defining their roaming security baseline alongside FS.11 and FS.19.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-07" }, { "term": "FS.11", "expansion": "GSMA Vulnerability Disclosure Framework", "definition": "GSMA FS.11 is the Permanent Reference Document specifying the SS7 Interconnect Security Monitoring & Firewall Guidelines. It defines the well-known Category 1 (always blocked at interconnect), Category 2 (allowed only from the subscriber's current visited network), and Category 3 (rate-limited and behaviourally validated) classification for MAP operations, plus monitoring, logging, and incident-response expectations. FS.11 is the de facto global standard for SS7 firewall policy.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-11" }, { "term": "FS.19", "expansion": "GSMA Fraud and Security Group Recommendations", "definition": "GSMA FS.19 is the Permanent Reference Document on Diameter Interconnect Security, the Diameter analogue of FS.11. It classifies Diameter command codes by risk, recommends Diameter Edge Agent and firewall capabilities, prescribes filtering rules for the S6a/S9 interfaces, and defines monitoring and incident-response expectations for 4G LTE and IMS interconnects. FS.19 is the operator baseline for protecting Diameter roaming traffic.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-19" }, { "term": "GGSN", "expansion": "Gateway GPRS Support Node", "definition": "The Gateway GPRS Support Node is the 2G/3G packet-core element that connects the mobile network to external IP networks, allocates subscriber IP addresses, and applies charging. It is the predecessor of the 4G PGW. GGSNs terminate GTP tunnels from SGSNs and are reachable from roaming partners over GRX, making them frequent targets of GTP-based abuse such as session hijacking and IMSI disclosure when GTP firewalls are absent or misconfigured.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ggsn" }, { "term": "Global Title Abuse", "expansion": null, "definition": "Global Title abuse is the SS7 attack pattern in which an adversary sends signalling messages with a forged or unauthorised SCCP Global Title, causing the recipient to act as if the message originated from a trusted peer. It is the foundation of most SS7 location-tracking and interception attacks. Mitigation requires Global Title screening at the SS7 firewall, validation that the calling Global Title matches the originating signalling link, and category-based filtering of MAP operations.", "tags": [ "Signaling", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/global-title-abuse" }, { "term": "GMSC", "expansion": "Gateway Mobile Switching Center", "definition": "The Gateway MSC is the MSC that interconnects a mobile network with the PSTN or another mobile network for incoming calls. It performs the SRI query to the HLR to find the called subscriber's current MSC and routes the call accordingly. GMSC functionality is largely subsumed by IMS gateways (MGCF, IBCF) in modern VoLTE-based networks.", "tags": [ "Core Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gmsc" }, { "term": "GNSS", "expansion": "Global Navigation Satellite System", "definition": "Global Navigation Satellite System is the umbrella term for the constellations that provide positioning, navigation, and timing — GPS (US), GLONASS (Russia), Galileo (EU), BeiDou (China). Telecom networks depend on GNSS for accurate time synchronisation in radio access and transport, which makes GNSS jamming and spoofing significant operational and security risks.", "tags": [ "Radio Access Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gnss" }, { "term": "GNSS Jamming", "expansion": null, "definition": "GNSS jamming is the deliberate transmission of RF energy in GNSS bands to prevent receivers from locking on to satellite signals. It is widely used by drivers attempting to defeat fleet-tracking and as a tool of state and military activity in conflict zones. GNSS denial degrades navigation, mobile-network timing, and many critical-infrastructure systems that depend on satellite time.", "tags": [ "Radio Access Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gnss-jamming" }, { "term": "GNSS Spoofing", "expansion": null, "definition": "GNSS spoofing is the deliberate transmission of counterfeit satellite signals that cause receivers to compute false positions or times. Demonstrated against ships, drones, and (rarely) mobile networks that rely on GNSS for timing, it is a more sophisticated and impactful threat than jamming. Defences include receiver authentication (Galileo OSNMA), signal-quality monitoring, and inertial cross-checking.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gnss-spoofing" }, { "term": "GPRS", "expansion": "General Packet Radio Service", "definition": "General Packet Radio Service, often labelled 2.5G, added packet-switched data on top of GSM with theoretical rates around 114 kbit/s. It introduced the SGSN and GGSN as the first packet-core elements and the GTP tunnelling protocol that survives in evolved form into 5G. GPRS data is encrypted with the GEA family of ciphers, of which GEA1 has been shown to be deliberately weakened. Most operators have decommissioned or are phasing out GPRS as part of broader 2G/3G sunset.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gprs" }, { "term": "Grey Routing", "expansion": null, "definition": "Grey routing is the unauthorised termination of voice or SMS traffic via routes that bypass official interconnect agreements, often abusing roaming or wholesale arrangements to deliver traffic at lower cost. It deprives the destination operator of expected termination fees and degrades CLI integrity. Detection relies on test-call generators and traffic-pattern analytics on the SMSC and gateway MSC.", "tags": [ "Radio Access Network", "Core Network", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/grey-routing" }, { "term": "GRE", "expansion": "Generic Routing Encapsulation", "definition": "Generic Routing Encapsulation (RFC 2784) is a simple tunneling protocol that wraps arbitrary network-layer packets inside an IP delivery header. It is widely used to interconnect networks and to carry non-IP protocols across IP backbones. GRE itself provides no confidentiality or authentication; production tunnels should be wrapped in IPsec or use authenticated GRE keys at minimum.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gre-generic-routing-encapsulation" }, { "term": "GSM", "expansion": "Global System for Mobile Communications", "definition": "The Global System for Mobile Communications is the 1991 ETSI/3GPP 2G digital cellular standard that became the dominant mobile technology of the 1990s and 2000s, defining the architecture (BTS/BSC/MSC/HLR), the SS7 interconnect model, and SMS. GSM uses A5/1, A5/2, and A5/3 air-interface ciphers, all of which have known weaknesses (A5/2 fully broken, A5/1 practical for well-resourced attackers), and lacks mutual authentication. Most operators are sunsetting GSM in favour of LTE and 5G.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsm-global-system-for-mobile-communications" }, { "term": "GSMA", "expansion": "GSM Association", "definition": "The GSMA is the global trade association of mobile network operators, equipment vendors, and ecosystem players. Beyond MWC, the GSMA owns critical operational standards — IMEI Database, eSIM/RSP, RCS, IPX certification — and publishes the FS-series Permanent Reference Documents that define interconnect security baselines (FS.07, FS.11, FS.19, FS.20, FS.21) used by operators worldwide. Compliance with GSMA security PRDs is increasingly a commercial and regulatory expectation.", "tags": [ "Core Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsma" }, { "term": "GSMA Open Gateway", "expansion": null, "definition": "A GSMA industry initiative providing a framework for standardized network API exposure that enables developers and enterprises to access operator network capabilities. Open Gateway APIs are defined through the CAMARA project and cover authentication, fraud prevention, location services, quality-on-demand, device management, edge computing, and carrier billing. The framework aims to enable federated API access across multiple operators through standardized interfaces.", "tags": [ "Signaling", "Security Controls", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsma-open-gateway" }, { "term": "GSMA Permanent Reference Documents (IR Series)", "expansion": null, "definition": "GSMA operational reference documents defining technical and procedural requirements for roaming and interconnect between mobile network operators. The IR series covers aspects such as interworking, numbering, addressing, testing, and operational coordination. These documents are not security-specific publications but may include security-related requirements as part of broader operational guidance.", "tags": [ "Roaming and Interconnect", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsma-permanent-reference-documents-ir-series" }, { "term": "GTP", "expansion": "GPRS Tunneling Protocol", "definition": "The GPRS Tunnelling Protocol carries user data and control signalling between core network elements in 2.5G GPRS, 3G UMTS, 4G LTE, and 5G non-standalone deployments. It exists in three flavours: GTP-C for control-plane signalling between SGSN/MME/SGW/PGW, GTP-U for user-plane data tunnelling, and GTP' for charging. GTP was designed to run on private GRX/IPX backbones and has weak built-in authentication, making it a frequent target for IMSI disclosure, session hijacking, denial of service, and bearer redirection. Operators protect it with dedicated GTP firewalls and strict peer validation.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gtp-gprs-tunneling-protocol" }, { "term": "GTP Firewall", "expansion": null, "definition": "A purpose-built firewall that inspects GTP-C and GTP-U traffic between mobile operators across the GRX/IPX backbone and on Gn/S5/S8 interfaces. It validates that TEIDs, IMSIs, and APNs come from the expected peer, blocks malformed or out-of-sequence messages, prevents GTP-in-GTP tunnelling abuse, and enforces rate limits to mitigate DoS. GTP firewalls are essential for any operator offering data roaming and are recommended by GSMA security guidance for both legacy and modern packet cores.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gtp-firewall" }, { "term": "Handoff (Handover)", "expansion": null, "definition": "Handoff (handover, in 3GPP terminology) is the procedure that transfers an active call or data session from one cell, carrier, or radio access technology to another as the user moves or as conditions change. Soft, hard, and inter-RAT variants exist; security-sensitive aspects include re-establishing ciphering and integrity protection without interruption and resisting forced bid-down to weaker ciphers.", "tags": [ "Radio Access Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/handoff-handover" }, { "term": "HDSL", "expansion": "High-Bit-Rate Digital Subscriber Line", "definition": "High-Bit-Rate DSL was an early symmetric DSL technology providing about 1.5 to 2.3 Mbit/s over two copper pairs, used as a cheaper alternative to T1/E1 leased lines. HDSL has been largely superseded by SHDSL, fibre, and Ethernet First Mile, but remains in legacy deployments where re-cabling has not been justified.", "tags": [ "Core Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hdsl" }, { "term": "HI1", "expansion": "Lawful Interception (Handover Interface 1)", "definition": "The interface between the telecom network and law enforcement agencies per ETSI LI model. HI1 is the administrative interface carrying instructions for intercept activation and deactivation.", "tags": [ "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hi1-lawful-interception-handover-interface-1" }, { "term": "HI2", "expansion": "Lawful Interception (Handover Interface 2)", "definition": "The interface delivering content of communication from the network to law enforcement per ETSI LI model. HI2 carries intercepted communications (voice, SMS, data) along with associated metadata.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hi2-lawful-interception-handover-interface-2" }, { "term": "HI3", "expansion": "Lawful Interception (Handover Interface 3)", "definition": "The interface for intercept-related information from the network to law enforcement per ETSI LI model. HI3 provides metadata about communications without intercepting content.", "tags": [ "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hi3-lawful-interception-handover-interface-3" }, { "term": "HLR", "expansion": "Home Location Register", "definition": "The Home Location Register is the master subscriber database in 2G and 3G mobile networks, storing IMSI, MSISDN, service profile, authentication keys, and the current visited network of every subscriber. The MSC, VLR, SMSC, and other network elements query the HLR over MAP/SS7 to authenticate users, route calls and SMS, and apply service permissions. Because compromise of the HLR exposes every subscriber's identity, location, and authentication material, it is one of the most security-sensitive systems in a mobile operator and a primary target for both insider abuse and SS7 attacks.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hlr-home-location-register" }, { "term": "HLS", "expansion": "HTTP Live Streaming", "definition": "HTTP Live Streaming is an adaptive bitrate streaming protocol (RFC 8216) that delivers media as a series of small files referenced by an M3U8 playlist. HLS is the dominant streaming format on iOS and is widely used by broadcasters, OTT services, and mobile operators. HLS over HTTPS provides confidentiality and integrity of both the playlist and the segments.", "tags": [ "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hls-http-live-streaming" }, { "term": "HTTP/2 Security in 5G", "expansion": null, "definition": "5G's Service-Based Architecture uses HTTP/2 (RFC 7540) for all inter-NF communication. Security on this layer requires mutual TLS for transport authentication and confidentiality, OAuth2 access tokens for fine-grained authorisation, JSON-schema validation against 3GPP-defined OpenAPI specs, and protection against known HTTP/2 abuses such as Rapid Reset (CVE-2023-44487).", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/http-2-security-in-5g" }, { "term": "HSS", "expansion": "Home Subscriber Server", "definition": "The Home Subscriber Server is the 4G and 5G evolution of the HLR, used by the MME (4G), AMF and AUSF (5G), and IMS networks to authenticate subscribers and supply policy and service profiles. It stores IMSI/SUPI, long-term Ki/K keys, EPS and 5G subscription data, and integrates with Diameter on the S6a, Cx, and Sh interfaces. The HSS holds the cryptographic root of trust for AKA, so its hardening — strict access controls, separation from interconnect, and Diameter firewalling — is critical to overall network security.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hss-home-subscriber-server" }, { "term": "HTTP", "expansion": "Hypertext Transfer Protocol", "definition": "HTTP is the IETF application protocol underlying the web, defined originally in RFC 1945 (1.0), then 7230-7237 (1.1), 7540 (HTTP/2), and 9114 (HTTP/3 over QUIC). HTTP itself transmits data in cleartext, exposing both content and credentials to anyone on the path; this is why all production traffic should run over HTTPS. In 5G the SBA uses HTTP/2 between Network Functions, with mTLS providing transport security and OAuth2 providing authorisation.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/http" }, { "term": "HTTPS", "expansion": "HTTP Secure", "definition": "HTTPS is HTTP carried over TLS, providing confidentiality, integrity, and server authentication (and optionally client authentication via mTLS) for web traffic. It is the default transport for the modern web, mandatory for browser features such as Service Workers, geolocation, and HTTP/2. HTTPS depends on a healthy certificate ecosystem (public CAs, ACME-based automated issuance, Certificate Transparency) and on operators enforcing HSTS to prevent downgrade to plaintext HTTP.", "tags": [ "Radio Access Network", "Security Controls", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/https" }, { "term": "IAP", "expansion": "Intercept Access Point", "definition": "An Intercept Access Point is the network element designated to capture signalling and user-plane traffic for a target subscriber when a lawful interception warrant is in effect. IAPs are typically embedded in the MSC, MME, AMF, SMF, or SMSC, and they hand off captured content and intercept-related information to a Mediation Function that delivers to the law-enforcement monitoring facility. Their operation is governed by ETSI TS 102 232/103 221 and equivalent national standards, with strict access controls and audit.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/iap-intercept-access-point" }, { "term": "IAMF", "expansion": "Identity and Access Management Framework", "definition": "A general security framework for managing digital identities and controlling access to resources, applied in telecommunications for subscriber identity management, network element authentication, and service access control. IAMF encompasses authentication, authorization, identity governance, and access policies. In telecom contexts, IAMF principles are implemented through protocols such as Diameter, RADIUS, and OAuth2.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/iamf" }, { "term": "IBCF", "expansion": "Interconnection Border Control Function", "definition": "The Interconnection Border Control Function is the IMS network element placed at the SIP interconnect boundary between operators. It performs topology hiding, protocol normalisation between SIP profiles, transcoding signalling, and security screening of incoming and outgoing IMS traffic. Combined with the Transition Gateway for media, the IBCF is the IMS analogue of an SS7 firewall — a mandatory control for operators offering VoLTE roaming or wholesale interconnect.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ibcf" }, { "term": "ICCID", "expansion": "Integrated Circuit Card Identifier", "definition": "The Integrated Circuit Card Identifier is the unique 19- to 22-digit serial number printed on a SIM, eSIM, or iSIM and stored in the card's EF file system. It identifies the physical or virtual card itself rather than the subscriber, and is used by operators for SIM provisioning, profile management, and over-the-air updates. ICCIDs play a central role in eSIM remote SIM provisioning (GSMA SGP.21/SGP.22) and in fraud investigations involving SIM swaps and cloning.", "tags": [ "Identity and Subscriber", "Security Controls", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/iccid" }, { "term": "ICT", "expansion": "Information and Communications Technology", "definition": "Information and Communications Technology is the umbrella term for the technologies used to handle and communicate information — computing hardware and software, networking, telecom, broadcast, and the data services built on top. The term is widely used by governments and standards bodies (ITU, ENISA) when describing digital policy, security, and skills frameworks.", "tags": [ "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ict-information-and-communications-technology" }, { "term": "ICMP", "expansion": "Internet Control Message Protocol", "definition": "Internet Control Message Protocol (RFC 792) is used by routers and hosts to send diagnostics and error messages on IP networks (echo for ping, destination unreachable, time exceeded for traceroute). ICMP can be abused for reconnaissance, covert channels, and amplification, so granular ICMP policy is part of every well-designed firewall ruleset.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/icmp" }, { "term": "IDS", "expansion": "Intrusion Detection System", "definition": "An Intrusion Detection System monitors network traffic or host activity for patterns indicative of attack and raises alerts. Unlike an IPS it does not block traffic in line, which avoids the risk of disrupting legitimate flows. Modern systems combine signature, anomaly, and behavioural detection and feed a SOC's SIEM and SOAR pipelines.", "tags": [ "Security Controls", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ids-intrusion-detection-system" }, { "term": "IETF", "expansion": "Internet Engineering Task Force", "definition": "The Internet Engineering Task Force is the open international body that develops and maintains the technical standards underpinning the internet, publishing them as Requests For Comments (RFCs). IETF working groups produce the protocols that telecom operators rely on every day — IP, TCP, TLS, HTTP, DNS, SIP, Diameter, and many more.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ietf" }, { "term": "IGW", "expansion": "Internet Gateway", "definition": "An Internet Gateway is the network device or function that connects an internal network to the wider internet, performing routing, NAT, and often firewalling. In cloud architectures (AWS, GCP) Internet Gateway is a specific managed component of a virtual network; in telecom it commonly refers to the operator's edge router providing internet transit.", "tags": [ "Radio Access Network", "Security Controls", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/igw-internet-gateway" }, { "term": "ILEC", "expansion": "Incumbent Local Exchange Carrier", "definition": "An Incumbent Local Exchange Carrier is the original, historically monopolistic local telephone company in a given US service area, distinguished from Competitive Local Exchange Carriers (CLECs) that entered the market after the Telecommunications Act of 1996. ILECs own most last-mile copper infrastructure and are subject to specific regulatory obligations including local loop unbundling.", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ilec" }, { "term": "IMS", "expansion": "IP Multimedia Subsystem", "definition": "The IP Multimedia Subsystem is the 3GPP architecture for delivering SIP-based voice, video, messaging, and presence over packet networks. It comprises the P/I/S-CSCF call control elements, the HSS for subscription data, MGCF and MGW for PSTN interworking, and IBCF/TrGW at the interconnect edge. IMS is the foundation of VoLTE, VoWiFi, VoNR, and RCS, and inherits the full SIP threat landscape — registration hijacking, fraud, eavesdropping, and DoS — alongside mobile-specific risks such as IMSI handling.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ims-ip-multimedia-subsystem" }, { "term": "IMEI", "expansion": "International Mobile Equipment Identity", "definition": "The International Mobile Equipment Identity is a 15-digit number that uniquely identifies a mobile device, independent of the SIM. It encodes the Type Allocation Code (manufacturer and model) and a serial number, and is checked against the EIR to block stolen, cloned, or non-type-approved equipment. Because the IMEI is transmitted to the network during attach, it has been used in tracking attacks and law-enforcement device identification; tamper-resistant IMEI storage and operator EIR hygiene are standard countermeasures.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/imei" }, { "term": "IMSI", "expansion": "International Mobile Subscriber Identity", "definition": "The International Mobile Subscriber Identity is a globally unique number, up to 15 digits, that identifies a subscriber within a mobile network. It is composed of a Mobile Country Code, Mobile Network Code, and Mobile Subscriber Identification Number, and is stored on the SIM. Because the IMSI is the long-term identity used for authentication and routing, exposing it enables targeted surveillance and is the goal of IMSI catchers and many SS7/Diameter attacks. 5G replaces over-the-air IMSI exposure with the encrypted SUCI to mitigate this.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/imsi" }, { "term": "IMSI Catcher (Cell Site Simulator)", "expansion": null, "definition": "An IMSI catcher, also called a cell-site simulator or Stingray, is a device that mimics a legitimate base station to force nearby phones to attach to it, then induces them to reveal their IMSI or downgrade to a weaker cipher. Originally a tool of law enforcement, IMSI catchers are now widely available and used for surveillance, targeted tracking, and as a stepping stone to over-the-air interception. 4G mutual authentication and 5G's SUCI-based identity concealment significantly raise the bar against this attack class.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/imsi-catcher-cell-site-simulator" }, { "term": "Indicators of Compromise (Telecom IoCs)", "expansion": null, "definition": "Indicators of Compromise are the observable artifacts — IP addresses, domain names, file hashes, signalling patterns, anomalous Global Titles or Diameter realms — that suggest a security incident has occurred. Telecom-specific IoCs include unusual MAP operations, GTP from unexpected peers, and fraud-pattern call detail records. IoCs feed SIEM detection rules and threat-intelligence sharing.", "tags": [ "Signaling", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/indicators-of-compromise-telecom-iocs" }, { "term": "IN", "expansion": "Intelligent Network", "definition": "The Intelligent Network was an ITU-T architecture (CS-1, CS-2) developed in the 1990s to decouple service logic from switches, allowing operators to deploy services such as freephone, VPN, and prepaid through a Service Control Point that the MSC consulted via the INAP signalling protocol. Largely superseded by IMS and CAMEL/CAP, IN logic still runs in many legacy networks and remains a fraud surface.", "tags": [ "Core Network", "Signaling", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/in-intelligent-network" }, { "term": "Incident Response", "expansion": null, "definition": "Incident response is the structured process of preparing for, detecting, containing, eradicating, recovering from, and learning from security incidents, formalised in standards such as NIST SP 800-61 and ISO/IEC 27035. Telecom incident response extends classic IT scope to signalling, RAN, and lawful-interception assets and demands tight coordination with regulators.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/incident-response" }, { "term": "Ingress", "expansion": null, "definition": "Ingress refers to traffic entering a network or system. Ingress filtering — exemplified by BCP 38 source-address validation, and by signalling-firewall category filtering on the SS7/Diameter/N32 interconnect — is one of the most effective defensive controls because it stops malicious traffic at the boundary before it can do harm.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ingress" }, { "term": "Insider Threat", "expansion": null, "definition": "Insider threat is the risk that an individual with legitimate access to systems — employee, contractor, third-party support — uses that access maliciously or negligently. In telecom it is particularly impactful because insiders may reach subscriber data, lawful-interception capabilities, or signalling control planes. Mitigations include least privilege, separation of duties, and behavioural monitoring.", "tags": [ "Signaling", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/insider-threat" }, { "term": "Integrity", "expansion": null, "definition": "Integrity is the property that data has not been altered without authorisation. In telecom it is delivered by message authentication codes (HMAC, GMAC, EIA/NIA on the air interface, ICV on IPsec packets), by digital signatures (X.509, JWT), and by integrity-protected signalling such as SEPP PRINS on the 5G N32 interface. Loss of integrity undermines every other security property.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/integrity" }, { "term": "Interconnection", "expansion": null, "definition": "Interconnection is the joining of two telecom networks so that subscribers on each can reach the other and compatible services can be invoked end to end. Interconnection involves commercial agreements, technical specifications (signalling protocols, codecs, transport), and increasingly a security baseline (SS7/Diameter/N32 firewalling and monitoring) negotiated alongside the business terms.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/interconnection" }, { "term": "Interconnect Security Model", "expansion": null, "definition": "The interconnect security model defines how operators authenticate each other, encrypt their exchanges, and authorise specific signalling operations between networks. Modern best practice combines transport-layer protection (IPsec or TLS), application-layer authentication and integrity (SEPP/PRINS in 5G), category-based message filtering (GSMA FS.11 for SS7, FS.19 for Diameter), and behaviour-based monitoring. The goal is to move the interconnect from implicit trust to verifiable, least-privilege exchanges between every pair of partners.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/interconnect-security-model" }, { "term": "Inter-Network Function Authentication", "expansion": null, "definition": "In the 5G Service-Based Architecture, every Network Function authenticates to every other NF using mutual TLS at the transport layer plus OAuth2 access tokens at the application layer. The NRF acts as the authorisation server and issues short-lived JWT tokens scoped to the requested service, NF type, and PLMN. This combination prevents any compromised or rogue NF from invoking arbitrary services and replaces the implicit trust model that plagued earlier mobile generations.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/inter-network-function-authentication" }, { "term": "Inter-PLMN Security", "expansion": null, "definition": "Inter-PLMN security covers the controls applied to signalling and user-plane traffic exchanged between two mobile operators, typically over GRX/IPX. It includes Diameter and SS7 firewalling, GTP firewalling on the user plane, mutual TLS plus IPsec at the transport layer, and in 5G the SEPP enforcing PRINS application-layer protection on the N32 interface. The objective is to prevent a malicious or compromised partner from tracking subscribers, intercepting traffic, or committing interconnect fraud.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/inter-plmn-security" }, { "term": "IoT", "expansion": "Internet of Things", "definition": "The Internet of Things refers to the very large population of connected devices — sensors, meters, vehicles, appliances, industrial equipment — that communicate over networks, often via cellular (Cat-M, NB-IoT), LPWAN (LoRaWAN, Sigfox), or short-range radios. IoT security challenges include weak default credentials, infrequent patching, and the resulting suitability of compromised devices for botnets.", "tags": [ "Radio Access Network", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/iot-internet-of-things" }, { "term": "IP", "expansion": "Internet Protocol", "definition": "The Internet Protocol routes packets between hosts across interconnected networks. IPv4 (RFC 791, 1981) provides 32-bit addresses; IPv6 (RFC 8200) extends addressing to 128 bits and is mandatory for new mobile network deployments. IP is connectionless and best-effort; reliability and ordering are added by higher-layer protocols such as TCP and QUIC.", "tags": [ "Roaming and Interconnect", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ip-internet-protocol" }, { "term": "IP Address", "expansion": null, "definition": "An IP address is the numerical identifier assigned to a network interface on an IP network. IPv4 addresses are 32 bits (about 4.3 billion total); IPv6 addresses are 128 bits and effectively limitless. Operators allocate IP addresses statically or via DHCP/NDP, and increasingly share IPv4 addresses across many subscribers using CGNAT.", "tags": [ "Identity and Subscriber", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ip-address" }, { "term": "IPS", "expansion": "Intrusion Prevention System", "definition": "An Intrusion Prevention System inspects traffic in line and actively blocks detected attacks, going beyond an IDS that only alerts. Modern IPS engines combine signature, protocol-anomaly, and behavioural detection, and are often integrated into next-generation firewalls. In telecom they are deployed at IT/OAM boundaries; SS7/Diameter signalling firewalls play the equivalent role for telecom protocols.", "tags": [ "Signaling", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ips-intrusion-prevention-system" }, { "term": "IPv6", "expansion": null, "definition": "The next-generation IP protocol with 128-bit addresses. IPv6 was designed with optional IPsec support, but IPsec is not mandatory in all deployments. IPv6 security depends on implementation policies, not the protocol alone.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ipv6" }, { "term": "IPsec", "expansion": "IP Security", "definition": "IPsec is the IETF protocol suite (RFCs 4301-4309 and 7296) that provides authentication, integrity, and encryption at the IP layer. It supports two modes: transport mode for end-to-end protection of payloads and tunnel mode for site-to-site VPNs. In mobile networks, IPsec is mandatory for backhaul protection between eNB/gNB and the security gateway, for S1/N3 traffic, and is widely used to protect Diameter and GTP between roaming partners. IKEv2 handles key exchange, with strong cipher suites (AES-GCM, SHA-2, ECDHE) recommended.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ipsec" }, { "term": "IRSF", "expansion": "International Revenue Share Fraud", "definition": "International Revenue Share Fraud is a scheme in which fraudsters generate calls or SMS to high-cost premium destinations (often international premium-rate numbers under their control) and pocket a share of the resulting termination charges. The traffic is typically generated by compromised PBXs, abused trial accounts, or SIM-box fraud. IRSF causes hundreds of millions in annual losses; controls include fraud-management systems with machine-learning detection, real-time call-rating thresholds, and number-range blocking.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/irsf" }, { "term": "ISDN", "expansion": "Integrated Services Digital Network", "definition": "Integrated Services Digital Network was the late-1980s digital alternative to analog telephony, offering 64 kbit/s B-channels and a 16 kbit/s D-channel for signalling over the same copper pair. ISDN carried voice, fax, and early dial-up data. It is being switched off worldwide as operators migrate to all-IP voice (VoLTE, SIP trunks) over the next several years.", "tags": [ "Signaling", "Cloud and Virtualization", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/isdn" }, { "term": "iSIM", "expansion": "Integrated SIM", "definition": "The IP Multimedia Services Identity Module is the application that runs on a UICC alongside the USIM and stores the IMS subscriber identity (IMPI/IMPU), home network domain, and IMS authentication credentials. The iSIM enables SIM-based authentication to IMS services such as VoLTE/VoNR/RCS, complementing SIM-based authentication to the underlying mobile network.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/isim" }, { "term": "ISP", "expansion": "Internet Service Provider", "definition": "An Internet Service Provider sells internet access to residential, business, or wholesale customers. Telecom carriers are typically also ISPs, often the dominant ones in their market. ISP-specific security responsibilities include anti-spoofing (BCP 38), abuse handling, DDoS mitigation upstream of customers, and DNS hygiene.", "tags": [ "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/isp-internet-service-provider" }, { "term": "ISUP", "expansion": "ISDN User Part", "definition": "ISDN User Part is the SS7 application protocol that controls the setup, supervision, and tear-down of circuit-switched calls in PSTN and legacy mobile networks. ISUP carries the calling and called party numbers, charging information, and call progress signalling between exchanges. Although largely replaced by SIP in modern networks, ISUP remains in service across interconnect trunks and is exposed to fraud and CLI spoofing when operators trust unverified incoming signalling. STIR/SHAKEN and IP-NNI migration are progressively reducing this exposure.", "tags": [ "Signaling", "Roaming and Interconnect", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/isup" }, { "term": "ITU", "expansion": "International Telecommunication Union", "definition": "The International Telecommunication Union is the United Nations specialised agency for information and communication technologies, founded in 1865. Its three sectors — ITU-R (radiocommunication), ITU-T (telecom standardisation), and ITU-D (development) — produce standards including the E.164 numbering plan, X.509 certificate format, and SS7 signalling specifications.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/itu-international-telecommunication-union" }, { "term": "IVR", "expansion": "Interactive Voice Response", "definition": "Interactive Voice Response systems let callers interact with a service by speaking commands or pressing DTMF keys. IVRs front contact centres, banking lines, and operator self-service. From a security perspective, poorly designed IVRs leak information through speech recognition errors and are a common target of social-engineering attacks against authentication.", "tags": [ "Security Controls", "Threats and Attacks", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ivr-interactive-voice-response" }, { "term": "Jamming", "expansion": null, "definition": "Jamming is the deliberate transmission of radio signals to disrupt legitimate wireless communications, ranging from low-power consumer devices to high-power military systems. It can target GPS, cellular, Wi-Fi, or specific bands, and is illegal in most jurisdictions. Anti-jamming techniques include frequency hopping, spread spectrum, beamforming, and signal-processing-based interference cancellation.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/jamming" }, { "term": "Jitter", "expansion": null, "definition": "Jitter is the variation in arrival time of packets that should have arrived at uniform intervals, measured as the standard deviation of inter-arrival times or as packet delay variation. High jitter degrades real-time services such as voice and video, which compensate with playout buffers. Low jitter is a key requirement of VoLTE/VoNR and 5G URLLC.", "tags": [ "Radio Access Network", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/jitter" }, { "term": "Key Management", "expansion": null, "definition": "Key management is the lifecycle of cryptographic keys: generation, distribution, storage, rotation, archival, and destruction. Telecom key management spans subscriber long-term keys (Ki/K on SIMs), session keys derived from AKA, TLS and IPsec key material, PKI signing keys, and operator HSM-backed roots. NIST SP 800-57 is the de facto reference.", "tags": [ "Identity and Subscriber", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/key-management" }, { "term": "KPI", "expansion": "Key Performance Indicator", "definition": "A Key Performance Indicator is a quantitative measure used to track progress against a defined objective. In telecom they cover network performance (call setup success rate, drop rate, latency, throughput), service quality, fraud (e.g. high-cost destination spike), and security (signalling firewall hits, authentication failure rate). KPIs feed dashboards and SLA reporting.", "tags": [ "Security Controls", "Fraud", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/kpi-key-performance-indicator" }, { "term": "LA", "expansion": "Location Area", "definition": "A Location Area is a group of cells that a mobile subscriber can move within without performing a full location update — used in 2G/3G to balance signalling load against the area that must be paged when an incoming call arrives. Equivalent constructs in later generations are the Tracking Area (LTE) and Registration Area (5G).", "tags": [ "Radio Access Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/la-location-area" }, { "term": "LAN", "expansion": "Local Area Network", "definition": "A Local Area Network connects devices within a small geographic area — a home, office, or building — typically using Ethernet and Wi-Fi at speeds from 100 Mbit/s to 100 Gbit/s. LAN security relies on segmentation (VLANs), 802.1X port authentication, and protection of shared services such as DHCP and DNS from internal abuse.", "tags": [ "Security Controls", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lan-local-area-network" }, { "term": "Last Mile", "expansion": null, "definition": "The last mile (or first mile) is the final segment of a telecom network connecting the operator's local exchange or aggregation point to the customer premises. Technologies in use include FTTH/FTTP, copper xDSL, DOCSIS over coaxial, fixed wireless access (4G/5G FWA), and satellite. Last-mile economics dominate broadband deployment decisions.", "tags": [ "Radio Access Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/last-mile" }, { "term": "Latency", "expansion": null, "definition": "Latency is the time taken for a packet or signal to travel from source to destination, expressed in milliseconds. It is critical for real-time applications: VoLTE/VoNR voice quality, online gaming, financial trading, AR/VR, and 5G ultra-reliable low-latency communication (URLLC) targeting single-digit-ms latencies. End-to-end latency comprises transmission, propagation, queuing, and processing delays.", "tags": [ "Radio Access Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/latency" }, { "term": "Lawful Interception", "expansion": null, "definition": "Lawful interception is the legally authorised real-time interception of telecommunications traffic for law-enforcement or national-security purposes, executed by the operator under warrant. The architecture is standardised by ETSI TS 102 232/103 221 and 3GPP TS 33.107/33.126, with strict access controls, audit, and separation between target identification, capture, and delivery to the law-enforcement monitoring facility.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lawful-interception" }, { "term": "Lawful Interception Abuse Risk", "expansion": null, "definition": "Lawful interception abuse risk is the risk that the legitimate technical capability for warrant-based interception is misused — by malicious insiders, compromised credentials, or third-party intrusions — to conduct unauthorised surveillance. The 2004–05 Athens lawful-intercept compromise is the canonical example. Mitigations include strict role separation, audit, anomaly detection on LI activations, and tamper-evident logs.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lawful-interception-abuse-risk" }, { "term": "Lawful Interception Architecture", "expansion": null, "definition": "The lawful-interception architecture standardised by ETSI and 3GPP comprises three handover interfaces: HI1 for warrant administration, HI2 for intercept-related information (call records, location, signalling metadata), and HI3 for content of communication. Inside the operator network, Intercept Access Points capture traffic and forward to a Mediation Function that delivers via HI2/HI3 to the law-enforcement monitoring facility.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lawful-interception-architecture" }, { "term": "LEO", "expansion": "Low Earth Orbit (Satellite)", "definition": "Low Earth Orbit satellites operate at altitudes from a few hundred to about 2 000 km, enabling much lower latency and link budgets than geostationary satellites. Modern LEO constellations (Starlink, OneWeb, Kuiper, Iridium NEXT) deliver broadband and voice services and are being integrated with terrestrial mobile networks under 3GPP non-terrestrial network specifications.", "tags": [ "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/leo-low-earth-orbit-satellite" }, { "term": "Location Tracking Attacks", "expansion": null, "definition": "Location tracking attacks abuse interconnect signalling to determine a subscriber's geographic location without consent. On SS7 they typically use MAP operations such as AnyTimeInterrogation, ProvideSubscriberInfo, or SendRoutingInfo-for-SM to retrieve cell IDs from the HLR/MSC; on Diameter they use equivalents on the S6a/S9 interfaces. Mitigations include SS7 and Diameter firewalls applying GSMA Category 1/2 filters, SMS Home Routing, and behaviour-based detection of impossible-velocity updates.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/location-tracking-attacks" }, { "term": "LTE", "expansion": "Long Term Evolution", "definition": "Long Term Evolution is the 3GPP-defined 4G mobile standard, launched commercially in 2009 and now the dominant mobile technology globally. LTE introduced an all-IP packet core (the EPC), OFDMA on the downlink, MIMO, peak rates beyond 100 Mbit/s (1 Gbit/s with LTE-Advanced), and lower latency. Its security model — EPS-AKA mutual authentication, EEA/EIA cipher suites, IPsec on backhaul — is the direct ancestor of 5G's, but LTE remains exposed to Diameter interconnect attacks and IMSI catcher variants.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lte-long-term-evolution" }, { "term": "LTE-Advanced (LTE-A)", "expansion": null, "definition": "LTE-Advanced is the 3GPP Release 10+ enhancement of LTE, ratified in 2011 to meet the IMT-Advanced 4G requirements. It introduced carrier aggregation (combining multiple bands for higher throughput), enhanced MIMO, relay nodes, and heterogeneous network support. LTE-A delivers peak rates beyond 1 Gbit/s and is the basis of most modern 4G networks.", "tags": [ "Radio Access Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lte-advanced-lte-a" }, { "term": "Local Loop Unbundling (LLU)", "expansion": null, "definition": "Local Loop Unbundling is the regulatory requirement (in many markets) that the incumbent carrier rent access to the local copper or fibre loops to competing operators at cost-based rates, allowing alternative providers to deliver services without building their own last-mile infrastructure. LLU has been a central tool of broadband market liberalisation in Europe and elsewhere.", "tags": [ "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/local-loop-unbundling-llu" }, { "term": "MAC", "expansion": "Medium Access Control", "definition": "MAC, in networking, is the Medium Access Control sublayer of the OSI Data Link Layer (Layer 2), responsible for arbitrating access to the shared medium and framing data into addressable units. Examples include Ethernet's CSMA/CD (historical), Wi-Fi's CSMA/CA, and the cellular MAC layers in LTE and 5G NR with sophisticated scheduling.", "tags": [ "Radio Access Network", "Security Controls", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mac-medium-access-control" }, { "term": "MAC Address", "expansion": null, "definition": "A MAC address is the 48-bit (or 64-bit EUI-64) hardware identifier burned into a network interface, used to address frames at Layer 2 of Ethernet, Wi-Fi, and Bluetooth. MAC addresses can be locally administered or randomised; modern mobile operating systems randomise Wi-Fi MACs by default to limit cross-network tracking.", "tags": [ "Radio Access Network", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mac-address" }, { "term": "MAC Filtering", "expansion": null, "definition": "MAC filtering controls network access by allow-listing or block-listing devices based on their Layer-2 MAC addresses, commonly on Wi-Fi access points and switches. It is trivially bypassed by MAC spoofing and so provides no real security on its own; meaningful access control requires 802.1X with EAP or, on Wi-Fi, WPA2/3-Enterprise.", "tags": [ "Security Controls", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mac-filtering" }, { "term": "Machine Learning (ML)", "expansion": null, "definition": "Machine learning is the branch of artificial intelligence in which systems learn statistical patterns from data rather than being explicitly programmed. Telecom applications include signalling anomaly detection, fraud scoring on call detail records, RAN self-optimisation, predictive maintenance, and customer-experience analytics. ML systems themselves require security attention against adversarial inputs and data-poisoning.", "tags": [ "Radio Access Network", "Core Network", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/machine-learning-ml" }, { "term": "Malware", "expansion": null, "definition": "Malware is the umbrella term for malicious software designed to compromise, damage, or gain unauthorised access to systems. Categories include viruses, worms, trojans, ransomware, spyware, rootkits, and bootkits. In telecom, malware on CPE feeds botnets such as Mirai, while malware on subscriber phones drives banking fraud and OTP interception.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/malware" }, { "term": "Man-in-the-Middle (MITM)", "expansion": null, "definition": "A Man-in-the-Middle attack places the attacker between two communicating parties, intercepting and possibly modifying their traffic while each side believes it is communicating directly with the other. Telecom-specific MITM scenarios include IMSI catchers on the radio interface and SS7 redirection in the core. Mutual authentication and end-to-end encryption are the principal defences.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/man-in-the-middle-mitm" }, { "term": "Management Plane", "expansion": null, "definition": "The management plane carries traffic used to configure, monitor, and operate network elements — SSH, NETCONF, SNMP, syslog, and vendor-specific OAM protocols. Best practice keeps the management plane on a dedicated out-of-band network, separated from the data and control planes, with strong authentication, comprehensive logging, and bastion-style access.", "tags": [ "Signaling", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/management-plane" }, { "term": "Massive MIMO", "expansion": null, "definition": "Massive MIMO is a 5G New Radio technology using arrays of dozens to hundreds of antennas at the base station to serve many users simultaneously through spatial multiplexing and beamforming. It significantly increases spectral efficiency and per-cell capacity, enables targeted beams for high-frequency mmWave deployments, and shifts much of the RAN's complexity into baseband signal processing.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/massive-mimo" }, { "term": "MAP", "expansion": "Mobile Application Part", "definition": "The Mobile Application Part is the SS7 application protocol used in 2G and 3G networks for subscriber-related signalling: location updates, roaming, SMS delivery, supplementary services, and authentication vector retrieval from the HLR. MAP messages carry IMSIs, MSISDNs, and routing data in cleartext and assume the underlying SS7 network is trusted. As a result, MAP is the protocol abused by most well-known SS7 attacks (location tracking via SRI-SM, call and SMS interception via UpdateLocation), and filtering MAP operation codes is the central job of an SS7 firewall.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/map-mobile-application-part" }, { "term": "MAP Security", "expansion": null, "definition": "The set of controls that prevent abuse of MAP operations across SS7 interconnect. Includes filtering MAP messages by operation code and direction (Category 1: never allowed from interconnect; Category 2: only from the subscriber's home or current visited network; Category 3: rate-limited and behaviour-validated), Global Title screening, SMS Home Routing to hide subscriber location from foreign SMSCs, and correlation engines that detect impossible-velocity location updates. MAP security is defined operationally by GSMA FS.11.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/map-security" }, { "term": "MCC", "expansion": "Mobile Country Code", "definition": "The Mobile Country Code is a three-digit number assigned by the ITU-T E.212 standard that identifies the country of a mobile network. Combined with the Mobile Network Code (MNC), it forms the PLMN-ID broadcast on every cell and used in the IMSI/SUPI to indicate the home country and operator.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mcc-mobile-country-code" }, { "term": "MEC", "expansion": "Multi-Access Edge Computing", "definition": "Multi-Access Edge Computing is the ETSI-standardised architecture that places computing resources at the edge of mobile networks — typically co-located with the UPF or aggregation sites — to reduce latency for applications such as AR/VR, industrial automation, and connected vehicles. MEC deployment expands the trust boundary of the mobile network and requires careful workload isolation and key management.", "tags": [ "Core Network", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mec-multi-access-edge-computing" }, { "term": "Media Gateway", "expansion": null, "definition": "A Media Gateway converts media streams between different transports or codecs — for example, between TDM PCM circuits and IP RTP, or between AMR and G.711 codecs in VoLTE-to-PSTN interworking. Media Gateways are controlled by Media Gateway Controllers (MGCF in IMS) using protocols such as H.248/MEGACO or SIP, and require hardening against fraud and DoS.", "tags": [ "Radio Access Network", "Signaling", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/media-gateway" }, { "term": "Mediation Device (Lawful Interception)", "expansion": null, "definition": "A Mediation Device is the network element that sits between Intercept Access Points and the law-enforcement monitoring facility in a lawful-interception architecture. It aggregates intercepted traffic and metadata, normalises it to the standard handover formats (ETSI TS 102 232, TS 103 221), and applies access controls, audit, and delivery to the requesting agency.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mediation-device-lawful-interception" }, { "term": "Mediation System", "expansion": null, "definition": "A telecom system that collects, validates, aggregates, and transforms usage data (CDRs, UDRs) from network elements into formats suitable for billing systems. Mediation systems perform data enrichment, error correction, duplicate detection, and routing to downstream BSS systems. Critical for revenue assurance and billing accuracy.", "tags": [ "Radio Access Network", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mediation-system" }, { "term": "Metadata", "expansion": null, "definition": "Metadata is descriptive information about a communication — calling and called numbers, time, duration, cell ID, IP addresses, message size — distinct from the content. In telecom it is the substance of call detail records and is highly revealing of behaviour and relationships, which is why metadata retention is a regulated and often controversial topic.", "tags": [ "Radio Access Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/metadata" }, { "term": "Metadata Retention", "expansion": null, "definition": "Metadata retention refers to legal regimes that require carriers to store communications metadata (caller, callee, time, duration, location, IP addresses) for specified periods — typically months to years — for use in criminal and national-security investigations. Specific obligations vary widely by jurisdiction and are subject to ongoing constitutional and human-rights challenges.", "tags": [ "Protocols and Standards", "Internet and Routing", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/metadata-retention" }, { "term": "Mitigation", "expansion": null, "definition": "Mitigation is the set of actions taken to reduce the likelihood, impact, or both, of a security risk that cannot be eliminated. Examples in telecom include deploying SS7 firewalls to mitigate interconnect abuse, enforcing SMS Home Routing to mitigate location tracking, and rate-limiting Diameter peers to mitigate DoS. Mitigations are tracked against residual risk in formal risk registers.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mitigation" }, { "term": "MNC", "expansion": "Mobile Network Code", "definition": "The Mobile Network Code is a two- or three-digit identifier (per ITU-T E.212) that, together with the Mobile Country Code (MCC), uniquely identifies a mobile operator within a country. The MCC+MNC pair forms the PLMN-ID broadcast on every cell and embedded in the IMSI/SUPI, and is used for network selection and roaming partner identification.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mnc-mobile-network-code" }, { "term": "Mobile Network", "expansion": null, "definition": "A mobile network is a cellular network providing voice, messaging, and data services to subscribers via radio. It comprises the radio access network (BTS/Node B/eNB/gNB), the core network (MSC/SGSN/MME/AMF and supporting databases), interconnect to other operators, and OSS/BSS. Each generation (2G/3G/4G/5G) defines its own architecture, security model, and capabilities.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mobile-network" }, { "term": "MNO", "expansion": "Mobile Network Operator", "definition": "A telecommunications carrier that owns and operates mobile network infrastructure including licensed radio spectrum, base stations, core network elements, and subscriber management systems. MNOs provide mobile services directly to end users and may also provide wholesale access to MVNOs. MNOs are responsible for network security, regulatory compliance, and service quality.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mno-mobile-network-operator" }, { "term": "MNP", "expansion": "Mobile Number Portability", "definition": "Mobile Number Portability lets subscribers change operator while keeping their MSISDN, mandated by regulators in most markets. It is implemented through a national number portability database that operators query during call/SMS routing. MNP processes are also a frequent attack surface for SIM-swap-style social engineering, where an attacker ports the victim's number to an operator they control.", "tags": [ "Identity and Subscriber", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mnp-mobile-number-portability" }, { "term": "Modulation", "expansion": null, "definition": "Modulation is the process of encoding information onto a carrier wave by varying its amplitude, frequency, phase, or some combination. Higher-order modulation (16-QAM, 64-QAM, 256-QAM) carries more bits per symbol but requires better SNR. Modern radios continuously adapt modulation and coding to channel conditions, trading throughput against reliability.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/modulation" }, { "term": "Monitoring", "expansion": null, "definition": "Network and security monitoring is the continuous collection, correlation, and analysis of telemetry — flow data, packet captures, signalling logs, syslog, SNMP traps, application traces — to detect operational issues and security incidents. In telecom, monitoring spans IT and dedicated signalling monitoring (SS7, Diameter, GTP, 5G N32), feeding a SOC SIEM and dashboards for KPI and SLA reporting.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/monitoring" }, { "term": "MPLS", "expansion": "Multiprotocol Label Switching", "definition": "Multiprotocol Label Switching (RFC 3031) forwards packets based on short fixed-length labels assigned at network ingress, abstracting the underlying transport. It is widely used in operator backbones and enterprise WANs to deliver traffic engineering, deterministic paths, and service constructs such as MPLS L3VPN and Pseudowire. MPLS itself does not encrypt traffic; sensitive flows still need IPsec or MACsec on top.", "tags": [ "Radio Access Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mpls" }, { "term": "MSC", "expansion": "Mobile Switching Center", "definition": "The Mobile Switching Center is the circuit-switched core element of GSM and UMTS networks, responsible for call routing, subscriber mobility within its serving area, supplementary services, and inter-MSC handovers. The MSC integrates with the VLR, HLR, SMSC, and gateway MSCs over SS7. While modern voice traffic is migrating to IMS-based VoLTE, MSCs still carry significant 2G/3G voice and remain exposed to SS7 abuse such as call interception, illegitimate redirection, and supplementary-service manipulation.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/msc-mobile-switching-center" }, { "term": "MTBF", "expansion": "Mean Time Between Failures", "definition": "Mean Time Between Failures is the expected average time between failures of a repairable system, computed across the operating fleet. MTBF is a manufacturer-supplied reliability spec for telecom equipment and feeds into availability calculations alongside MTTR. It is most useful when interpreted with the assumed failure distribution and operating conditions.", "tags": [ "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mtbf" }, { "term": "mTLS", "expansion": "Mutual TLS", "definition": "Mutual TLS is a TLS deployment in which both client and server present and verify X.509 certificates during the handshake, providing two-way authentication on top of the encrypted transport. It is mandatory for inter-NF communication in the 5G Service-Based Architecture, for SEPP-to-SEPP N32 transport, and is widely used inside operator service meshes. mTLS only delivers value when certificate issuance, rotation, and revocation are managed rigorously through an operator PKI.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mtls" }, { "term": "MTTR", "expansion": "Mean Time To Recovery", "definition": "Mean Time To Recovery (or Repair) is the average time required to restore a failed system or service to normal operation. MTTR is a core operational SLI alongside availability and Mean Time Between Failures, and is improved by good monitoring, automated runbooks, redundant architectures, and well-rehearsed incident response.", "tags": [ "Core Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mttr" }, { "term": "MUX", "expansion": "Multiplexer", "definition": "A multiplexer combines multiple input signals onto a single transmission medium, allowing efficient use of capacity. Telecom uses several techniques: frequency-division (FDM/OFDM), time-division (TDM), wavelength-division (WDM/DWDM in optical networks), and code-division (CDMA). Demultiplexers reverse the process at the receiving end.", "tags": [ "Radio Access Network", "Signaling", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mux-multiplexer" }, { "term": "MVNO", "expansion": "Mobile Virtual Network Operator", "definition": "A wireless communications service provider that does not own the underlying network infrastructure. MVNOs lease network capacity at wholesale rates from MNOs and resell it to customers under their own brand. MVNOs manage their own billing, customer service, marketing, and sales while relying on the host MNO's radio access and core network. MVNOs enable market competition and serve niche segments without requiring spectrum licenses or infrastructure investment.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mvno" }, { "term": "N32 Interface (5G)", "expansion": null, "definition": "A 5G roaming control-plane interface between home and visited networks. N32 carries signaling only (not user plane traffic) and is protected through SEPP-to-SEPP communication. N32 provides security services including topology hiding, message authentication, and integrity protection for inter-PLMN roaming signaling.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/n32-interface-5g" }, { "term": "NAC", "expansion": "Network Access Control", "definition": "Network Access Control restricts which devices and users can connect to a network and what they can reach once connected, enforced at the switch port (802.1X), wireless (WPA2/3-Enterprise), or VPN concentrator. Modern NAC integrates posture assessment (patch level, EDR presence) and dynamic VLAN assignment, and is a baseline control for Zero Trust architectures.", "tags": [ "Radio Access Network", "Security Controls", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nac-network-access-control" }, { "term": "NAT", "expansion": "Network Address Translation", "definition": "Network Address Translation modifies the source or destination IP address (and often port) of packets crossing a boundary, most commonly to let multiple devices share a smaller pool of public addresses. NAT is ubiquitous in IPv4 networks; CGNAT extends it to carrier-grade scale. NAT complicates end-to-end addressability and complicates lawful interception and abuse attribution.", "tags": [ "Radio Access Network", "Threats and Attacks", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nat-network-address-translation" }, { "term": "NB-IoT", "expansion": "Narrowband IoT", "definition": "Narrowband IoT (3GPP Release 13) is a low-power wide-area cellular technology designed for small, battery-powered IoT devices that send infrequent small data payloads — smart meters, asset trackers, environmental sensors. NB-IoT reuses LTE security primitives (USIM-based AKA, EEA/EIA ciphering) and operates in licensed spectrum, providing strong baseline security compared with unlicensed LPWAN alternatives.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nb-iot" }, { "term": "NESAS", "expansion": "Network Equipment Security Assurance Scheme", "definition": "The Network Equipment Security Assurance Scheme is a joint GSMA/3GPP programme that defines security requirements (SCAS) and an accredited audit framework for telecom network equipment vendors. NESAS evaluations cover product development lifecycle and per-product security testing, and are increasingly cited in operator procurement and national regulatory baselines.", "tags": [ "Radio Access Network", "Core Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nesas" }, { "term": "Network Exposure Function (NEF)", "expansion": null, "definition": "A 5G core network function that securely exposes network capabilities and services to external application functions through APIs. NEF acts as a gateway between the 5G core and third-party applications, providing authentication, authorization, and policy enforcement for API access. NEF enables the monetization of network capabilities while maintaining security and control.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/network-exposure-function-nef" }, { "term": "Network Slicing", "expansion": null, "definition": "A 5G network architecture technique that creates multiple virtualized, independent logical networks (slices) on top of a shared physical infrastructure. Each network slice is an isolated end-to-end network tailored to specific service requirements (bandwidth, latency, security, availability). Network slicing enables operators to support diverse use cases (eMBB, URLLC, mMTC) with differentiated quality of service on a single infrastructure.", "tags": [ "Internet and Routing", "Encryption and Cryptography", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/network-slicing" }, { "term": "NIST", "expansion": "National Institute of Standards and Technology", "definition": "The US National Institute of Standards and Technology develops the cryptographic and cybersecurity standards that anchor much of the world's security baseline: FIPS 197 (AES), FIPS 186 (digital signatures), the SP 800 series (key management, identity, IoT), the NIST Cybersecurity Framework, and the ongoing Post-Quantum Cryptography standardisation programme.", "tags": [ "Core Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nist" }, { "term": "Noise", "expansion": null, "definition": "Noise is unwanted electromagnetic energy that degrades signal quality, originating from thermal effects, electronic components, neighbouring transmitters, and atmospheric phenomena. Receiver noise is fundamentally bounded by the noise floor (kTB), and noise figure is a key spec for radio equipment. Noise levels limit usable range, throughput, and modulation order in every wireless system.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/noise" }, { "term": "NOC", "expansion": "Network Operations Center", "definition": "A Network Operations Centre is the staffed facility from which an operator monitors and manages its network 24x7 — fault detection, performance management, change execution, and first-line incident response. The NOC works alongside the Security Operations Centre (SOC), with overlapping but distinct responsibilities; mature operators define clear escalation paths between the two.", "tags": [ "Security Controls", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/noc-network-operations-center" }, { "term": "NPAI", "expansion": "Network Provided Calling Line Identification Presentation", "definition": "NPAI (Network Provided Calling Line Identification, often referred to as Network-Provided CLI) is the calling-party number inserted by the originating network operator and presented to the called party. Because it is set by the network rather than the originator, NPAI is more trustworthy than user-provided CLIP, and is the field STIR/SHAKEN attests cryptographically.", "tags": [ "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/npai" }, { "term": "NRA", "expansion": "National Regulatory Authority", "definition": "A National Regulatory Authority is the government or independent body responsible for licensing operators, allocating spectrum, enforcing competition rules, and overseeing consumer protection in a national telecom market. Examples include the FCC (US), Ofcom (UK), ARCEP (France), BNetzA (Germany), and ANATEL (Brazil). NRAs increasingly enforce cybersecurity baselines on operators.", "tags": [ "Radio Access Network", "Internet and Routing", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nra-national-regulatory-authority" }, { "term": "NRF", "expansion": "Network Repository Function", "definition": "The Network Repository Function is the 5G core service registry: every Network Function registers its profile and capabilities with the NRF, and consumers query the NRF to discover producers. The NRF authenticates clients via OAuth2 access tokens and mutual TLS, and unauthorised access could let an attacker enumerate the entire 5G core or impersonate a service. Hardening the NRF and its NFprofile data is therefore central to Service-Based Architecture security.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nrf-network-repository-function" }, { "term": "NSA", "expansion": "National Security Agency", "definition": "The National Security Agency is the US intelligence agency responsible for signals intelligence and information assurance. The NSA also publishes widely used cryptographic standards (Suite B / CNSA), influences NIST recommendations, and historically maintained both offensive capabilities and defensive guidance — the latter relevant to telecom operators through US federal cybersecurity policies.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nsa-national-security-agency" }, { "term": "NTP", "expansion": "Network Time Protocol", "definition": "Network Time Protocol (RFCs 5905-5908) synchronises computer clocks across IP networks to within milliseconds. It is critical for log correlation, certificate validation, mobile network timing, and 5G RAN synchronisation precision. NTP servers must be hardened against amplification DDoS abuse, and NTS (Network Time Security) adds authenticated time delivery.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ntp-network-time-protocol" }, { "term": "NTN", "expansion": "Non-Terrestrial Networks", "definition": "A 3GPP standardized architecture for satellite and non-terrestrial network integration with terrestrial 5G networks. NTN supports LEO, MEO, and GEO satellites. Standardization is in progress.", "tags": [ "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ntn-non-terrestrial-networks" }, { "term": "Numbering Plan", "expansion": null, "definition": "A numbering plan defines the format and assignment of telephone numbers within a country or region, including area codes, mobile ranges, premium and toll-free ranges. National numbering plans operate within the global ITU-T E.164 framework, and are managed by the national regulator. Misallocation or reuse of number ranges has direct fraud and routing implications.", "tags": [ "Radio Access Network", "Fraud", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/numbering-plan" }, { "term": "OAuth2 in 5G Core", "expansion": null, "definition": "OAuth2 is the IETF authorisation framework that 5G adopts inside the Service-Based Architecture for fine-grained, short-lived authorisation between Network Functions. The NRF acts as the OAuth2 authorisation server, issuing JWT access tokens scoped to specific NF types and operations. Each producer NF validates the token signature and claims before serving the request. Combined with mutual TLS for transport authentication, OAuth2 enforces least-privilege between NFs and is a prerequisite for any production 5G core deployment.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/oauth2-in-5g-core" }, { "term": "OASIS", "expansion": "Organization for the Advancement of Structured Information Standards", "definition": "OASIS is a non-profit international consortium that develops open standards for structured information, including SAML for federated identity, XACML for access control policy, WS-Security, MQTT for IoT messaging, and many others. OASIS standards underpin parts of identity, IoT, and document-exchange ecosystems used by telecom operators and their customers.", "tags": [ "Identity and Subscriber", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/oasis" }, { "term": "OAM", "expansion": "Operations, Administration, and Maintenance", "definition": "Operations, Administration, and Maintenance covers the management functions that keep a network running: configuration, fault detection and resolution, performance monitoring, software upgrades, and security operations. OAM interfaces are highly sensitive and historically a frequent attack vector; they should be on dedicated management networks with strong authentication and monitoring.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/oam-operations-administration-and-maintenance" }, { "term": "OCS", "expansion": "Online Charging System", "definition": "A real-time charging system in telecom networks that authorizes, rates, and deducts charges for network usage (voice, data, SMS) in real-time based on subscriber account balance. OCS operates in the control plane using protocols like Diameter Ro, enabling prepaid services, real-time credit control, and session-based charging. OCS systems perform reservation, consumption tracking, and balance management with millisecond latency requirements.", "tags": [ "Signaling", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ocs-online-charging-system" }, { "term": "OCSP", "expansion": "Online Certificate Status Protocol", "definition": "The Online Certificate Status Protocol (RFC 6960) lets a client check whether an X.509 certificate has been revoked by querying a responder run by the issuing CA, returning a signed status. OCSP is faster and less bandwidth-intensive than downloading full CRLs but introduces availability and privacy concerns, mitigated by OCSP Stapling (RFC 6066) where the server presents the response.", "tags": [ "Security Controls", "Protocols and Standards", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ocsp" }, { "term": "OFDM", "expansion": "Orthogonal Frequency Division Multiplexing", "definition": "Orthogonal Frequency Division Multiplexing divides a wideband channel into many narrow orthogonal subcarriers, each carrying a low-rate stream. The technique is robust against multipath fading and is the basis of LTE downlink, 5G NR (both up and downlink with CP-OFDM), Wi-Fi (802.11a/g/n/ac/ax), and DVB. 5G adds flexible numerology with multiple subcarrier spacings to support diverse use cases.", "tags": [ "Radio Access Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ofdm" }, { "term": "OFDMA", "expansion": "Orthogonal Frequency Division Multiple Access", "definition": "Orthogonal Frequency Division Multiple Access extends OFDM by assigning subsets of subcarriers to different users at different times, allowing fine-grained scheduling and efficient sharing of the radio resource. OFDMA is used in LTE downlink, 5G NR (both up and downlink), and Wi-Fi 6/6E (802.11ax), where it significantly improves multi-user efficiency.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ofdma" }, { "term": "OFCS", "expansion": "Offline Charging System", "definition": "A telecom charging system that processes usage data after the service event has occurred (post-processing). OFCS collects Call Detail Records (CDRs) from network elements via Diameter Rf or file transfer, aggregates and correlates usage data, and generates billing records for postpaid subscribers. Unlike OCS, OFCS does not perform real-time credit control or session authorization.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ofcs" }, { "term": "Open RAN", "expansion": null, "definition": "Open RAN is an industry initiative led by the O-RAN Alliance to disaggregate the RAN into multi-vendor components — Radio Unit, Distributed Unit, Centralised Unit, and a RAN Intelligent Controller — connected by open, standardised interfaces such as the Open Fronthaul, E2, A1, and O1. The benefits are vendor diversity and innovation; the security implications are a much larger attack surface, complex inter-vendor integration, and new exposed interfaces that require dedicated threat modelling and the controls described in O-RAN WG11 specifications.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/open-ran" }, { "term": "OpenSSL", "expansion": null, "definition": "OpenSSL is the most widely deployed open-source cryptographic library, providing TLS 1.0 through 1.3, X.509, symmetric and asymmetric primitives, and command-line tooling. It runs in everything from web servers to 5G core network functions and embedded telecom equipment. Notable historical incidents — Heartbleed (2014), CCS Injection — make OpenSSL patch hygiene a non-negotiable operational practice. OpenSSL 3.x adds a new provider model and a longer-term FIPS-validated module path.", "tags": [ "Core Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/openssl" }, { "term": "Operating System (OS)", "expansion": null, "definition": "An Operating System manages hardware resources and provides services to applications. Telecom equipment runs a wide range of OSes — Linux on most modern network functions, real-time OSes on baseband processors, vendor-specific systems on legacy switches. OS hardening (minimal services, patching, integrity monitoring) is a baseline control across the entire estate.", "tags": [ "Radio Access Network", "Core Network", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/operating-system-os" }, { "term": "Operational Expenses (OPEX)", "expansion": null, "definition": "Operational Expenditure is the recurring cost of running a telecom network — electricity, cooling, facility leases, staff, software licences, maintenance contracts, interconnect fees. OPEX is balanced against CAPEX (one-off investment) in business planning, and the move from on-premises hardware to cloud-hosted network functions is largely a CAPEX-to-OPEX shift.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/operational-expenses-opex" }, { "term": "Operational Security (OPSEC)", "expansion": null, "definition": "Operational Security is a structured approach to protecting sensitive information by identifying it, analysing the threats and adversary capabilities, and applying procedural controls to limit disclosure. Originally a US military doctrine, OPSEC is widely applied in incident response, threat-intelligence work, and any operational context where leakage of even mundane operational details could aid an adversary.", "tags": [ "Signaling", "Threats and Attacks", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/operational-security-opsec" }, { "term": "Order Management", "expansion": null, "definition": "A BSS function in telecommunications that manages the end-to-end lifecycle of customer orders including service activation, provisioning, change requests, and service termination. Order management systems orchestrate workflows across BSS and OSS domains, coordinate with provisioning systems, and track order fulfillment status. Critical for service agility and customer experience.", "tags": [ "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/order-management" }, { "term": "OSPF", "expansion": "Open Shortest Path First", "definition": "Open Shortest Path First (RFC 2328 for IPv4, RFC 5340 for IPv6) is a link-state interior gateway routing protocol used inside large enterprise and operator networks. Routers exchange link-state advertisements, build a complete topology, and compute shortest paths with Dijkstra's algorithm. OSPF supports authentication; production deployments should enable cryptographic authentication on every adjacency.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ospf" }, { "term": "OSS", "expansion": "Operations Support System", "definition": "The software systems and processes supporting network operations in telecommunications including network management, service provisioning, network inventory, fault management, configuration management, and performance monitoring. OSS systems interface with BSS (Business Support Systems) and network elements to enable service delivery and network operations.", "tags": [ "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/oss-operations-support-system" }, { "term": "OT", "expansion": "Operational Technology", "definition": "Operational Technology is the hardware and software that monitors and controls physical processes — industrial control systems, SCADA, building management, energy infrastructure. OT systems traditionally ran on isolated networks with proprietary protocols; convergence with IT exposes them to cyber threats and motivates standards such as IEC 62443 for ICS security.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ot-operational-technology" }, { "term": "OTA", "expansion": "Over The Air", "definition": "Over-The-Air refers to remote provisioning, configuration, and software updates delivered to devices via the cellular or Wi-Fi network — including SIM/USIM updates per ETSI TS 102 225/226, eSIM remote SIM provisioning, and firmware updates to handsets and IoT devices. OTA security relies on cryptographic authentication and integrity checks against signed payloads.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ota-over-the-air" }, { "term": "OTP Bypass Attacks", "expansion": null, "definition": "OTP bypass attacks defeat one-time-password authentication without ever knowing the user's password. The principal vectors are SIM swap (porting the victim's MSISDN to an attacker SIM), SS7 SMS interception, malware on the device that reads incoming OTPs, and adversary-in-the-middle phishing kits that relay the OTP in real time. Because all of these break SMS-based MFA, security guidance increasingly recommends FIDO2/WebAuthn or app-based push approval for high-value accounts.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/otp-bypass-attacks" }, { "term": "Packet", "expansion": null, "definition": "A packet is the basic unit of data transmitted across an IP network, comprising a header (with source and destination addresses and routing metadata) and a payload. IPv4 and IPv6 packets are the medium for nearly all internet, mobile data, IMS signalling, and 5G control-plane traffic. Per-packet inspection is the foundation of firewalls, IDS/IPS, and modern observability.", "tags": [ "Radio Access Network", "Security Controls", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/packet" }, { "term": "Paging Attacks", "expansion": null, "definition": "Paging attacks exploit the unauthenticated paging mechanism on the radio interface to detect, locate, or deny service to specific subscribers. By correlating paging messages addressed to a target's TMSI with controlled stimuli (silent SMS, missed calls), an attacker can confirm presence in a given tracking area or repeatedly drain the device's battery. 5G mitigates the worst variants by removing IMSI from paging and introducing 5G-S-TMSI, but configuration discipline remains essential.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/paging-attacks" }, { "term": "Patch", "expansion": null, "definition": "A patch is a software update that fixes bugs or security vulnerabilities in an existing system, often delivered out of cycle in response to a discovered issue. Disciplined patch management — tracking advisories, prioritising by exploitability and impact, and applying within defined SLAs — is one of the most effective controls against opportunistic attack.", "tags": [ "Threats and Attacks", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/patch" }, { "term": "PBX", "expansion": "Private Branch Exchange", "definition": "A Private Branch Exchange is a private telephone switch installed at a business, providing internal extensions and shared access to outside lines. Modern IP PBXs (often based on Asterisk, FreeSWITCH, or vendor systems) connect via SIP trunks. Insecure PBX configurations — default credentials, exposed SIP ports, weak voicemail PINs — are a leading cause of toll fraud worldwide.", "tags": [ "Radio Access Network", "Signaling", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pbx-private-branch-exchange" }, { "term": "PBX Hacking", "expansion": null, "definition": "PBX hacking is the unauthorised access to a private branch exchange (often through default credentials, weak voicemail PINs, or exposed maintenance interfaces) to place high-cost calls, typically to international premium-rate numbers, generating IRSF revenue. Mitigations include disabling DISA, restricting international dialling, strong admin credentials, and monitoring for off-hours traffic spikes.", "tags": [ "Radio Access Network", "Fraud", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pbx-hacking" }, { "term": "PDN", "expansion": "Packet Data Network", "definition": "A Packet Data Network is any external IP network — public internet, IMS, enterprise APN, MEC application network — that a mobile subscriber connects to via the PGW (4G) or UPF (5G). Each PDN is identified by an APN, and per-PDN policy controls QoS, charging, and security boundary enforcement at the gateway.", "tags": [ "Core Network", "Identity and Subscriber", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pdn-packet-data-network" }, { "term": "PGW", "expansion": "Packet Data Network Gateway", "definition": "The Packet Data Network Gateway is the 4G EPC element that connects subscriber data sessions to external networks (internet, IMS, enterprise APNs). It allocates IP addresses, enforces per-bearer QoS, applies charging via the OCS/PCRF, and performs lawful interception. The PGW is the user-plane border between the trusted mobile core and external networks, and its 5G equivalent is the UPF; both require careful filtering and DDoS protection because they are reachable from untrusted networks.", "tags": [ "Core Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pgw-packet-data-network-gateway" }, { "term": "PHY", "expansion": "Physical Layer", "definition": "The Physical Layer (Layer 1 of the OSI model) is responsible for transmitting raw bits over the physical medium — copper, fibre, or radio. PHY specifications cover modulation, coding, line rate, connectors, and electrical characteristics. In modern radio systems the PHY is typically implemented in a mix of FPGA, DSP, and accelerated software.", "tags": [ "Radio Access Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/phy-physical-layer" }, { "term": "PLMN", "expansion": "Public Land Mobile Network", "definition": "A Public Land Mobile Network is a regulator-licensed mobile network identified globally by the combination of its Mobile Country Code and Mobile Network Code (the PLMN-ID, e.g. 208-10 for a French operator). The PLMN-ID is broadcast on every cell, included in the IMSI/SUPI, and used in inter-operator signalling to identify the home and visited operator. In 5G, PLMN-IDs feed into SEPP routing and PRINS protection of N32 messages between networks.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/plmn" }, { "term": "PoE", "expansion": "Power over Ethernet", "definition": "Power over Ethernet (IEEE 802.3af/at/bt) delivers DC power alongside data over standard Ethernet cabling, eliminating the need for a separate power supply at the device. PoE powers IP phones, Wi-Fi access points, IP cameras, and small-cell radios. Modern 802.3bt supports up to 90 W per port, enabling more demanding endpoints.", "tags": [ "Radio Access Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/poe-power-over-ethernet" }, { "term": "PRD", "expansion": "Permanent Reference Document", "definition": "A Permanent Reference Document is the GSMA's term for an official binding or recommended specification produced by its working groups. Notable security-relevant PRDs include the FS-series (FS.07, FS.11, FS.19, FS.20, FS.21) covering interconnect and roaming security, IR-series for interconnect and routing, and SG-series for security guidance.", "tags": [ "Core Network", "Roaming and Interconnect", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/prd-permanent-reference-document" }, { "term": "Private 5G", "expansion": null, "definition": "A dedicated 5G wireless network deployed for exclusive use by a specific organization, operating independently of public carrier networks. Private 5G provides enterprises with full control over network configuration, security policies, quality of service, and data sovereignty. Private 5G can be deployed using licensed spectrum (leased from carriers), shared spectrum (e.g., CBRS), or as network slices on public infrastructure. Used extensively in manufacturing, healthcare, logistics, and critical infrastructure.", "tags": [ "Radio Access Network", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/private-5g" }, { "term": "Privacy by Design", "expansion": null, "definition": "Privacy by Design is a development philosophy, codified in GDPR Article 25 as 'data protection by design and by default', that requires privacy considerations to be embedded into systems from the start rather than added afterwards. In telecom it shapes choices about identifier exposure (SUCI vs IMSI), default data retention, and the granularity of metadata available to internal users.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/privacy-by-design" }, { "term": "Provide Subscriber Information (PSI)", "expansion": null, "definition": "Provide Subscriber Information is a MAP operation that lets an authorised network element retrieve subscriber data from the HLR or VLR, including current cell, IMEI, and supplementary-service status. While legitimately used by an operator's own elements, abusive PSI from interconnect is a classic SS7 location-tracking primitive, and is filtered as a Category 2 message by FS.11-compliant SS7 firewalls — accepted only from the subscriber's current visited network.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/provide-subscriber-information-psi" }, { "term": "PSTN", "expansion": "Public Switched Telephone Network", "definition": "The Public Switched Telephone Network is the global circuit-switched telephone network that originated in the 19th century with analog exchanges and is now a mixture of TDM and IP-based replacements. PSTN is being progressively retired in favour of all-IP VoLTE, VoNR, and SIP interconnect, but legacy SS7 ISUP signalling and copper-pair access remain in service in many markets.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pstn" }, { "term": "QoS", "expansion": "Quality of Service", "definition": "Quality of Service refers to the techniques used to manage and differentiate network resources so that critical traffic meets bandwidth, latency, jitter, and loss targets. In mobile networks, QoS is implemented per bearer (4G QCI) or per QoS flow (5G 5QI) with prioritisation, scheduling, and admission control all the way from the radio interface through the core to external networks.", "tags": [ "Radio Access Network", "Core Network", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/qos-quality-of-service" }, { "term": "QPSK", "expansion": "Quadrature Phase Shift Keying", "definition": "Quadrature Phase Shift Keying encodes two bits per symbol by selecting between four phases of the carrier wave. QPSK offers a good balance of spectral efficiency and noise tolerance, and is widely used in satellite communications, LTE/5G control channels, and many other systems where robust transmission matters more than peak data rate.", "tags": [ "Radio Access Network", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/qpsk" }, { "term": "RADIUS", "expansion": "Remote Authentication Dial In User Service", "definition": "Remote Authentication Dial-In User Service (RFCs 2865/2866) is the long-standing AAA protocol used for network access authentication, accounting, and authorisation — Wi-Fi 802.1X, VPN, and many enterprise systems. RADIUS uses a shared secret and is being progressively replaced by Diameter in carrier-class deployments and by RadSec (RADIUS over TLS) for transport security.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/radius" }, { "term": "RAN", "expansion": "Radio Access Network", "definition": "The Radio Access Network is the part of a mobile network that connects user devices to the core via radio. In 2G/3G it comprises the BTS/Node B and BSC/RNC; in 4G the eNodeB; and in 5G the gNB, often split into Centralised Unit and Distributed Unit. The RAN handles air-interface scheduling, ciphering, integrity protection, and handovers. Its security exposure spans rogue base stations, fronthaul interception, and supply-chain risk in the radio equipment itself, all of which are amplified by Open RAN multi-vendor architectures.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ran-radio-access-network" }, { "term": "Red Team", "expansion": null, "definition": "A red team conducts authorised adversary-simulation exercises against an organisation's defences, emulating the tactics, techniques, and procedures of realistic threat actors to stress-test detection and response. Telecom red teaming covers IT estate, signalling interconnect, RAN management, and 5G core, and is typically scoped against frameworks such as MITRE ATT&CK and FiGHT.", "tags": [ "Radio Access Network", "Core Network", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/red-team" }, { "term": "Revenue Assurance", "expansion": null, "definition": "A BSS function in telecommunications that ensures all revenue-generating events are properly captured, rated, and billed. Revenue assurance identifies and prevents revenue leakage through data validation, reconciliation between network usage and billing, fraud detection, and process optimization. Typically recovers 0.5-2% of operator revenue through leakage prevention.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/revenue-assurance" }, { "term": "RF", "expansion": "Radio Frequency", "definition": "Radio Frequency refers to the portion of the electromagnetic spectrum, roughly 3 kHz to 300 GHz, used for wireless communications. Mobile networks use specific licensed RF bands assigned by national regulators; security concerns include jamming (denial of service), eavesdropping (especially of unencrypted radio links), and rogue transmissions from unauthorised base stations.", "tags": [ "Radio Access Network", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rf-radio-frequency" }, { "term": "RFID", "expansion": "Radio Frequency Identification", "definition": "Radio Frequency Identification uses electromagnetic coupling between a reader and a tag to identify items at short to medium range. RFID is used in access control, supply-chain tracking, contactless payments, and transit cards. Many low-cost RFID systems use weak or no cryptography and have been documented as cloneable, requiring system-level controls to compensate.", "tags": [ "Radio Access Network", "Security Controls", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rfid" }, { "term": "Roaming", "expansion": null, "definition": "Roaming is the service that lets a subscriber use voice, SMS, and data when attached to a network other than their home operator. It relies on signalling exchanges (SS7 MAP, Diameter S6a, or 5G N32) between the visited and home networks to authenticate the subscriber and authorise services, and on user-plane tunnels (GTP or N9) to carry traffic back to the home network when home-routed. Roaming is the principal channel through which interconnect attacks such as SS7/Diameter abuse and IRSF reach subscribers, making interconnect security controls central to roaming.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/roaming" }, { "term": "Roaming Interconnect Security", "expansion": null, "definition": "Security controls specific to roaming scenarios between mobile operators. Includes inter-PLMN encryption, authentication of visited networks, signaling validation at SEPP boundaries, fraud detection for roaming events, and protection against roaming-specific attacks (location tracking, subscription data harvesting). Critical for protecting subscribers and preventing roaming fraud.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/roaming-interconnect-security" }, { "term": "Roaming Security Assessment", "expansion": null, "definition": "A roaming security assessment is a structured audit of the controls protecting a subscriber's traffic while attached to a visited network. It examines interconnect agreements, SS7/Diameter/N32 firewall policies, encryption of inter-PLMN links, monitoring coverage, and incident response, mapping findings against GSMA FS.07/FS.11/FS.19 and operator-specific risk appetite.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/roaming-security-assessment" }, { "term": "Roaming Security Architecture", "expansion": null, "definition": "The roaming security architecture is the end-to-end set of controls that protect signalling and user-plane traffic when a subscriber attaches to a visited network. It combines transport-layer protection (IPsec/TLS), application-layer security (SS7/Diameter firewalls, 5G SEPP with PRINS), category-based message filtering per GSMA FS.07/FS.11/FS.19, and behavioural monitoring across interconnect.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/roaming-security-architecture" }, { "term": "Robocalling", "expansion": null, "definition": "Robocalling is automated outbound calling at scale, used legitimately for notifications and reminders, and abusively for spam, fraud, and scams that often combine spoofed caller-ID. STIR/SHAKEN attestation and analytics-driven call-blocking by carriers are the dominant defences in the US; many other markets are following with similar regulatory mandates.", "tags": [ "Identity and Subscriber", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/robocalling" }, { "term": "Rogue Base Station (Fake BTS)", "expansion": null, "definition": "A rogue base station is unauthorised radio infrastructure operated by an attacker that broadcasts a stronger signal than legitimate cells to attract nearby devices. Once attached, the attacker can perform IMSI capture, force cipher downgrade, inject silent SMS, or relay traffic for interception. Rogue base stations are the operational delivery mechanism for IMSI catchers and continue to threaten 2G and 3G networks; 5G's mutual authentication and SUCI mitigate but do not entirely eliminate the risk where fallback to legacy generations is permitted.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rogue-base-station-fake-bts" }, { "term": "RRH", "expansion": "Remote Radio Head", "definition": "A Remote Radio Head is the radio equipment installed at a cell site, typically mounted close to the antenna to minimise feeder losses. The RRH is connected to a centralised baseband unit over a fronthaul link (CPRI or eCPRI), forming the basis of Cloud RAN and many vRAN deployments. Fronthaul protection (MACsec or IPsec) is essential because some functional splits expose unciphered traffic.", "tags": [ "Radio Access Network", "Security Controls", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rrh-remote-radio-head" }, { "term": "RPKI", "expansion": "Resource Public Key Infrastructure", "definition": "Resource Public Key Infrastructure (RFC 6480) is the cryptographic system that lets the holder of an IP prefix or AS number publish signed Route Origin Authorisations (ROAs). BGP routers can validate received announcements against ROAs and reject those that do not match, defeating accidental and malicious route hijacks. Operator adoption has grown sharply since 2020 and is now considered baseline routing hygiene.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rpki" }, { "term": "RSA", "expansion": "Rivest-Shamir-Adleman", "definition": "RSA, named after Rivest, Shamir, and Adleman (1977), is the long-standing public-key cryptosystem used for encryption and digital signatures, based on the difficulty of factoring large semiprimes. Modern security requires keys of 2048 bits or longer, with 3072+ recommended for new deployments. Post-quantum cryptography roadmaps (NIST PQC) anticipate eventual migration away from RSA.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rsa-rivest-shamir-adleman" }, { "term": "RTP", "expansion": "Real-time Transport Protocol", "definition": "Real-time Transport Protocol (RFC 3550) carries audio and video streams over IP, typically on top of UDP, and is the media transport beneath SIP-based VoIP, IMS, VoLTE/VoNR, WebRTC, and most live-streaming systems. RTP itself provides timestamps, sequence numbers, and payload-type identification but no encryption; the secure profile SRTP (RFC 3711) adds confidentiality and integrity and is mandatory for carrier-grade voice services.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rtp-real-time-transport-protocol" }, { "term": "RTSP", "expansion": "Real Time Streaming Protocol", "definition": "Real Time Streaming Protocol (RFC 7826) controls the delivery of streaming media — pause, play, seek — independently of the transport (typically RTP). It is widely deployed in IP cameras and CCTV, where insecure default deployments have repeatedly enabled mass discovery and exploitation by botnets such as Mirai.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rtsp" }, { "term": "SAS", "expansion": "GSMA Security Accreditation Scheme", "definition": "The GSMA Security Accreditation Scheme is a peer-reviewed audit programme that certifies the security of mobile-industry sites and services. SAS-UP covers UICC and eSIM production sites; SAS-SM covers eSIM remote provisioning platforms. SAS certification is widely required in operator procurement and underpins trust in SIM, eSIM, and remote SIM provisioning across the ecosystem.", "tags": [ "Core Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sas-gsma-security-accreditation-scheme" }, { "term": "SBAS", "expansion": "Satellite-Based Augmentation System", "definition": "A Satellite-Based Augmentation System uses geostationary satellites to broadcast correction and integrity data that improves the accuracy and reliability of GNSS positioning. WAAS (US), EGNOS (Europe), MSAS (Japan), and GAGAN (India) are the main regional SBAS systems, used in aviation and other safety-critical applications where standalone GNSS accuracy is insufficient.", "tags": [ "Core Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sbas" }, { "term": "SC", "expansion": "Signaling Connection", "definition": "In SS7 networks, a Signalling Connection is a connection carrying signalling messages between network elements, established and managed by SCCP either as a connectionless transfer or as a connection-oriented session. The same acronym is also used in 3GPP for Service Centre (a synonym for SMSC) and in many other contexts; the intended meaning depends on the surrounding specification.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sc-signaling-connection" }, { "term": "SCADA", "expansion": "Supervisory Control and Data Acquisition", "definition": "Supervisory Control and Data Acquisition systems monitor and control industrial processes — power grids, water treatment, manufacturing, oil and gas. SCADA networks have historically used proprietary serial protocols but increasingly run over IP, which exposes them to cyber threats. Standards such as IEC 62443 define security baselines for industrial control systems.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/scada" }, { "term": "SCN", "expansion": "Service Creation Node", "definition": "A Service Creation Node is part of the Intelligent Network architecture, providing a development and execution environment for advanced telecom services such as freephone, prepaid, and VPN. SCNs host the service logic that the Service Control Point (SCP) executes when triggered by switches via INAP. The model is largely superseded in IP networks but remains in legacy deployments.", "tags": [ "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/scn-service-creation-node" }, { "term": "SDSL", "expansion": "Symmetric Digital Subscriber Line", "definition": "Symmetric Digital Subscriber Line provides equal upload and download speeds (typically up to a few Mbit/s) over a single copper pair, targeted at small business and enterprise sites where uplink throughput matters. SDSL has been largely replaced by fibre, Ethernet First Mile, and high-speed mobile alternatives.", "tags": [ "Core Network", "Identity and Subscriber", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sdsl" }, { "term": "SECA", "expansion": "Security Administration", "definition": "In telecom contexts SECA most commonly refers to Security Administration functions within an operator, including identity and access management for OSS/BSS systems, hardening of OAM interfaces, and enforcement of separation between operational and management networks. The acronym is also used by some vendors and conditional-access systems with different meanings.", "tags": [ "Identity and Subscriber", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/seca" }, { "term": "SEPP", "expansion": "Security Edge Protection Proxy", "definition": "The Security Edge Protection Proxy is the 5G network function placed at the edge of every PLMN to terminate the N32 interface used for inter-operator signalling. It enforces application-layer protection (PRINS) that authenticates and integrity-protects each JSON message, optionally encrypting sensitive information elements end-to-end across IPX intermediaries. SEPP closes the inter-PLMN trust gap that plagued SS7 and Diameter, and is mandatory for any 5G operator offering or consuming roaming.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sepp" }, { "term": "Service-Based Architecture (SBA) Security", "expansion": null, "definition": "Security for the 5G Service-Based Architecture relies on a defence-in-depth model: mutual TLS for transport between every pair of Network Functions, OAuth2 access tokens issued by the NRF for fine-grained API authorisation, JSON-schema validation at every consumer, NF profile signing in the NRF, and PRINS via SEPP at the inter-PLMN boundary. Because the SBA exposes hundreds of REST APIs over HTTP/2, getting these controls right — including secret rotation and least-privilege scopes — is the foundation of 5G core security.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/service-based-architecture-sba-security" }, { "term": "SGSN", "expansion": "Serving GPRS Support Node", "definition": "The Serving GPRS Support Node is the 2G/3G packet-core element that handles mobility, session management, authentication, and packet routing for GPRS and UMTS subscribers, much as the MME does for 4G. It communicates with the GGSN over GTP and with the HLR over MAP. SGSNs remain in service in many networks and are exposed to GTP attacks from compromised roaming partners, requiring GTP firewalls and strict peer validation on the Gn/Gp interfaces.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sgsn" }, { "term": "SHA", "expansion": "Secure Hash Algorithm", "definition": "Secure Hash Algorithm is the NIST family of cryptographic hash functions: SHA-1 (broken for collision resistance, retired), SHA-2 (SHA-224/256/384/512, current baseline), and SHA-3 (a Keccak-based alternative). Hash functions underpin digital signatures, certificates, password storage (with KDFs), and integrity checks in IPsec, TLS, and many telecom protocols.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sha-secure-hash-algorithm" }, { "term": "SHR", "expansion": "Shared Resource", "definition": "SHR is used in several telecom contexts, most often as Self-Healing Ring (a SONET/SDH protection topology) or generically as a Shared Resource. The Self-Healing Ring meaning describes a fibre topology with automatic re-routing on cable cut, providing sub-50-ms protection switching; it remains in use in many transport networks.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/shr-shared-resource" }, { "term": "Signaling Firewall", "expansion": null, "definition": "A signalling firewall is a security gateway placed at the interconnect boundary that inspects and enforces policy on SS7, Diameter, GTP, SIP, and 5G N32 traffic. It implements the GSMA category model — blocking messages that should never cross interconnect, validating that allowed messages come from the correct partner, and rate-limiting or behaviourally inspecting the rest. Combined with topology hiding and IDS-style detection, signalling firewalls are now considered a baseline control for every operator.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/signaling-firewall" }, { "term": "Signaling IDS", "expansion": null, "definition": "A signalling Intrusion Detection System monitors SS7, Diameter, GTP, and 5G SBA traffic for patterns indicative of attack — abnormal MAP operation rates, impossible-velocity location updates, suspicious GT origins, or out-of-context GTP tunnels. It complements an inline signalling firewall by providing visibility, correlation across protocols, and alerting for behaviours that policy alone cannot block. Modern systems combine rule-based detection with machine-learning baselining.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/signaling-ids" }, { "term": "Signaling Penetration Testing", "expansion": null, "definition": "Signalling penetration testing exercises an operator's interconnect defences by sending crafted SS7, Diameter, GTP, or N32 messages from controlled test points to evaluate whether attacks such as location tracking, IMSI disclosure, call/SMS interception, and DoS are blocked. It validates the configuration of signalling firewalls, the effectiveness of GSMA category filtering, and the visibility of monitoring tools, and is a recommended practice in GSMA FS.11/FS.19 and many regulatory frameworks.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/signaling-penetration-testing" }, { "term": "Signaling Screening", "expansion": null, "definition": "Signalling screening is the process of validating each incoming signalling message against policy: is the operation allowed across interconnect, is the originating Global Title or realm legitimate, is the addressed subscriber actually expected to be served by this peer, and does the sequence make sense for the subscriber's known state. It is the day-to-day function of a signalling firewall and is codified in the category model defined by GSMA FS.11 (SS7) and FS.19 (Diameter).", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/signaling-screening" }, { "term": "SID", "expansion": "Service Identifier", "definition": "SID, the Service Identifier, is a generic term for a number that identifies a particular telecom service or feature within a network or platform. It appears in many standards under different definitions (CDMA system identifier, IMS service identifier, etc.) and should be interpreted in the context of the specification being referenced.", "tags": [ "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sid-service-identifier" }, { "term": "SIM", "expansion": "Subscriber Identity Module", "definition": "The Subscriber Identity Module is the tamper-resistant smart card that stores the long-term subscriber key Ki/K, the IMSI/SUPI, network selection data, and a small file system. It executes the AKA authentication algorithm so the secret key never leaves the card. The SIM exists today as a removable UICC, an embedded eSIM with remote provisioning, and an integrated iSIM inside the modem chipset. SIM security underpins all subscriber authentication, making SIM swap and cloning attacks among the highest-impact threats in mobile.", "tags": [ "Identity and Subscriber", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sim-subscriber-identity-module" }, { "term": "SIMBox Fraud", "expansion": null, "definition": "SIM-box fraud uses arrays of mobile SIMs in dedicated hardware to terminate international calls as if they were originating locally, bypassing legitimate interconnect and depriving operators of termination revenue. It also disguises caller-ID and undermines lawful interception. Operators detect SIM boxes via traffic profiling, IMEI patterns, and test-call generation, and disconnect them under contract terms or regulatory order.", "tags": [ "Roaming and Interconnect", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/simbox-fraud" }, { "term": "Silent SMS", "expansion": null, "definition": "A silent SMS (Type 0 SMS) is a message that is delivered to the handset and acknowledged on the network but never displayed to the user. Law enforcement and intelligence services use it to trigger paging and confirm a target's presence and approximate location through the resulting signalling. Silent SMS is detectable by some end-user privacy tools and is regulated in some jurisdictions.", "tags": [ "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/silent-sms" }, { "term": "SIP", "expansion": "Session Initiation Protocol", "definition": "The Session Initiation Protocol, defined in RFC 3261, is the IETF signalling protocol used to create, modify, and terminate multimedia sessions over IP. It is the control plane of VoIP, IMS, VoLTE/VoNR, and RCS, and runs over UDP, TCP, or TLS. SIP is text-based and extensible, which makes it powerful but also exposes a wide attack surface: registration hijacking, INVITE flooding, toll fraud, response splitting, and CLI spoofing. TLS for transport, SIP digest or AKA authentication, and STIR/SHAKEN for caller verification are standard mitigations.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sip-session-initiation-protocol" }, { "term": "SIR", "expansion": "Signal-to-Interference Ratio", "definition": "Signal-to-Interference Ratio measures the strength of a desired signal relative to interfering signals from other transmissions on the same or adjacent frequencies. SIR (and the related SINR including noise) is a key metric for cellular link quality and underpins scheduling decisions, modulation and coding choice, and handover decisions in 4G and 5G networks.", "tags": [ "Radio Access Network", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sir-signal-to-interference-ratio" }, { "term": "SIRT", "expansion": "Security Incident Response Team", "definition": "A Security Incident Response Team (also called CSIRT or CERT) is the group responsible for coordinating the detection, containment, eradication, and recovery from security incidents, plus the post-incident learning. Telecom SIRTs typically have direct relationships with national CERTs, GSMA T-ISAC, and law enforcement, and are engaged for both IT and signalling-layer incidents.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sirt" }, { "term": "SLA", "expansion": "Service Level Agreement", "definition": "A Service Level Agreement is the contract clause specifying the performance and availability commitments a service provider makes to a customer, typically backed by service credits. Telecom SLAs commonly cover availability percentages, MTTR for incidents, latency and jitter targets, and support response times, measured against agreed SLIs.", "tags": [ "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sla-service-level-agreement" }, { "term": "SLI", "expansion": "Service Level Indicator", "definition": "A Service Level Indicator is a quantitative measurement used to evaluate whether a service is meeting its Service Level Objectives (SLOs), which in turn underpin contractual SLAs. Common telecom SLIs include availability, packet loss, latency, jitter, and call setup success rate. Modern SRE practice manages reliability through SLO error budgets derived from SLIs.", "tags": [ "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sli-service-level-indicator" }, { "term": "Slice Isolation (5G)", "expansion": null, "definition": "The degree of separation between different network slices. Slice isolation ensures that traffic and resources from one slice do not interfere with other slices.", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/slice-isolation-5g" }, { "term": "Slice Security", "expansion": null, "definition": "Security mechanisms protecting individual network slices in 5G networks. Includes slice-specific authentication, authorization, encryption, traffic isolation, and protection against cross-slice attacks. Each slice can have differentiated security policies based on service requirements.", "tags": [ "Security Controls", "Threats and Attacks", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/slice-security" }, { "term": "SM", "expansion": "Session Manager", "definition": "In telecom contexts, SM most often refers to the Session Manager that handles the lifecycle of communication sessions in IMS or in a 5G PDU session managed by the SMF. The same acronym is also used for Short Message in SMS specifications (e.g. MAP MO-ForwardSM) and should be disambiguated by surrounding context.", "tags": [ "Core Network", "Signaling", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sm-session-manager" }, { "term": "SMF", "expansion": "Session Management Function", "definition": "The Session Management Function is the 5G core network function responsible for the lifecycle of PDU sessions: IP address allocation, UPF selection and control via the N4/PFCP interface, QoS enforcement, charging triggers, and lawful interception coordination. The SMF interacts with the AMF, PCF, and UDM over service-based interfaces and is critical to user-plane security; misconfiguration or compromise can enable session hijacking, traffic redirection, or charging fraud.", "tags": [ "Core Network", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smf-session-management-function" }, { "term": "SMPP", "expansion": "Short Message Peer-to-Peer", "definition": "Short Message Peer-to-Peer is the IETF/SMS-Forum protocol used between SMSCs, ESMEs, and aggregators to submit and deliver SMS messages over IP. SMPP carries A2P traffic that includes one-time passwords, marketing, and notifications, and is the principal interface used by enterprise SMS platforms. Weak authentication, plaintext transport, and lax binding controls have enabled high-profile abuse such as SMS spoofing and OTP interception, so TLS, IP allow-listing, and aggregator due diligence are essential.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smpp" }, { "term": "SMS", "expansion": "Short Message Service", "definition": "Short Message Service is the GSM-era 160-character text messaging service that operates over the SS7 signalling channel rather than a data bearer, using MAP for delivery and the SMSC for store-and-forward. Despite the rise of OTT messaging, SMS remains critical because billions of services rely on it for one-time passwords and account recovery. Its security weaknesses — interception via SS7 attacks, SIM-swap-driven OTP theft, and CLI spoofing — make SMS a poor second factor for high-value accounts and have driven adoption of SMS Home Routing and FIDO/WebAuthn alternatives.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sms-short-message-service" }, { "term": "SMS Home Routing", "expansion": null, "definition": "SMS Home Routing is the GSMA-recommended deployment in which all incoming SMS for a roaming subscriber is routed back through the home operator's SMS Home Router rather than delivered directly via the visited SMSC. The Home Router answers the SRI-SM query with a single non-routable address, hiding the subscriber's IMSI and current location from the foreign SMSC. It is one of the most effective controls against SS7-based location tracking and OTP interception.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sms-home-routing" }, { "term": "SMS Pumping", "expansion": null, "definition": "SMS pumping (also called artificially inflated traffic, AIT) is a fraud where attackers automate phone-number entry on websites that send an OTP or verification SMS, generating large volumes of paid A2P traffic to numbers in collusive ranges that share revenue with the fraudster. Mitigations include CAPTCHA, IP-based rate limiting, MSISDN range blocking, and anomaly detection on registration funnels.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sms-pumping" }, { "term": "SMS Spoofing (Interconnect)", "expansion": null, "definition": "SMS spoofing on interconnect refers to messages that arrive at an operator's SMSC with a forged originator address, allowing fraudsters to impersonate banks, governments, or trusted brands for phishing or fraud. It exploits weak validation between SMS aggregators and the SS7/SMPP interconnect, where the originating address is treated as untrusted information. SMS firewalls, sender-ID registries, and SMS Home Routing reduce exposure, alongside emerging RCS Business Messaging with verified senders.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sms-spoofing-interconnect" }, { "term": "SMSC", "expansion": "Short Message Service Center", "definition": "The Short Message Service Centre is the network element that stores SMS messages and forwards them to the destination subscriber when reachable, implementing the store-and-forward semantics of SMS. SMSCs interact with the HLR over MAP to look up the recipient's current location and with MSCs/MMEs/AMFs to deliver. They are central to OTP delivery, A2P traffic, and many fraud schemes; SMS Home Routing and SMS firewalls are the standard security controls protecting them.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smsc" }, { "term": "SNMP", "expansion": "Simple Network Management Protocol", "definition": "Simple Network Management Protocol (RFCs 3411-3418) is the dominant protocol for monitoring and configuring network devices. SNMPv1 and v2c send community strings in cleartext and should never traverse untrusted networks; SNMPv3 adds authentication and encryption and is the only version suitable for production. SNMP servers are also a frequent vector for amplification DDoS when left exposed.", "tags": [ "Identity and Subscriber", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/snmp" }, { "term": "SNR", "expansion": "Signal-to-Noise Ratio", "definition": "Signal-to-Noise Ratio measures the level of a desired signal compared with the level of background noise, typically expressed in decibels. Higher SNR enables higher modulation orders and therefore higher data rates; SNR thresholds drive link adaptation in cellular and Wi-Fi systems and are central to coverage planning.", "tags": [ "Radio Access Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/snr-signal-to-noise-ratio" }, { "term": "SOC", "expansion": "Security Operations Center", "definition": "A Security Operations Centre is the team and facility responsible for continuous monitoring, detection, and response to security incidents. A telecom SOC typically combines IT SIEM tooling with telecom-specific signalling monitoring (SS7, Diameter, GTP, SIP) and fraud-management feeds, and operates 24x7 with tiered analyst workflows aligned to NIST CSF or ISO 27035.", "tags": [ "Signaling", "Security Controls", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/soc-security-operations-center" }, { "term": "Spam", "expansion": null, "definition": "Spam is unsolicited bulk messaging sent over email, SMS, voice (robocalls), or messaging apps. Telecom-specific defences include carrier-side filtering, sender reputation, STIR/SHAKEN attestation for voice, SMS firewalls and grey-route blocking, and regulatory frameworks such as TCPA in the US and the ePrivacy Directive in the EU.", "tags": [ "Security Controls", "Fraud", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/spam" }, { "term": "SRI", "expansion": "Send Routing Information", "definition": "Send Routing Information is the MAP operation a gateway MSC uses to query the HLR for the routing number of a mobile subscriber being called. The variant SRI-for-SM does the same for SMS delivery. Both expose subscriber location and reachability information, and are a primary tool used in SS7 location-tracking attacks. SRI is filtered as a Category 2 operation by SS7 firewalls, and SMS Home Routing specifically intercepts SRI-for-SM to hide subscribers from foreign SMSCs.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sri-send-routing-information" }, { "term": "SS7", "expansion": "Signaling System No. 7", "definition": "Signalling System No. 7 is the legacy out-of-band signalling protocol family used to set up calls, deliver SMS, query subscriber data, and support roaming across PSTN, 2G, and 3G networks. Defined by ITU-T from 1980 and still in operational use globally, SS7 was designed for a closed trust model between a small number of state monopolies and has no built-in authentication or encryption. As access to SS7 spread to thousands of operators and resellers, attackers gained the ability to track subscriber location, intercept SMS-based one-time passwords, redirect calls, and conduct fraud. Mitigations require SS7 firewalls, Category 1/2/3 message filtering per GSMA FS.11, and SMS Home Routing.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ss7-signaling-system-no-7" }, { "term": "SS7 Interconnect Security", "expansion": null, "definition": "Security controls specific to SS7 protocol communications between interconnecting networks. Includes SS7 firewall deployment, Global Title filtering, message authentication, topology hiding, and protection against SS7-specific attacks (location tracking, call interception, SMS spoofing). Critical for legacy 2G/3G networks and interconnect scenarios.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ss7-interconnect-security" }, { "term": "SSID", "expansion": "Service Set Identifier", "definition": "The Service Set Identifier is the human-readable name of a Wi-Fi network, broadcast in 802.11 beacon frames so client devices can discover and select it. SSIDs can be hidden, but hiding them does not provide meaningful security; strong WPA2/WPA3 authentication and encryption do. Duplicate SSIDs are commonly used by rogue access points to lure clients.", "tags": [ "Security Controls", "Encryption and Cryptography", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ssid" }, { "term": "SSH", "expansion": "Secure Shell", "definition": "Secure Shell (RFC 4251) is the standard encrypted protocol for remote terminal access, file transfer, and tunneling, replacing insecure Telnet and rlogin. SSH supports password and public-key authentication and is the default management interface for Linux servers, network equipment, and many telecom OAM systems. Key management hygiene and disabling password logins are baseline hardening steps.", "tags": [ "Radio Access Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ssh-secure-shell" }, { "term": "SSL", "expansion": "Secure Sockets Layer (deprecated)", "definition": "Secure Sockets Layer was the predecessor to TLS, originally developed by Netscape. SSL 2.0 (1995) and SSL 3.0 (1996) both have known cryptographic flaws — most famously POODLE against SSL 3.0 — and are deprecated by RFC 7568. Any production system still permitting SSL must be upgraded to TLS 1.2 or, preferably, TLS 1.3.", "tags": [ "Signaling", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ssl-secure-sockets-layer-deprecated" }, { "term": "STIR", "expansion": "Secure Telephone Identity Revisited", "definition": "Secure Telephone Identity Revisited is the IETF framework (RFCs 8224/8225/8226) for cryptographically signing the calling number in a SIP INVITE so that downstream networks can verify that the originating provider attested to the caller's right to use that number. STIR is the cryptographic engine underneath SHAKEN, the operational profile mandated by US and Canadian regulators to combat illegal robocalls and CLI spoofing. It depends on a healthy ecosystem of certificate authorities and policy administrators.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/stir" }, { "term": "Subnet", "expansion": null, "definition": "A subnet is a logical subdivision of an IP network defined by a subnet mask or CIDR prefix, allowing administrators to segment networks for performance, security, and routing. Careful subnetting underpins network security architecture: separating user, server, management, and DMZ traffic into distinct subnets is a baseline hardening practice.", "tags": [ "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/subnet" }, { "term": "Subscriber", "expansion": null, "definition": "A subscriber is a customer with an active service contract on a telecom network, identified by an IMSI/SUPI on the SIM and reachable via an MSISDN. Operators manage subscribers in the HLR/HSS/UDM and apply per-subscription policies for QoS, roaming, charging, and lawful interception. Subscriber data is highly sensitive personal information and a frequent target of data-protection regulation.", "tags": [ "Core Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/subscriber" }, { "term": "SUCI", "expansion": "Subscription Concealed Identifier", "definition": "The Subscription Concealed Identifier is the encrypted form of the SUPI used in 5G to prevent passive over-the-air tracking. The UE generates a fresh SUCI for each transmission by encrypting the SUPI with the home network's public key (using ECIES), so a passive observer or rogue base station cannot derive the long-term subscriber identity. The home network's UDM/SIDF decrypts the SUCI back to the SUPI for authentication, closing one of the most exploited weaknesses of 2G/3G/4G.", "tags": [ "Radio Access Network", "Core Network", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/suci" }, { "term": "SUPI", "expansion": "Subscription Permanent Identifier", "definition": "The Subscription Permanent Identifier is the 5G equivalent of the IMSI, identifying a subscriber within the home network of the operator. It is provisioned on the USIM and used for authentication and policy decisions. Crucially, the SUPI is never sent in cleartext over the radio interface — instead the UE encrypts it with the home network's public key to produce the SUCI, which is then used in all initial signalling, neutralising the IMSI-catcher class of attacks that affected earlier generations.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/supi" }, { "term": "TAC", "expansion": "Terminal Access Controller", "definition": "In the IMEI, the Type Allocation Code is the first eight digits identifying the manufacturer and model of a mobile device. Operators and the GSMA TAC database use it to enforce equipment policies, detect cloned or non-type-approved handsets, and block stolen devices via the EIR. TAC is also reused in some contexts as a Tracking Area Code in LTE and 5G, identifying a group of cells for mobility management. Both meanings are common in telecom security work and should be disambiguated by context.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tac-terminal-access-controller" }, { "term": "TAP", "expansion": "Telecommunications Analysis Service", "definition": "TAP, in lawful-interception literature, refers to a network tap or test access point used to copy traffic into monitoring infrastructure. The acronym is also the original Telocator Alphanumeric Protocol for paging systems, and one of several lawful-interception roles. Context determines which meaning applies.", "tags": [ "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tap-telecommunications-analysis-service" }, { "term": "TCP", "expansion": "Transmission Control Protocol", "definition": "The Transmission Control Protocol, defined in RFC 9293, is the connection-oriented transport that provides reliable, ordered, byte-stream delivery on top of IP. It implements the three-way handshake, sliding-window flow control, congestion control, and retransmission. Most internet traffic — HTTP, TLS, SMTP, SSH, SS7-over-IP variants, Diameter — runs over TCP. Its long-lived connections make it the target of SYN floods and amplification attacks, mitigated by SYN cookies, rate limiting, and DDoS scrubbing.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tcp-transmission-control-protocol" }, { "term": "TCP/IP", "expansion": null, "definition": "TCP/IP is the suite of protocols that underpins the modern internet, named after its two best-known members: the Internet Protocol that routes packets between hosts, and the Transmission Control Protocol that provides reliable byte streams on top. The suite also includes UDP, ICMP, ARP, DNS, BGP, and many others, all standardised by the IETF.", "tags": [ "Radio Access Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tcp-ip" }, { "term": "TCAP", "expansion": "Transaction Capabilities Application Part", "definition": "Transaction Capabilities Application Part is the SS7 layer that supports remote operations and dialogues between network elements, sitting on top of SCCP and underneath application protocols such as MAP and CAP. TCAP carries the begin, continue, end, and abort messages that frame each transaction. Because it has no authentication of its own, attackers with SCCP-level reachability can use TCAP as a vehicle for unauthorised MAP queries, location tracking, and fraud — making TCAP-aware filtering a core function of any SS7 firewall.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tcap" }, { "term": "TCAP Abuse", "expansion": null, "definition": "A class of SS7 attacks where an adversary with interconnect access uses crafted TCAP dialogues to invoke MAP, CAP, or INAP operations they should not be allowed to issue. Examples include sending unsolicited AnyTimeInterrogation to track a subscriber, ProvideRoamingNumber to intercept calls, or UpdateLocation to redirect SMS. Mitigation relies on SS7 firewalls applying GSMA FS.11 Category 1 and 2 filters, validating the originating Global Title, and correlating dialogues against the subscriber's known location.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tcap-abuse" }, { "term": "TDD", "expansion": "Time Division Duplex", "definition": "Time Division Duplex uses one frequency band for both uplink and downlink, alternating between them in time. TDD is the dominant duplexing scheme for 5G mid-band (3.5 GHz), most Wi-Fi, and many enterprise small-cell deployments, because it can flexibly allocate capacity between directions and avoids the need for paired spectrum.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tdd-time-division-duplex" }, { "term": "TDMA", "expansion": "Time Division Multiple Access", "definition": "Time Division Multiple Access lets multiple users share the same frequency channel by transmitting in successive time slots. TDMA was the access method of GSM, IS-136 D-AMPS, DECT, TETRA, and many satellite systems. It has been largely superseded by CDMA and OFDMA in mass-market mobile networks but persists in many specialised radio systems.", "tags": [ "Radio Access Network", "Internet and Routing", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tdma" }, { "term": "TEID", "expansion": "Tunnel Endpoint Identifier", "definition": "The Tunnel Endpoint Identifier is a 32-bit field in every GTP-C and GTP-U packet that identifies the specific bearer or signalling session at the receiving endpoint. Each side of a GTP tunnel allocates and tracks its own TEIDs. Predictable, leaked, or replayed TEIDs are central to many GTP attacks (session hijacking, IMSI disclosure, denial of service), so TEID hygiene — randomisation, rapid expiry, peer validation — is a core control enforced by GTP firewalls.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/teid" }, { "term": "Telecom", "expansion": "Telecommunications", "definition": "Telecommunications is the transmission of signs, signals, messages, voice, images, sounds, or data over a distance by electromagnetic, optical, or wired means. The sector spans fixed-line, mobile, satellite, broadcast, and IP services and is governed globally by the ITU and nationally by regulators such as the FCC, BNetzA, and ARCEP.", "tags": [ "Radio Access Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom" }, { "term": "Telecom Attack Surface Mapping", "expansion": null, "definition": "Telecom attack surface mapping is the systematic discovery and documentation of every externally and internally reachable network element, interface, protocol, and service in an operator's environment. It covers IT assets, signalling endpoints (SS7/Diameter/GTP/SIP/N32), RAN management, OAM, and cloud surfaces, and is the foundation for prioritised hardening and continuous exposure management.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-attack-surface-mapping" }, { "term": "Telecom Penetration Testing", "expansion": null, "definition": "Telecom penetration testing is authorised, scoped offensive testing of an operator's networks and services to identify exploitable weaknesses before adversaries do. It typically combines IT-style external and internal testing with telecom-specific work on SS7, Diameter, GTP, SIP, RAN, and 5G interfaces, mapped to GSMA security PRDs and frameworks such as MITRE FiGHT.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-penetration-testing" }, { "term": "Telecom SIEM", "expansion": null, "definition": "A telecom SIEM is a Security Information and Event Management platform that ingests logs and signalling telemetry from across an operator's environment — IT systems plus SS7, Diameter, GTP, SIP, and 5G SBA — and applies correlation, detection, and alerting tuned to telecom-specific threats. It is the analytical heart of a telecom SOC and feeds incident response.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-siem" }, { "term": "Telnet", "expansion": null, "definition": "Telnet (RFC 854) is a 1969 protocol for remote terminal access that transmits all traffic — including passwords — in cleartext. It was once the default management protocol for routers, switches, and servers; today it should be disabled everywhere in favour of SSH. Lingering Telnet on internet-exposed devices remains a leading IoT botnet recruitment vector.", "tags": [ "Radio Access Network", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telnet" }, { "term": "TETRAPOL", "expansion": null, "definition": "TETRAPOL is a digital private mobile radio standard developed in France in the 1990s for emergency services, military, and other professional users, primarily deployed in France, Spain, Switzerland, and parts of Eastern Europe. It competes with the more widely deployed TETRA standard. Both are slowly being supplemented or replaced by mission-critical broadband over 4G and 5G.", "tags": [ "Radio Access Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tetrapol" }, { "term": "Threat Intelligence", "expansion": "Telecom-Specific", "definition": "Telecom-specific threat intelligence is the curated information about adversaries, techniques, and indicators relevant to mobile and fixed-line operators — interconnect attack patterns, fraud schemes, RAN-targeted exploits, signalling abuse campaigns. Sources include GSMA T-ISAC, vendor research, national CERTs, and dedicated commercial feeds.", "tags": [ "Radio Access Network", "Core Network", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/threat-intelligence" }, { "term": "Threat-Led Assessment", "expansion": null, "definition": "A threat-led assessment evaluates an organisation's defences against the specific tactics, techniques, and procedures of relevant threat actors, rather than against a generic checklist. Examples include the European Central Bank's TIBER-EU framework for the financial sector and equivalent telecom-sector exercises; results feed into prioritised hardening and SOC tuning.", "tags": [ "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/threat-led-assessment" }, { "term": "TLS", "expansion": "Transport Layer Security", "definition": "Transport Layer Security, defined by the IETF (latest TLS 1.3 in RFC 8446), provides confidentiality, integrity, and authentication for client-server communications over TCP. It underpins HTTPS, modern email transport, mTLS in cloud and 5G SBA, and SIP/SMPP security. TLS 1.0 and 1.1 are deprecated and should be disabled; TLS 1.2 is the operational baseline; TLS 1.3 removes legacy ciphers, mandates forward secrecy, and reduces handshake latency. Certificate management and HSTS are critical for end-to-end protection.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tls-transport-layer-security" }, { "term": "TM Forum", "expansion": "TeleManagement Forum", "definition": "A global industry association for telecommunications service providers and their suppliers. TM Forum develops business process frameworks (eTOM - Enhanced Telecom Operations Map), application frameworks (TAM - Telecom Application Map), and Open APIs that enable digital transformation and operational efficiency. TM Forum collaborates with GSMA and CAMARA on API standardization initiatives. Founded in 1988, TM Forum has 800+ member organizations.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tm-forum" }, { "term": "TM Forum Open APIs", "expansion": null, "definition": "A portfolio of standardized, REST-based APIs developed by TM Forum to enable interoperability between BSS, OSS, and partner systems. TM Forum Open APIs cover product catalog, ordering, billing, customer management, service inventory, and network operations. These APIs facilitate rapid integration, reduce development costs, and enable digital ecosystem collaboration.", "tags": [ "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tm-forum-open-apis" }, { "term": "TMSI", "expansion": "Temporary Mobile Subscriber Identity", "definition": "The Temporary Mobile Subscriber Identity is a short identifier assigned by the VLR or MME to a subscriber so that the IMSI does not have to be sent over the air on every transaction. The TMSI is reallocated periodically to limit linkability, but in 2G and 3G the procedure is unauthenticated, allowing an IMSI catcher to force the device to reveal its IMSI. 5G strengthens this with 5G-GUTI and SUCI-based concealment of the long-term identity.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tmsi" }, { "term": "TMSI Reallocation", "expansion": null, "definition": "TMSI reallocation is the procedure where the network assigns a fresh Temporary Mobile Subscriber Identity to a device, replacing the previously used one to prevent linkability and tracking. Frequent reallocation reduces the value of any captured TMSI and is part of the privacy story in 4G and 5G; misconfigured operators that re-use TMSIs for long periods undermine this protection.", "tags": [ "Signaling", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tmsi-reallocation" }, { "term": "Toll Bypass", "expansion": null, "definition": "Toll bypass is a fraud where calls are routed through unauthorised paths — typically via SIM boxes, leaky PBXs, or grey VoIP gateways — to terminate as cheap on-net traffic instead of paying international interconnect fees. It deprives operators of legitimate termination revenue and degrades caller-ID and lawful-interception integrity. Detection relies on traffic-pattern analysis and test-call generation.", "tags": [ "Roaming and Interconnect", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/toll-bypass" }, { "term": "Toll Fraud", "expansion": null, "definition": "Toll fraud is the unauthorised use of telecom services that results in charges to the victim, the most common form being PBX hacking that drives traffic to international premium numbers (a delivery channel for IRSF). Detection relies on near-real-time fraud-management systems with thresholds for high-cost destinations, off-hours traffic, and unusual call durations.", "tags": [ "Fraud", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/toll-fraud" }, { "term": "TPS", "expansion": "Telecom Policy Service", "definition": "TPS is variously used in telecom for Transactions Per Second (a throughput measure for signalling and charging systems) and for Telecom Policy Service in some operator contexts. The intended meaning depends on the surrounding documentation; both usages are common and should be disambiguated by context.", "tags": [ "Radio Access Network", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tps-telecom-policy-service" }, { "term": "TR-069", "expansion": "CPE WAN Management Protocol", "definition": "TR-069 (Broadband Forum CWMP) is the standard protocol for remote management of customer premises equipment — modems, gateways, set-top boxes — between the device and an Auto-Configuration Server (ACS) operated by the carrier. TR-069 has been involved in several large-scale CPE compromises (Mirai variants); deployments must enforce TLS, strong ACS authentication, and limit exposed management interfaces.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tr-069" }, { "term": "Traffic Baselining", "expansion": null, "definition": "Traffic baselining is the process of building a statistical model of normal network traffic over time so that deviations can be flagged as potential incidents. Baselines may be built per peer, per protocol, per subscriber segment, or per tenant, and underpin network anomaly detection, capacity planning, and DDoS mitigation across both IT and signalling networks.", "tags": [ "Signaling", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/traffic-baselining" }, { "term": "Traffic Engineering", "expansion": null, "definition": "Traffic engineering is the set of techniques operators use to optimise how traffic flows through their network — load balancing, MPLS path selection, BGP local preference, and segment routing — so that capacity is used efficiently and SLAs are met. It is a key tool for both performance and resilience, and feeds into capacity planning and DDoS mitigation strategies.", "tags": [ "Signaling", "Threats and Attacks", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/traffic-engineering" }, { "term": "Transcoding", "expansion": null, "definition": "Transcoding is the conversion of audio or video from one codec or bitrate to another, used in mobile networks to bridge incompatible endpoints (e.g. AMR-NB to EVS for VoLTE-to-PSTN), in IMS for media interworking at the IBCF/TrGW, and in OTT services for adaptive streaming. Transcoding can introduce quality loss and adds processing latency.", "tags": [ "Radio Access Network", "Threats and Attacks", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/transcoding" }, { "term": "Trunk", "expansion": null, "definition": "A trunk is a high-capacity communication line that aggregates traffic between major nodes — historically inter-exchange voice trunks in PSTN, today SIP trunks for IP voice, MPLS uplinks between sites, and 802.1Q trunks carrying multiple VLANs between switches. Trunk security depends on the underlying technology; SIP trunks should use TLS and SRTP at minimum.", "tags": [ "Signaling", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/trunk" }, { "term": "TTC", "expansion": "Telephone Terminal Channel", "definition": "TTC most commonly refers to the Telecommunication Technology Committee, the Japanese telecommunications standards body that contributes to 3GPP and ITU-T work. The acronym is also sometimes used generically for telephone terminal channel concepts in legacy literature; the standards-body meaning dominates in current sources.", "tags": [ "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ttc-telephone-terminal-channel" }, { "term": "TTL", "expansion": "Time To Live", "definition": "Time To Live is a header field that limits how long a packet or record persists. In IP, TTL is decremented at each router hop and the packet discarded at zero, preventing routing loops and enabling traceroute. In DNS, TTL is the validity period of a cached record. TTL values are also useful as security and fingerprinting signals.", "tags": [ "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ttl-time-to-live" }, { "term": "UDP", "expansion": "User Datagram Protocol", "definition": "The User Datagram Protocol, defined in RFC 768, is a minimal, connectionless transport on top of IP that adds only a checksum and source/destination ports. UDP is used by latency-sensitive and broadcast/multicast applications such as DNS, RTP for voice and video, GTP-U in mobile cores, and QUIC/HTTP/3. Its statelessness makes it both efficient and a frequent vector for amplification DDoS (DNS, NTP, memcached), so source-address validation and rate limiting are essential.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/udp-user-datagram-protocol" }, { "term": "UDM", "expansion": "Unified Data Management", "definition": "The Unified Data Management function is the 5G core network function that stores subscription data, generates authentication credentials, manages user identifiers, and supports SMS over NAS. It works closely with the AUSF for authentication and with the UDR (Unified Data Repository) where subscription data is actually persisted. The UDM is the 5G evolution of the HSS/HLR and holds the long-term security material for every subscriber, making it one of the most security-critical functions in the 5G core.", "tags": [ "Core Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/udm-unified-data-management" }, { "term": "UEA", "expansion": "User Equipment Algorithm", "definition": "UMTS Encryption Algorithms are the family of ciphers used to encrypt user data and signalling on the 3G air interface. UEA1 (based on KASUMI) and UEA2 (based on SNOW 3G) are the standardised options, paired with UIA1/UIA2 integrity algorithms. They are negotiated between handset and RNC during connection setup and have so far resisted practical break, though academic attacks against KASUMI exist. Their LTE successors (EEA1/2/3) and 5G successors (NEA1/2/3) follow the same design pattern.", "tags": [ "Security Controls", "Threats and Attacks", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/uea-user-equipment-algorithm" }, { "term": "UMTS", "expansion": "Universal Mobile Telecommunications System", "definition": "Universal Mobile Telecommunications System is the 3GPP-defined 3G standard, originally deployed in 2001-2003. UMTS uses WCDMA on the air interface, supports up to 42 Mbit/s with HSPA+, and was the first generation to introduce mutual authentication between subscriber and network via the USIM and AKA. UMTS is being decommissioned worldwide as operators refarm spectrum for LTE and 5G; remaining deployments must be hardened against well-known SS7 and air-interface attacks.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/umts" }, { "term": "USIM", "expansion": "Universal Subscriber Identity Module", "definition": "The Universal Subscriber Identity Module is the application running on a UICC smart card used by 3G, 4G, and 5G subscribers. Compared with the legacy 2G SIM, the USIM adds mutual authentication between the network and the device (defeating false base station attacks possible against pure GSM SIMs), longer keys, and support for the AKA family of algorithms. The USIM stores the SUPI/IMSI and long-term key K, and performs the cryptographic operations that anchor every modern mobile authentication.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/usim" }, { "term": "UPF", "expansion": "User Plane Function", "definition": "The User Plane Function is the 5G core element that forwards subscriber data packets between the radio access network and external data networks, applies QoS marking, performs packet inspection for charging, and supports lawful interception. It is controlled by the SMF over PFCP. The UPF is the 5G evolution of the 4G SGW/PGW user plane and is typically deployed at the network edge for low-latency use cases, which expands its exposure surface and makes UPF hardening a core 5G security task.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/upf-user-plane-function" }, { "term": "User Plane Security", "expansion": null, "definition": "User plane security covers the controls that protect subscriber data traffic as it traverses the mobile network: ciphering and integrity protection on the radio interface (NEA/NIA in 5G), GTP firewalling on inter-PLMN links, IPsec on backhaul and N3, and access controls at the UPF/PGW. 5G adds optional integrity protection of the user plane all the way to the gNB.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/user-plane-security" }, { "term": "VDSL", "expansion": "Very High Speed Digital Subscriber Line", "definition": "VDSL (and VDSL2) is the high-speed evolution of ADSL, delivering up to about 100 Mbit/s downstream and, with vectoring and G.fast, even higher rates over short copper loops. VDSL is widely used for fibre-to-the-cabinet deployments where the final copper drop runs from a street cabinet to the home.", "tags": [], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vdsl" }, { "term": "VLR", "expansion": "Visitor Location Register", "definition": "The Visitor Location Register is the 2G/3G database, typically co-located with the MSC, that holds the temporary subscriber profile of every device currently attached to that MSC's service area. It receives a copy of relevant HLR data via MAP and is updated as subscribers move and authenticate. VLR data is highly sensitive (TMSI, IMSI, current cell), and many SS7 location-tracking attacks ultimately aim to extract or correlate VLR information.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vlr-visitor-location-register" }, { "term": "VLAN", "expansion": "Virtual Local Area Network", "definition": "A Virtual LAN is a logical Layer-2 network segment overlaid on a physical switched network, defined by IEEE 802.1Q. VLANs let operators isolate traffic — management, voice, guest, IoT — over shared infrastructure. VLAN-hopping attacks (double tagging, switch spoofing) are mitigated by disabling DTP, pruning trunks, and not using VLAN 1 for production traffic.", "tags": [ "Threats and Attacks", "Encryption and Cryptography", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vlan" }, { "term": "VoIP", "expansion": "Voice over IP", "definition": "Voice over IP is the family of technologies for carrying real-time voice and multimedia over IP networks, using SIP for signalling and RTP/SRTP for media. VoIP underpins enterprise telephony, IMS-based VoLTE and VoNR, OTT calling apps, and wholesale interconnect. Its security threats include SIP registration hijacking, eavesdropping when SRTP is not used, INVITE flooding, and toll fraud via PBX compromise. Strong authentication, TLS for SIP, SRTP for media, and STIR/SHAKEN for caller-ID verification are the standard controls.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/voip" }, { "term": "VoLTE", "expansion": "Voice over LTE", "definition": "Voice over LTE delivers voice and video calls over the LTE data bearer using the IMS as the call-control fabric, replacing the legacy circuit-switched MSC. VoLTE supports HD voice, faster call setup, and concurrent voice plus high-speed data. Its security depends on the integrity of IMS components (P/I/S-CSCF), proper SIP authentication, SRTP for media, and IPsec/TLS on the SIP signalling. Misconfigurations have historically allowed IMSI disclosure and call-data extraction, so VoLTE security testing is an established discipline.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/volte" }, { "term": "VPN", "expansion": "Virtual Private Network", "definition": "A Virtual Private Network creates an authenticated and encrypted tunnel between endpoints across an untrusted network, using protocols such as IPsec, WireGuard, OpenVPN, or TLS-based SSL VPN. Operators use VPNs to connect remote sites and admin staff; consumers use them to mask source IP. Strong cipher suites, modern key exchange, and multi-factor authentication are essential for secure deployment.", "tags": [ "Security Controls", "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vpn-virtual-private-network" }, { "term": "VRAN", "expansion": "Virtual Radio Access Network", "definition": "Virtual RAN refers to RAN architectures where baseband processing is implemented as software running on commercial off-the-shelf servers, typically in a centralised data centre, instead of on dedicated radio-site hardware. vRAN improves resource pooling and upgrade speed, but moves cryptographic operations and subscriber traffic onto general-purpose compute, expanding the attack surface to cloud, hypervisor, and orchestration layers. Strong workload isolation, signed images, and hardware-backed key storage are essential controls.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vran" }, { "term": "vSIM", "expansion": "Virtual SIM", "definition": "A virtual SIM is a software implementation of SIM functionality that runs without dedicated tamper-resistant hardware, typically on a smartphone or IoT module. Vendors use vSIMs to enable instant onboarding, multi-IMSI roaming, and devices without a SIM slot. Because the secret key is held in software or in a less hardened secure element than a UICC or iSIM, vSIM security depends heavily on platform protections; GSMA-compliant eSIM/iSIM remain the preferred path for high-assurance deployments.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vsim" }, { "term": "Wangiri Fraud", "expansion": null, "definition": "Wangiri (Japanese for 'one ring and cut') is a fraud where attackers initiate very brief calls to large lists of subscribers from international or premium-rate numbers; victims who call back are charged high termination fees that the fraudster shares. Defences include carrier-side blocking of suspect originating ranges, alerting users to unusual incoming numbers, and consumer-education campaigns.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wangiri-fraud" }, { "term": "WAN", "expansion": "Wide Area Network", "definition": "A Wide Area Network connects sites across regional, national, or global distances, typically using leased lines, MPLS, IPsec VPNs over the internet, or SD-WAN. Operator backbones, enterprise multi-site networks, and cloud interconnects are all WANs. WAN security depends on transport encryption, authentication of peers, and consistent policy enforcement across sites.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wan-wide-area-network" }, { "term": "WCDMA", "expansion": "Wideband Code Division Multiple Access", "definition": "The radio access technology that underpins 3G UMTS networks, standardised by 3GPP. WCDMA spreads each user's signal across a 5 MHz carrier using unique orthogonal codes, allowing many subscribers to share the same frequency simultaneously. It introduced significantly higher data rates than 2G GSM and added mutual authentication between handset and network. WCDMA is being phased out worldwide as operators refarm 3G spectrum for LTE and 5G.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wcdma" }, { "term": "WPA", "expansion": "Wi-Fi Protected Access", "definition": "A family of Wi-Fi security protocols developed by the Wi-Fi Alliance to replace the broken WEP standard. WPA introduced TKIP and per-packet keys; WPA2 adopted AES-CCMP and is the long-time enterprise baseline; WPA3 added Simultaneous Authentication of Equals (SAE) to defeat offline dictionary attacks and forward secrecy for personal mode. Original WPA and WPA2-Personal with weak passphrases remain vulnerable to KRACK and offline cracking, so WPA3 is recommended wherever supported.", "tags": [ "Core Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wpa-wi-fi-protected-access" }, { "term": "WPA2", "expansion": "Wi-Fi Protected Access 2", "definition": "Wi-Fi Protected Access 2 is the IEEE 802.11i-based Wi-Fi security standard introduced in 2004, using AES-CCMP for confidentiality and integrity. WPA2-Enterprise (with 802.1X/EAP and a RADIUS server) remains widely deployed; WPA2-Personal with weak passphrases is vulnerable to offline dictionary attacks and the KRACK protocol-level flaw, both addressed by WPA3.", "tags": [ "Threats and Attacks", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wpa2" }, { "term": "WPA3", "expansion": "Wi-Fi Protected Access 3", "definition": "Wi-Fi Protected Access 3 (Wi-Fi Alliance, 2018) replaces WPA2's weaknesses by using Simultaneous Authentication of Equals (SAE) instead of the four-way handshake, defeating offline dictionary attacks and providing forward secrecy in personal mode. WPA3-Enterprise adds 192-bit cryptography options. WPA3 is the recommended baseline for new deployments.", "tags": [ "Core Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wpa3" }, { "term": "WEP", "expansion": "Wired Equivalent Privacy", "definition": "Wired Equivalent Privacy was the original Wi-Fi security protocol introduced in 1997 and based on the RC4 cipher. Cryptanalytic attacks published from 2001 onwards rendered it broken; the entire keystream can be recovered in minutes. WEP is removed from modern Wi-Fi standards and must never be used; equipment that only supports WEP should be replaced.", "tags": [ "Threats and Attacks", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/wep-wired-equivalent-privacy" }, { "term": "X.25", "expansion": null, "definition": "X.25 is the ITU-T packet-switching protocol from the 1970s that underpinned many early data networks, including financial and government services. While the public X.25 backbones have been retired, X.25 still appears in some legacy industrial and air-traffic control systems, accessed today via X.25-over-IP (XOT) gateways for backward compatibility.", "tags": [ "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/x-25" }, { "term": "X.500", "expansion": null, "definition": "X.500 is the ITU-T family of standards for directory services, of which the most widely used derivative is LDAP (Lightweight Directory Access Protocol). X.509 certificates take their distinguished-name format from the X.500 information model. Pure X.500 directories are rare in modern deployments, but the underlying concepts remain foundational to identity systems.", "tags": [ "Identity and Subscriber", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/x-500" }, { "term": "X.509", "expansion": null, "definition": "X.509 is the ITU-T standard, profiled by IETF in RFC 5280, for the digital certificates that bind a public key to a verified identity. It defines the certificate structure (subject, issuer, validity, extensions), revocation mechanisms (CRL and OCSP), and the chain of trust from a root CA down through intermediates. X.509 underpins TLS/HTTPS, S/MIME email, code signing, mTLS for 5G inter-NF authentication, and SEPP-to-SEPP authentication on the N32 interface.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/x-509" }, { "term": "xDSL", "expansion": "Generic DSL", "definition": "xDSL is the umbrella term for the family of Digital Subscriber Line technologies that deliver broadband over copper telephone pairs, including ADSL, ADSL2+, VDSL, VDSL2, SDSL, and G.fast. xDSL has been progressively replaced by fibre-to-the-home (FTTH) and fixed wireless access, but remains in service in many markets where copper outside-plant is still in use.", "tags": [ "Radio Access Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/xdsl" }, { "term": "XMPP", "expansion": "Extensible Messaging and Presence Protocol", "definition": "Extensible Messaging and Presence Protocol is the IETF XML-based standard (RFC 6120) for near-real-time messaging, presence, and request-response services. It powers federated chat networks, parts of messaging clients (including major consumer chat platforms), gaming and IoT messaging. XMPP supports TLS, SASL authentication, and end-to-end extensions such as OMEMO.", "tags": [ "Security Controls", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/xmpp" }, { "term": "YAML", "expansion": "YAML Ain't Markup Language", "definition": "YAML is a human-readable data serialisation language widely used for configuration files in DevOps tools (Kubernetes manifests, Ansible, GitHub Actions) and increasingly in 5G network function configuration. Its indentation-sensitive syntax is forgiving for humans but historically permissive YAML parsers have enabled supply-chain and code-execution risks, so safe loaders are recommended.", "tags": [ "Core Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/yaml" }, { "term": "Zeroconf", "expansion": "Zero Configuration Networking", "definition": "Zero Configuration Networking is the IETF set of techniques (RFC 3927, mDNS, DNS-SD) that let devices discover each other and obtain network configuration without manual setup or central servers. mDNS broadcasts can leak device names and services across networks, so Zeroconf should be confined to trusted segments.", "tags": [ "Protocols and Standards", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zeroconf" }, { "term": "Zigbee", "expansion": null, "definition": "Zigbee is a low-power, low-data-rate mesh wireless protocol built on IEEE 802.15.4, widely used in home automation, smart lighting, and industrial sensor networks. Zigbee 3.0 supports AES-128 link and network keys, but historical default-key and join-key handling have produced documented security weaknesses in consumer deployments.", "tags": [ "Radio Access Network", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zigbee" }, { "term": "ZIP", "expansion": "Zone Information Protocol", "definition": "Zone Information Protocol was the AppleTalk routing protocol that maintained the mapping between network numbers and human-readable zone names. AppleTalk was retired in macOS 10.6 (2009) and is no longer in commercial use; ZIP appears today only in historical telecom and networking literature.", "tags": [ "Core Network", "Signaling", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zip-zone-information-protocol" }, { "term": "ZRES", "expansion": "Zone Information Protocol Response", "definition": "Zone Information Protocol Response is a legacy AppleTalk message used by routers to reply to ZIP queries about zone names available on a network. It is no longer relevant in modern IP networks but is occasionally referenced in historical documentation and legacy hardware decommissioning.", "tags": [ "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zres" }, { "term": "GRX", "expansion": "GPRS Roaming Exchange", "definition": "A private IP backbone used by mobile operators to exchange GPRS, 3G, and early 4G roaming traffic. GRX carries GTP signalling and user-plane tunnels between visited and home PLMNs, isolated from the public internet for performance and security. It has been progressively superseded by IPX, which adds service-level guarantees and supports Diameter and 5G traffic. GRX has historically been a target for GTP-based attacks because operators often trusted incoming peers implicitly.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/grx-gprs-roaming-exchange" }, { "term": "IPX", "expansion": "IP Packet Exchange", "definition": "The IP Packet eXchange is the GSMA-specified evolution of GRX, providing a managed, SLA-backed IP backbone for inter-operator signalling and user-plane traffic. IPX supports SS7-over-IP (SIGTRAN), Diameter, GTP, SIP, and 5G N32 traffic, and is the recommended transport for 5G roaming. IPX carriers also offer value-added services such as DEA hosting and signalling firewalling.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ipx-ip-packet-exchange" }, { "term": "SIM Swap", "expansion": null, "definition": "A type of fraud where an attacker convinces a mobile operator to transfer a victim's phone number to a new SIM card under the attacker's control. Once successful, the attacker receives all calls and SMS messages intended for the victim, enabling bypass of SMS-based two-factor authentication, account takeover, and financial fraud.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sim-swap" }, { "term": "5G-AKA", "expansion": "5G Authentication and Key Agreement", "definition": "The primary authentication protocol used in 5G networks to mutually authenticate the subscriber and the network. 5G-AKA enhances the security of its predecessors (EPS-AKA, UMTS-AKA) by providing stronger key derivation, home network verification of authentication results, and protection against certain IMSI-catching attacks through the use of SUPI/SUCI concealment mechanisms.", "tags": [ "Roaming and Interconnect", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-aka-authentication-and-key-agreement" }, { "term": "Pentest", "expansion": "Penetration Testing", "definition": "In telecommunications and mobile networks, Penetration Testing is slightly different than in IT. It is related to OT (Operational Technologies) which use exotic OT-specific technologies as well as regular IT technologies (for example Kubernetes in 5G Core Networks). Therefore the pentest audits are conducted by specifically experienced teams. The pentest can be focused on a perimeter such as SS7 Signaling, OAM Administration networks and systems, Billing, Diameter Signaling, Roaming perimeters, or Application perimeters, or it can be more focused on a global security compromise testing goal (in that context it is often referred to as a Red Team Exercise where only the goal counts and the way to compromise it is left to the auditor).", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [ "penetration-testing", "penetration-test" ], "url": "https://glossary.p1sec.com/telcosec-glossary/pentest" }, { "term": "Red Team Exercise", "expansion": null, "definition": "In telecommunications, a Red Team Exercise is an objective-driven adversarial assessment where the auditor is given a target outcome (for example exfiltrate subscriber data, take over a core network function, or disrupt a roaming interface) and is free to choose any technique to reach it. Unlike a scoped pentest, only the goal counts. Red Team Exercises in telecom span signaling, OAM, billing, virtualization layers, and physical sites.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/red-team-exercise" }, { "term": "Vulnerability Assessment", "expansion": null, "definition": "In telecommunications, a Vulnerability Assessment is a structured review of network functions, signaling perimeters, and supporting systems to identify known weaknesses (CVEs, misconfigurations, exposed interfaces) without necessarily exploiting them. It typically combines automated scanning of telecom-specific protocols (SS7, Diameter, GTP, HTTP/2 SBA) with manual review of vendor advisories, 3GPP specifications, and operator configuration baselines.", "tags": [ "Core Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vulnerability-assessment" }, { "term": "Vulnerability Management", "expansion": null, "definition": "In telecom networks, Vulnerability Management is the continuous process of discovering, prioritizing, remediating, and verifying vulnerabilities across radio, core, signaling, OAM, and IT estates. It accounts for telecom-specific constraints such as long vendor patch cycles, change windows tied to roaming partners, and the need to coordinate fixes across 3GPP-defined network functions and interconnect peers.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vulnerability-management" }, { "term": "Threat Hunting (Telecom)", "expansion": null, "definition": "In telecommunications, Threat Hunting is the proactive search for stealthy or low-signal adversary activity that does not trigger existing alerts. In a telecom context this means looking for abnormal MAP, Diameter, GTP, or SBA flows, unexpected NF-to-NF interactions, suspicious global title or PLMN-ID usage, and lateral movement across OAM. It relies on baselining normal signaling behavior and querying telecom-aware telemetry.", "tags": [ "Core Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/threat-hunting-telecom" }, { "term": "Threat Modeling", "expansion": null, "definition": "In telecom networks, Threat Modeling is the structured exercise of identifying assets (subscriber identifiers, signaling interfaces, NF service APIs), enumerating realistic attackers (interconnect peers, roaming partners, insiders, RAN-side adversaries), and mapping how each could compromise confidentiality, integrity, or availability. It guides architecture decisions for SEPP, signaling firewalls, slice isolation, and OAM segmentation.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/threat-modeling" }, { "term": "Hardening", "expansion": null, "definition": "In telecommunications, Hardening is the process of reducing the attack surface of a network function, host, or signaling node by disabling unused services, enforcing least-privilege accounts, applying secure baselines, and configuring protocol-level controls (for example MAP category filtering, GTP-C rate limits, or SBA OAuth2 scope restrictions). Hardening guidelines are published by 3GPP, GSMA SCAS, and vendors.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/hardening" }, { "term": "Patch Management", "expansion": null, "definition": "In telecom networks, Patch Management is the disciplined process of acquiring, testing, and deploying vendor security updates across radio, core, transport, and OSS/BSS systems. Telecom patch management is constrained by carrier-grade availability targets, vendor certification cycles, and interdependencies between network functions, which often makes virtual patching at the signaling firewall a complementary control.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/patch-management" }, { "term": "Risk Assessment", "expansion": null, "definition": "In telecommunications, a Risk Assessment is the evaluation of likelihood and impact of threats against telecom assets such as HLR/HSS/UDM, SS7 and Diameter interconnects, 5G SBA, RAN sites, and OAM. It produces a prioritized risk register used to justify investments in signaling firewalls, IDS, segmentation, and incident response capabilities, and is a building block of frameworks like ISO 27005 and NIST RMF.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/risk-assessment" }, { "term": "Defense in Depth", "expansion": null, "definition": "In telecom networks, Defense in Depth is the layering of independent security controls so that no single failure exposes the network. Typical telecom layers include perimeter signaling firewalls, MAP/Diameter/GTP screening, SEPP at the 5G interconnect, intra-core segmentation, NF-to-NF authentication, OAM bastioning, and detection through a telecom SIEM.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/defense-in-depth" }, { "term": "Zero Trust (Telecom)", "expansion": null, "definition": "In telecommunications, Zero Trust is a security model that assumes no implicit trust between network functions, sites, or peers, and requires continuous verification of identity, posture, and authorization for every interaction. Applied to 5G, it includes mutual TLS between NFs, OAuth2 token validation at the NRF and producer NFs, strict slice isolation, and granular OAM access control.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zero-trust-telecom" }, { "term": "MSSP", "expansion": "Managed Security Service Provider", "definition": "In telecommunications, an MSSP is a third party that operates security controls and monitoring on behalf of an operator. A telecom-specialized MSSP runs signaling IDS/IPS, MAP/Diameter/GTP/SBA monitoring, threat hunting on roaming and interconnect traffic, vulnerability scanning of core and OAM, and incident response across SS7, Diameter, GTP, and 5G perimeters.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mssp" }, { "term": "MDR", "expansion": "Managed Detection and Response", "definition": "In telecom networks, MDR is a service that combines telecom-aware detection (signaling IDS, NF behavior analytics, OAM monitoring) with 24/7 analyst triage and guided response. Unlike a generic IT MDR, a telecom MDR understands SS7, Diameter, GTP, and 5G SBA semantics and can recommend protocol-level mitigations such as MAP category blocking or SEPP policy changes.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mdr-managed-detection-and-response" }, { "term": "XDR", "expansion": "Extended Detection and Response", "definition": "In telecommunications, XDR correlates telemetry from multiple layers (endpoints, OAM hosts, virtualization platforms, signaling probes, NF logs) into a unified detection and response workflow. In a telecom XDR, signaling events such as anomalous SRI-SM, ATI, or N32 traffic are joined with host and identity events to expose multi-stage attacks.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/xdr-extended-detection-and-response" }, { "term": "SOAR", "expansion": "Security Orchestration, Automation and Response", "definition": "In telecom networks, SOAR platforms automate repetitive incident response actions such as enriching a suspicious global title with reputation data, pushing a temporary block to the SS7 or Diameter signaling firewall, opening a ticket with the roaming team, and notifying the SOC. SOAR playbooks help operators respond to high-volume signaling abuse at machine speed.", "tags": [ "Radio Access Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/soar" }, { "term": "MITRE FiGHT", "expansion": "5G Hierarchy of Threats", "definition": "In telecommunications, MITRE FiGHT is a knowledge base of adversary tactics, techniques, and procedures specifically observed or theorized against 5G networks. Modeled after MITRE ATT&CK, it covers RAN, core, MEC, and management plane techniques and is used by operators to map detection coverage and to align red team exercises with realistic 5G threats.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mitre-fight" }, { "term": "MITRE D3FEND", "expansion": null, "definition": "In telecommunications, MITRE D3FEND is a complementary framework to ATT&CK that catalogs defensive countermeasures and the techniques they neutralize. Applied to telecom, it helps map controls such as signaling firewalling, NF authentication, slice isolation, and OAM bastioning to the specific adversary techniques they are designed to defeat.", "tags": [ "Signaling", "Security Controls", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mitre-d3fend" }, { "term": "SBOM", "expansion": "Software Bill of Materials", "definition": "In telecom networks, an SBOM is a machine-readable inventory of the open-source and third-party components that make up a network function, OSS application, or container image. Operators use SBOMs to assess exposure to new CVEs across virtualized 5G core deployments and to satisfy regulatory and supply-chain assurance requirements.", "tags": [ "Radio Access Network", "Core Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sbom" }, { "term": "Tabletop Exercise", "expansion": null, "definition": "In telecommunications, a Tabletop Exercise is a discussion-based simulation in which security, network, roaming, legal, and communications teams walk through a realistic incident scenario such as a large-scale SS7 location tracking campaign or a SEPP compromise. The goal is to validate runbooks, escalation paths, and decision authority without touching production systems.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tabletop-exercise" }, { "term": "Purple Team", "expansion": null, "definition": "In telecommunications, a Purple Team brings the offensive Red Team and the defensive Blue Team together in the same room to iterate on telecom-specific attack and detection scenarios. Typical exercises include emulating MAP-based location tracking, GTP-C abuse, or SBA token misuse and tuning the signaling IDS, SEPP policies, and SIEM correlations in real time.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/purple-team" }, { "term": "Telecom Forensics", "expansion": null, "definition": "In telecommunications, Telecom Forensics is the collection, preservation, and analysis of evidence from signaling captures (SS7, Diameter, GTP, SBA), CDRs, OAM logs, and NF state in support of incident investigation, fraud cases, or lawful proceedings. It requires telecom-specific tooling capable of decoding TCAP, MAP, Diameter AVPs, and HTTP/2 service operations.", "tags": [ "Core Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-forensics" }, { "term": "Chain of Custody", "expansion": null, "definition": "In telecommunications, Chain of Custody is the documented trail proving who collected, handled, transferred, and analyzed a piece of evidence (signaling capture, log file, CDR extract, lawful interception product) and that it has not been altered. A defensible chain of custody is essential for fraud disputes, regulatory reporting, and lawful interception evidence.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/chain-of-custody" }, { "term": "NRF Poisoning", "expansion": null, "definition": "In telecom networks, NRF Poisoning is an attack where an adversary registers forged or manipulated Network Function profiles in the 5G Network Repository Function so that consumer NFs discover and call attacker-controlled producers. It is mitigated by strict mutual TLS, OAuth2 client authentication, NF profile validation, and segmentation of the SBA management plane.", "tags": [ "Radio Access Network", "Core Network", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nrf-poisoning" }, { "term": "SCP Abuse", "expansion": null, "definition": "In telecommunications, SCP Abuse refers to attacks targeting or leveraging the 5G Service Communication Proxy, which mediates traffic between Network Functions. A compromised or misconfigured SCP can observe SBA service calls, alter routing, strip OAuth2 tokens, or pivot between slices, making strict TLS, token validation, and SCP hardening critical.", "tags": [ "Core Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/scp-abuse" }, { "term": "N32 Tampering", "expansion": null, "definition": "In telecom networks, N32 Tampering is the alteration or injection of messages on the 5G inter-PLMN N32 interface between Security Edge Protection Proxies (SEPPs). PRINS (PRotocol for N32 INterconnect Security) uses JOSE-based signing and encryption to mitigate this threat, but misconfigured IPX modifications, weak ciphers, or compromised SEPPs can re-enable tampering.", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/n32-tampering" }, { "term": "GTP-C Spoofing", "expansion": null, "definition": "In telecommunications, GTP-C Spoofing is the forging of GTP control-plane messages (Create Session Request, Delete Session Request, Modify Bearer) on S5/S8/S11 or N4/N11-equivalent interfaces to hijack subscriber sessions, exhaust bearer resources, or trigger billing anomalies. Mitigation relies on GTP firewalls validating source PLMN, IMSI ranges, and TEID consistency.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gtp-c-spoofing" }, { "term": "GTP-U Smuggling", "expansion": null, "definition": "In telecom networks, GTP-U Smuggling is the abuse of GTP user-plane tunnels to carry unauthorized traffic across roaming or interconnect boundaries, for example by encapsulating arbitrary IP traffic to bypass policy or to reach internal management networks. GTP firewalls and UPF policies should restrict TEIDs, source addresses, and inner-payload characteristics.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gtp-u-smuggling" }, { "term": "Diameter Flooding", "expansion": null, "definition": "In telecommunications, Diameter Flooding is a denial-of-service attack that overwhelms a Diameter peer (HSS, MME, PCRF, DRA) with high-rate requests on interfaces such as S6a, S9, or Sh. It can disrupt authentication, policy, and roaming. Defenses include rate limiting at the Diameter Edge Agent, origin-realm whitelisting, and category-based screening.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/diameter-flooding" }, { "term": "SBA Token Forgery", "expansion": null, "definition": "In telecom networks, SBA Token Forgery is the creation, replay, or scope-escalation of OAuth2 access tokens used between 5G Network Functions. A producer NF that does not properly validate the issuer, audience, scope, and signature of an access token can be tricked into serving unauthorized requests, leaking subscriber data or modifying sessions.", "tags": [ "Core Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sba-token-forgery" }, { "term": "Slice Hopping", "expansion": null, "definition": "In telecommunications, Slice Hopping is an attack in which an adversary pivots from one 5G network slice to another that should be logically isolated, for example moving from a public consumer slice into an enterprise or critical-infrastructure slice. Strong slice isolation requires per-slice NF instances or strict policy enforcement at NRF, SCP, AMF, and UPF.", "tags": [ "Radio Access Network", "Core Network", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/slice-hopping" }, { "term": "OAM Compromise", "expansion": null, "definition": "In telecom networks, an OAM Compromise is an intrusion into the Operations, Administration, and Maintenance plane that controls network functions, including EMS/NMS, jump hosts, configuration repositories, and orchestration platforms. OAM compromise can lead to silent re-configuration of HLR/HSS/UDM, signaling firewall bypass, and full network takeover, making OAM segmentation and PAM essential.", "tags": [ "Core Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/oam-compromise" }, { "term": "Smishing", "expansion": null, "definition": "In telecommunications, Smishing is phishing carried out over SMS, in which attackers send messages with malicious links or instructions to harvest credentials, install malware, or trigger fraudulent transactions. Operators mitigate smishing through SMS firewalls, content-based filtering, sender-ID validation, and abuse reporting integrated with the GSMA T-ISAC.", "tags": [ "Radio Access Network", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smishing" }, { "term": "Vishing", "expansion": null, "definition": "In telecommunications, Vishing is voice-based phishing, where attackers use phone calls (often with spoofed caller IDs) to impersonate trusted entities and extract credentials, one-time passwords, or authorize fraudulent actions. STIR/SHAKEN, robocall analytics, and CLI-spoofing controls reduce the credibility of vishing campaigns.", "tags": [ "Security Controls", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vishing" }, { "term": "Lateral Movement (Telecom)", "expansion": null, "definition": "In telecom networks, Lateral Movement is the post-compromise progression of an attacker across systems, for example from an exposed OAM jump host to network function management interfaces, from there to signaling nodes, and then to roaming-facing perimeters. East-west segmentation, PAM, and detection of unusual NF-to-NF or OAM-to-NF flows limit lateral movement.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/lateral-movement-telecom" }, { "term": "Telecom Reconnaissance", "expansion": null, "definition": "In telecommunications, Telecom Reconnaissance is the pre-attack phase where an adversary maps targets such as global title ranges, point codes, PLMN identifiers, exposed signaling endpoints, and reachable Network Functions. Sources include public IR.21 documents, leaked routing data, BGP/IPX observations, and probing of SS7, Diameter, GTP, and SBA interfaces.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-reconnaissance" }, { "term": "3GPP TS 33.501", "expansion": "5G System Security Architecture", "definition": "In telecommunications, 3GPP TS 33.501 defines the security architecture and procedures of the 5G System, including primary authentication (5G-AKA, EAP-AKA'), key hierarchy, SUCI concealment of the subscriber identifier, NF-to-NF authentication and authorization in the SBA, and security on the N32 inter-PLMN interface. It is the foundational normative reference for 5G security.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/3gpp-ts-33-501-5g-system-security-architecture" }, { "term": "GSMA SCAS", "expansion": "Security Assurance Specification", "definition": "In telecom networks, GSMA SCAS (Security Assurance Specification) is a set of test requirements derived from 3GPP SECAM that vendors must meet for each Network Function class (AMF, SMF, UPF, UDM, and others) under the NESAS scheme. SCAS-based assessments give operators evidence-based assurance about the baseline security of the products they deploy.", "tags": [ "Radio Access Network", "Core Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsma-scas" }, { "term": "SECAM", "expansion": "Security Assurance Methodology", "definition": "In telecommunications, SECAM is the 3GPP-defined Security Assurance Methodology that establishes how the security of network products is evaluated, including the structure of Security Assurance Specifications (SCAS), the role of accredited test laboratories, and the audit process operationalized by the GSMA NESAS scheme.", "tags": [ "Radio Access Network", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/secam" }, { "term": "FS.36", "expansion": "5G Interconnect Security Guidelines", "definition": "In telecom networks, GSMA FS.36 provides operator guidelines for securing the 5G interconnect, covering SEPP deployment, PRINS configuration, IPX provider modifications, certificate management, and incident handling between roaming partners. It complements signaling security documents such as FS.07 (SS7), FS.11, and FS.19 (Diameter).", "tags": [ "Signaling", "Roaming and Interconnect", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-36" }, { "term": "GSMA T-ISAC", "expansion": "Telecommunications Information Sharing and Analysis Centre", "definition": "In telecommunications, the GSMA T-ISAC is the industry forum where mobile operators share threat intelligence about signaling abuse, fraud campaigns, IoCs, and emerging vulnerabilities affecting SS7, Diameter, GTP, and 5G. Membership accelerates detection and coordinated response to cross-operator attacks.", "tags": [ "Signaling", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gsma-t-isac" }, { "term": "SCP", "expansion": "Service Communication Proxy", "definition": "In telecommunications, the SCP is a 5G Service-Based Architecture function that mediates HTTP/2 traffic between Network Functions, providing indirect communication, message routing, load balancing, and OAuth2 token handling. Because the SCP sits in the middle of all SBA flows, its hardening (mutual TLS, strict authorization, isolation) is critical to overall 5G security.", "tags": [ "Core Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/scp-service-communication-proxy" }, { "term": "BSF", "expansion": "Binding Support Function", "definition": "In telecom networks, the BSF is a 5G Network Function that maintains bindings between a UE's PDU Session and the PCF instance serving it, enabling consistent policy decisions across the SBA. The BSF is queried by NFs that need to discover the correct PCF for a given subscriber session.", "tags": [ "Core Network", "Identity and Subscriber", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bsf-binding-support-function" }, { "term": "CHF", "expansion": "Charging Function", "definition": "In telecommunications, the CHF is the 5G Network Function responsible for converged online and offline charging. It receives charging events from NFs such as SMF and AMF over the Nchf service interface and produces CDRs consumed by the operator's billing systems.", "tags": [ "Core Network", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/chf-charging-function" }, { "term": "NWDAF", "expansion": "Network Data Analytics Function", "definition": "In telecom networks, the NWDAF is the 5G Network Function that collects data from other NFs, OAM, and external sources to produce analytics and machine-learning insights, including anomaly detection and behavior profiling. NWDAF outputs can drive policy decisions, slice optimization, and security use cases such as detecting compromised UEs.", "tags": [ "Core Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nwdaf" }, { "term": "UDR", "expansion": "Unified Data Repository", "definition": "In telecommunications, the UDR is a 5G Network Function that stores subscription data, policy data, application data, and structured exposure data on behalf of UDM, PCF, and NEF. Access to the UDR is performed through the Nudr service-based interface and is a high-value target for attackers seeking subscriber information.", "tags": [ "Core Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/udr-unified-data-repository" }, { "term": "UDSF", "expansion": "Unstructured Data Storage Function", "definition": "In telecom networks, the UDSF is an optional 5G Network Function that stores and retrieves unstructured data on behalf of any NF, supporting stateless NF designs and high availability through shared state. It is accessed via the Nudsf service interface.", "tags": [ "Core Network", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/udsf" }, { "term": "N3IWF", "expansion": "Non-3GPP Interworking Function", "definition": "In telecommunications, the N3IWF is the 5G Network Function that allows untrusted non-3GPP access (typically Wi-Fi) to connect to the 5G core. It terminates IPsec/IKEv2 tunnels from the UE and exposes the N2 and N3 reference points to AMF and UPF as if the access were 3GPP-native.", "tags": [ "Core Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/n3iwf" }, { "term": "TNGF", "expansion": "Trusted Non-3GPP Gateway Function", "definition": "In telecom networks, the TNGF is the 5G Network Function that enables trusted non-3GPP access (such as operator-controlled Wi-Fi) to attach to the 5G core, providing the equivalent of N3IWF for trusted networks while removing the need for an additional IPsec tunnel from the UE.", "tags": [ "Core Network", "Security Controls", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tngf" }, { "term": "AF", "expansion": "Application Function", "definition": "In telecommunications, the AF is a 5G entity that interacts with the core (typically through the NEF for untrusted AFs, or directly for trusted AFs) to influence traffic routing, request specific QoS, or expose services. AFs include IMS components, MEC applications, and third-party services consuming GSMA Open Gateway APIs.", "tags": [ "Core Network", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/af-application-function" }, { "term": "5G Reference Points", "expansion": null, "definition": "In telecom networks, 5G Reference Points such as N1, N2, N3, N4, N6, N9, and N11 define logical interfaces between the UE, RAN, and core Network Functions. N1 is the NAS link between UE and AMF, N2 carries control plane between RAN and AMF, N3 carries user plane between RAN and UPF, N4 is the SMF-to-UPF interface, N6 connects UPF to data networks, N9 interconnects UPFs, and N11 links AMF and SMF.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-reference-points" }, { "term": "SUPI Concealment", "expansion": null, "definition": "In telecommunications, SUPI Concealment is the 5G mechanism that protects the long-term subscriber identifier (SUPI) on the radio interface by encrypting it into a SUCI using the home network's public key. It prevents passive IMSI-catcher-style identity exposure that affected earlier generations.", "tags": [ "Radio Access Network", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/supi-concealment" }, { "term": "5G-GUTI", "expansion": "5G Globally Unique Temporary Identifier", "definition": "In telecom networks, the 5G-GUTI is a temporary subscriber identifier assigned by the AMF that is used in place of the SUPI on the radio interface to limit identity exposure. Frequent 5G-GUTI reallocation reduces the ability of attackers to track a subscriber over time.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5g-guti-globally-unique-temporary-identifier" }, { "term": "PEI", "expansion": "Permanent Equipment Identifier", "definition": "In telecommunications, the PEI is the 5G equivalent of the IMEI, identifying the mobile equipment itself rather than the subscriber. It is checked by the network (potentially against an EIR) to detect stolen or non-compliant devices.", "tags": [ "Identity and Subscriber", "Internet and Routing", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pei-permanent-equipment-identifier" }, { "term": "GPSI", "expansion": "Generic Public Subscription Identifier", "definition": "In telecom networks, the GPSI is a 5G public-facing identifier used outside the 3GPP system, typically an MSISDN or an external identifier in URI form. It is mapped to the internal SUPI by the UDM and is used by Application Functions and exposure APIs.", "tags": [ "Core Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gpsi" }, { "term": "O-RAN Alliance", "expansion": null, "definition": "In telecommunications, the O-RAN Alliance is an industry consortium defining open, interoperable RAN interfaces and architectures, including the disaggregation of CU, DU, and RU and the introduction of the RIC. Its specifications complement 3GPP and aim to enable multi-vendor radio deployments.", "tags": [ "Radio Access Network", "Protocols and Standards", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/o-ran-alliance" }, { "term": "RIC", "expansion": "RAN Intelligent Controller", "definition": "In telecom networks, the RIC is an Open RAN component that hosts control logic for the radio access network, split into a Non-Real-Time RIC (within the SMO) and a Near-Real-Time RIC. It runs xApps and rApps that optimize radio resource management, mobility, and security policies.", "tags": [ "Radio Access Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ric-ran-intelligent-controller" }, { "term": "xApp", "expansion": null, "definition": "In telecommunications, an xApp is a microservice running on the Near-Real-Time RIC that consumes data and issues control commands to the RAN over the E2 interface, typically with sub-second loops. xApps cover use cases such as traffic steering, anomaly detection, and energy saving.", "tags": [ "Radio Access Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/xapp" }, { "term": "rApp", "expansion": null, "definition": "In telecom networks, an rApp is an application running on the Non-Real-Time RIC within the SMO that performs longer-loop optimization and policy generation for the RAN, typically over the A1 and O1 interfaces. rApps handle tasks such as configuration management, AI-driven optimization, and large-scale analytics.", "tags": [ "Radio Access Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rapp" }, { "term": "O-RAN Interfaces (A1, E2, O1, O2)", "expansion": null, "definition": "In telecommunications, the O-RAN Alliance defines several open interfaces: A1 between Non-RT RIC and Near-RT RIC for policy and ML model lifecycle, E2 between Near-RT RIC and RAN nodes for near-real-time control, O1 between SMO and managed elements for FCAPS, and O2 between SMO and the cloud platform hosting RAN functions. Each interface introduces its own attack surface that must be hardened.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/o-ran-interfaces-a1-e2-o1-o2" }, { "term": "SMO", "expansion": "Service Management and Orchestration", "definition": "In telecom networks, the SMO is the O-RAN management framework that orchestrates RAN network functions, hosts the Non-Real-Time RIC and rApps, and manages the underlying O-Cloud through the O2 interface. It is responsible for configuration, fault, performance, and lifecycle of disaggregated RAN components.", "tags": [ "Radio Access Network", "Core Network", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smo-service-management-and-orchestration" }, { "term": "CU/DU/RU Split", "expansion": null, "definition": "In telecommunications, the CU/DU/RU split refers to the disaggregation of the gNB into a Central Unit (CU) hosting higher-layer protocols, a Distributed Unit (DU) hosting lower-layer real-time processing, and a Radio Unit (RU) handling RF. The split is connected by the F1 interface (CU-DU) and the fronthaul interface (DU-RU), and it underpins virtualized and Open RAN deployments.", "tags": [ "Radio Access Network", "Protocols and Standards", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cu-du-ru-split" }, { "term": "F1 Interface", "expansion": null, "definition": "In telecom networks, F1 is the 3GPP-defined interface between the gNB-CU and gNB-DU in a split RAN architecture. It is split into F1-C for control plane and F1-U for user plane, both typically secured with IPsec or DTLS.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/f1-interface" }, { "term": "Xn Interface", "expansion": null, "definition": "In telecommunications, Xn is the 3GPP-defined interface between two gNBs (or between a gNB and an ng-eNB) used for handover signaling, dual connectivity, and load management. Xn-C carries control plane and Xn-U carries user plane, both protected with IPsec.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/xn-interface" }, { "term": "Carrier Aggregation", "expansion": null, "definition": "In telecom networks, Carrier Aggregation is a radio technology introduced in LTE-Advanced and continued in 5G that combines multiple component carriers (in the same or different bands) to deliver higher peak rates and better spectrum efficiency to a single UE.", "tags": [ "Radio Access Network", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/carrier-aggregation" }, { "term": "DSS", "expansion": "Dynamic Spectrum Sharing", "definition": "In telecommunications, DSS is a technology that allows LTE and 5G NR to share the same spectrum band dynamically, enabling operators to deploy 5G on existing LTE bands without re-farming. The radio scheduler allocates resources between technologies based on demand.", "tags": [ "Radio Access Network", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dss-dynamic-spectrum-sharing" }, { "term": "SUPI Catcher", "expansion": null, "definition": "In telecommunications, a SUPI Catcher is the 5G analog of an IMSI catcher: a rogue base station or man-in-the-middle device that attempts to capture or de-conceal the long-term subscriber identifier. SUPI concealment via SUCI mitigates passive capture, but active downgrade or implementation flaws can still expose the SUPI.", "tags": [ "Radio Access Network", "Signaling", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/supi-catcher" }, { "term": "Bidding-Down Attack", "expansion": null, "definition": "In telecom networks, a Bidding-Down Attack is an active radio attack that forces a UE to attach to an older generation (for example from 5G to 4G or from 4G to 2G) where security mechanisms are weaker. Once the UE is bid down, attackers can leverage known SS7, Diameter, or A5/1 weaknesses.", "tags": [ "Radio Access Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/bidding-down-attack" }, { "term": "AKA Linkability Attack", "expansion": null, "definition": "In telecommunications, an AKA Linkability Attack abuses error responses and replay properties of the Authentication and Key Agreement procedure to determine whether a specific subscriber is present in a cell, even when temporary identifiers are used. It impacts 3G, 4G, and certain 5G scenarios depending on implementation.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/aka-linkability-attack" }, { "term": "Torpedo Attack", "expansion": null, "definition": "In telecom networks, the Torpedo (TRacking via Paging mEssage DistributiOn) attack exploits paging procedures in LTE and 5G to determine whether a victim is in a given location area by triggering and observing paging messages. It can serve as a building block for further identity-disclosure attacks.", "tags": [ "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/torpedo-attack" }, { "term": "Piercer Attack", "expansion": null, "definition": "In telecommunications, the Piercer attack is a research-disclosed technique that, in some LTE deployments, links a victim's IMSI to their TMSI by abusing paging behavior, undermining the temporary-identifier privacy guarantee. It motivated stricter TMSI reallocation and 5G SUCI design.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/piercer-attack" }, { "term": "SS7 Message Categories", "expansion": null, "definition": "In telecom networks, GSMA FS.11 classifies SS7 MAP messages into categories based on whether they should be received from any peer (Category 1), only from a roaming partner where the subscriber is currently roaming (Category 2), or only from the home network itself (Category 3). Signaling firewalls enforce policy by blocking or rate-limiting messages that violate their category context.", "tags": [ "Signaling", "Roaming and Interconnect", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ss7-message-categories" }, { "term": "SMSC Hijacking", "expansion": null, "definition": "In telecommunications, SMSC Hijacking is the abuse of weak interconnect authentication to redirect or inject SMS traffic through an attacker-controlled SMSC, enabling interception of one-time passwords, SMS spoofing, or large-scale spam delivery. SMS Home Routing and SS7 firewalling are key mitigations.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/smsc-hijacking" }, { "term": "Port-Out Fraud", "expansion": null, "definition": "In telecom networks, Port-Out Fraud is the unauthorized transfer of a victim's MSISDN from their current operator to one controlled by the attacker, often using social engineering against customer support. Once ported, the attacker receives the victim's calls and SMS, enabling account takeover of bank, email, and crypto accounts.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/port-out-fraud" }, { "term": "eSIM Profile Theft", "expansion": null, "definition": "In telecommunications, eSIM Profile Theft is the unauthorized provisioning, transfer, or download of an eSIM profile to a device controlled by an attacker, achieved through compromise of the SM-DP+, weak activation codes, or social engineering. It produces effects similar to SIM swap fraud but at the eUICC layer.", "tags": [ "Radio Access Network", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/esim-profile-theft" }, { "term": "Interconnect Bypass Fraud", "expansion": null, "definition": "In telecom networks, Interconnect Bypass Fraud is the practice of routing international voice or SMS traffic to a domestic operator through unauthorized means (such as SIM boxes or OTT-to-PSTN gateways) to evade higher international termination rates, depriving operators and regulators of revenue.", "tags": [ "Roaming and Interconnect", "Identity and Subscriber", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/interconnect-bypass-fraud" }, { "term": "OTT Bypass", "expansion": null, "definition": "In telecommunications, OTT Bypass is a fraud variant where international voice calls are converted by a service provider into Over-The-Top traffic (such as messaging-app calls) and delivered to the destination without crossing the legitimate PSTN, bypassing termination fees.", "tags": [ "Fraud", "Operations and Business", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ott-bypass" }, { "term": "Refile Fraud", "expansion": null, "definition": "In telecom networks, Refile Fraud is the manipulation of the calling party number or routing information so that traffic from a high-rate origin appears to come from a low-rate origin, allowing the carrier to pay lower termination charges while still delivering the call. It distorts settlement between operators.", "tags": [ "Roaming and Interconnect", "Threats and Attacks", "Fraud" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/refile-fraud" }, { "term": "PBX Dial-Through Fraud", "expansion": null, "definition": "In telecommunications, PBX Dial-Through Fraud is the abuse of poorly secured PBX features (default passwords, open DISA, voicemail call-back) to place outbound international or premium-rate calls at the victim's expense. It is closely related to toll fraud and IRSF.", "tags": [ "Threats and Attacks", "Fraud", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pbx-dial-through-fraud" }, { "term": "Subscription Fraud", "expansion": null, "definition": "In telecom networks, Subscription Fraud is the use of fake or stolen identity to obtain mobile services with no intention to pay, often combined with IRSF or SIM-box operations. Identity verification, KYC, and credit-risk scoring at activation are primary defenses.", "tags": [ "Identity and Subscriber", "Fraud", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/subscription-fraud" }, { "term": "Account Takeover (ATO)", "expansion": null, "definition": "In telecommunications, Account Takeover is the unauthorized control of a subscriber or operator-portal account, often achieved via SIM swap, port-out, smishing, or vishing. It enables attackers to intercept SMS-based MFA codes and pivot into banking, email, and crypto accounts.", "tags": [ "Identity and Subscriber", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/account-takeover-ato" }, { "term": "NDR", "expansion": "Network Detection and Response", "definition": "In telecom networks, NDR is a security capability that analyzes network traffic in real time to detect malicious behavior, lateral movement, and data exfiltration, and to support response. A telecom-specific NDR understands signaling protocols (SS7, Diameter, GTP, SBA) and OAM traffic in addition to standard IP traffic.", "tags": [ "Core Network", "Signaling", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ndr-network-detection-and-response" }, { "term": "UEBA", "expansion": "User and Entity Behavior Analytics", "definition": "In telecommunications, UEBA applies behavioral baselines and anomaly detection to users, devices, and Network Functions to surface compromised accounts, abused service tokens, or rogue NF behavior. It complements signature-based detection, especially against insider and supply-chain threats.", "tags": [ "Core Network", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/ueba" }, { "term": "NTA", "expansion": "Network Traffic Analysis", "definition": "In telecom networks, NTA is the discipline of analyzing flow records and full packet captures to understand normal behavior and detect deviations. In a telecom context, NTA includes signaling-protocol decoders so that anomalies in MAP, Diameter, GTP, or SBA can be measured against baselines.", "tags": [ "Core Network", "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nta-network-traffic-analysis" }, { "term": "PCAP", "expansion": "Packet Capture", "definition": "In telecommunications, PCAP refers to the file format and capability of recording network packets verbatim for later analysis. PCAPs of signaling and OAM traffic are essential for telecom incident response, forensics, and tuning of signaling firewalls and IDS rules.", "tags": [ "Signaling", "Security Controls", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/pcap" }, { "term": "DPI", "expansion": "Deep Packet Inspection", "definition": "In telecom networks, DPI is the inspection of packet payloads beyond headers to classify applications, enforce policy, and detect threats. In a telecom context, DPI is also used to decode encapsulated GTP-U traffic and to identify abusive flows on mobile data networks.", "tags": [ "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dpi-deep-packet-inspection" }, { "term": "NetFlow / IPFIX / sFlow", "expansion": null, "definition": "In telecommunications, NetFlow, IPFIX, and sFlow are flow-export protocols that summarize traffic into records (5-tuple, byte and packet counts, timing) for monitoring and security analytics. Operators use them at scale across IP backbones, IPX, and mobile data networks because full packet capture would be prohibitively expensive.", "tags": [ "Signaling", "Roaming and Interconnect", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/netflow-ipfix-sflow" }, { "term": "Sigma Rules", "expansion": null, "definition": "In telecom networks, Sigma is an open, vendor-agnostic detection rule format for log-based events that can be translated into queries for various SIEMs. Telecom SOC teams maintain Sigma rules for OAM access patterns, NF service-call anomalies, and signaling-firewall events to ensure portability of detections.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sigma-rules" }, { "term": "YARA", "expansion": null, "definition": "In telecommunications, YARA is an open pattern-matching engine widely used to identify and classify malware samples and suspicious files. Operators use YARA on artifacts pulled from compromised OAM hosts, NFs, and supply-chain components to recognize known toolkits.", "tags": [ "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/yara" }, { "term": "Suricata", "expansion": null, "definition": "In telecom networks, Suricata is an open-source network IDS/IPS and security monitoring engine that can inspect traffic in real time, parse many protocols, and emit rich logs and alerts. It is commonly deployed at telecom perimeters and inside data centers as a base layer for NDR.", "tags": [ "Security Controls", "Protocols and Standards", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/suricata" }, { "term": "Zeek", "expansion": null, "definition": "In telecommunications, Zeek (formerly Bro) is an open-source network analysis framework that produces high-fidelity protocol logs and supports custom scripting for detection. Telecom SOCs use Zeek to enrich PCAP-derived telemetry with structured per-protocol records feeding SIEM and threat-hunting workflows.", "tags": [ "Radio Access Network", "Signaling", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/zeek" }, { "term": "Telecom Honeypot", "expansion": null, "definition": "In telecom networks, a Telecom Honeypot is a decoy resource (such as an exposed SS7 point code, a fake Diameter peer, an emulated 5G NF, or a tarpit on signaling perimeters) deployed to attract and study attacker activity. Honeypots provide early warning of new techniques and feed indicators back into detection systems.", "tags": [ "Signaling", "Threats and Attacks" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/telecom-honeypot" }, { "term": "Deception Technology", "expansion": null, "definition": "In telecommunications, Deception Technology is the deliberate planting of fake assets (credentials, files, NF instances, signaling endpoints) within the network so that any interaction with them is by definition suspicious. It is highly effective at exposing lateral movement inside the OAM and core perimeters.", "tags": [ "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/deception-technology" }, { "term": "Sinkhole", "expansion": null, "definition": "In telecom networks, a Sinkhole is a controlled destination (typically at the DNS or BGP layer) used to absorb traffic that would otherwise reach malicious infrastructure, allowing operators to neutralize botnet C2 and protect subscribers. Sinkholing is commonly coordinated with CSIRTs and law enforcement.", "tags": [ "Identity and Subscriber", "Threats and Attacks", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/sinkhole" }, { "term": "NIS2 Directive", "expansion": "Network and Information Security Directive 2", "definition": "In telecommunications, NIS2 is the EU directive that strengthens cybersecurity obligations for essential and important entities, including electronic communications providers. It mandates risk management measures, supply-chain security, incident reporting within strict timelines, and executive accountability.", "tags": [ "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/nis2-directive" }, { "term": "EECC", "expansion": "European Electronic Communications Code", "definition": "In telecom networks, the EECC is the EU regulatory framework for electronic communications, consolidating earlier directives and covering market access, end-user rights, spectrum, and security obligations. Article 40 specifically requires providers to manage security risks and report significant incidents.", "tags": [ "Radio Access Network", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/eecc" }, { "term": "CER Directive", "expansion": "Critical Entities Resilience Directive", "definition": "In telecommunications, the CER Directive is the EU framework that complements NIS2 by addressing the physical resilience of critical entities, including telecom infrastructure operators. It requires resilience measures, risk assessments, and incident reporting against non-cyber threats such as natural hazards and physical attacks.", "tags": [ "Threats and Attacks", "Internet and Routing", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/cer-directive" }, { "term": "ENISA", "expansion": "European Union Agency for Cybersecurity", "definition": "In telecommunications, ENISA is the EU agency that supports member states and operators with cybersecurity guidance, including specific technical guidelines on telecom security, 5G risk assessment, and incident reporting harmonization under the EECC and NIS2.", "tags": [ "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/enisa" }, { "term": "BEREC", "expansion": "Body of European Regulators for Electronic Communications", "definition": "In telecom networks, BEREC is the EU body that brings together national regulatory authorities to ensure consistent application of the EU regulatory framework for electronic communications, including aspects of net neutrality, roaming, and security.", "tags": [ "Roaming and Interconnect", "Internet and Routing", "Regulation and Compliance" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/berec" }, { "term": "3GPP Releases (Rel-15 to Rel-19)", "expansion": null, "definition": "In telecommunications, 3GPP organizes its specifications into Releases delivered roughly every 18 months. Rel-15 introduced 5G Phase 1 (NSA and SA), Rel-16 added 5G Phase 2 (URLLC enhancements, NPN, IAB), Rel-17 brought RedCap and NTN, Rel-18 began the 5G-Advanced cycle, and Rel-19 continues 5G-Advanced toward 6G research.", "tags": [ "Signaling", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/3gpp-releases-rel-15-to-rel-19" }, { "term": "ETSI ISG NFV", "expansion": null, "definition": "In telecom networks, the ETSI Industry Specification Group for Network Functions Virtualization defines the architectural framework, MANO components (NFVO, VNFM, VIM), and security guidelines for virtualized network functions. Its specifications underpin the design of virtualized 4G EPC and 5G core deployments.", "tags": [ "Core Network", "Protocols and Standards", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/etsi-isg-nfv" }, { "term": "ETSI ISG MEC", "expansion": null, "definition": "In telecommunications, the ETSI Industry Specification Group for Multi-access Edge Computing standardizes the framework, APIs, and reference architecture for hosting applications close to the radio access. MEC is a key enabler of low-latency services in 5G and introduces specific edge-security considerations.", "tags": [ "Radio Access Network", "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/etsi-isg-mec" }, { "term": "FS.20", "expansion": "GPRS/GTP Security", "definition": "In telecommunications, GSMA FS.20 provides operator guidance on securing the GPRS Tunnelling Protocol on roaming and interconnect interfaces, including recommended GTP firewall behavior, message validation, and rate limiting against GTP-C and GTP-U abuse.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-20" }, { "term": "FS.21", "expansion": "Interconnect Signalling Security Recommendations", "definition": "In telecom networks, GSMA FS.21 consolidates interconnect signaling security recommendations across SS7, Diameter, and GTP for mobile operators, complementing FS.07, FS.11, FS.19, and FS.20 with cross-protocol guidance.", "tags": [ "Core Network", "Signaling", "Roaming and Interconnect" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-21" }, { "term": "FS.31", "expansion": "Baseline Security Controls", "definition": "In telecommunications, GSMA FS.31 defines a set of baseline security controls that mobile operators are expected to implement across their networks and supporting systems, aligned with NIST CSF and ISO 27001 to provide a common reference for assessments.", "tags": [ "Protocols and Standards", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-31" }, { "term": "FS.40", "expansion": "5G Security Guide", "definition": "In telecom networks, GSMA FS.40 is the high-level operator security guide for 5G, covering the SBA, network slicing, virtualization, edge computing, and interconnect, and pointing to detailed documents such as FS.36 for inter-PLMN security.", "tags": [ "Core Network", "Roaming and Interconnect", "Protocols and Standards" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/fs-40" }, { "term": "TM Forum ODA", "expansion": "Open Digital Architecture", "definition": "In telecommunications, the TM Forum Open Digital Architecture is a blueprint and component model for next-generation OSS/BSS, defining standardized building blocks, Open APIs, and security requirements that allow operators to assemble cloud-native digital platforms.", "tags": [ "Protocols and Standards", "Cloud and Virtualization", "Operations and Business" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/tm-forum-oda" }, { "term": "VoNR", "expansion": "Voice over New Radio", "definition": "Voice over New Radio is the 5G-native voice service, equivalent to VoLTE but delivered over the 5G NR radio and 5G Standalone core via IMS. VoNR enables HD+ voice codecs, lower call setup times, and full integration with 5G QoS flows. Its security inherits from IMS (SIP over TLS, SRTP, IMS authentication) plus 5G-specific protections such as SUCI on the NAS layer.", "tags": [ "Radio Access Network", "Core Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vonr" }, { "term": "EPS Fallback", "expansion": null, "definition": "In telecommunications, EPS Fallback is a 5G voice procedure in which a UE attached to 5G is moved to LTE (EPS) for the duration of a voice call when VoNR is not available. It allows operators to deploy 5G data while continuing to rely on VoLTE for voice.", "tags": [ "Radio Access Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/eps-fallback" }, { "term": "CSFB", "expansion": "Circuit-Switched Fallback", "definition": "Circuit Switched Fallback is the 3GPP mechanism (TS 23.272) that lets a 4G-only LTE network deliver legacy circuit-switched voice by temporarily moving the device to 2G/3G for the call. CSFB has higher call-setup latency and lower throughput than VoLTE and is being retired as VoLTE/VoNR coverage matures; it also reintroduces the security exposure of GSM/UMTS for the duration of the call.", "tags": [ "Radio Access Network", "Protocols and Standards", "IoT" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/csfb" }, { "term": "APN", "expansion": "Access Point Name", "definition": "In telecommunications, the APN is the identifier used in 2G/3G/4G networks to determine which external data network a PDP/PDN connection terminates on, along with associated QoS and authentication settings. It is the LTE-era equivalent of the 5G DNN.", "tags": [ "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/apn-access-point-name" }, { "term": "DNN", "expansion": "Data Network Name", "definition": "In telecom networks, the DNN is the 5G identifier (equivalent to the LTE APN) that specifies the external data network a PDU Session connects to, together with the associated S-NSSAI for the slice. SMF and UPF selection depend on the DNN and S-NSSAI combination.", "tags": [ "Core Network", "Security Controls", "Internet and Routing" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/dnn-data-network-name" }, { "term": "5QI", "expansion": "5G QoS Identifier", "definition": "In telecommunications, the 5QI is a scalar value that maps to a set of 5G QoS characteristics such as resource type (GBR or non-GBR), priority level, packet delay budget, and packet error rate. It is the 5G evolution of the LTE QCI and drives radio scheduling and policy enforcement.", "tags": [ "Radio Access Network", "Signaling" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/5qi-5g-qos-identifier" }, { "term": "QCI", "expansion": "QoS Class Identifier", "definition": "In telecom networks, the QCI is the LTE scalar value that selects a standardized set of QoS characteristics applied to a bearer, including resource type, priority, packet delay budget, and packet error rate. Each QCI corresponds to a defined service profile such as conversational voice or streaming video.", "tags": [ "Protocols and Standards", "Encryption and Cryptography" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/qci-qos-class-identifier" }, { "term": "GBR / Non-GBR Bearers", "expansion": null, "definition": "In telecommunications, GBR (Guaranteed Bit Rate) bearers reserve a minimum bit rate end-to-end and are used for services such as voice and real-time video, while Non-GBR bearers are best-effort and used for general data. The bearer type is selected through the QCI in LTE or the 5QI in 5G.", "tags": [ "Radio Access Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/gbr-non-gbr-bearers" }, { "term": "RCS", "expansion": "Rich Communication Services", "definition": "Rich Communication Services is the GSMA-defined IMS-based successor to SMS, providing read receipts, group chat, high-resolution media, and verified business messaging, accessed over Wi-Fi or mobile data. RCS is delivered over SIP/HTTP between the device and the operator's Messaging-as-a-Platform, frequently outsourced to a hyperscaler RCS hub. Security challenges include account takeover via the device's MSISDN binding, end-to-end encryption only being added in recent revisions, and impersonation of unverified senders.", "tags": [ "Signaling", "Identity and Subscriber", "Security Controls" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/rcs-rich-communication-services" }, { "term": "VoWiFi", "expansion": "Voice over Wi-Fi", "definition": "Voice over Wi-Fi delivers carrier voice service through the IMS over a Wi-Fi access network, using an ePDG and IPsec tunnel back into the operator core. Subscribers benefit from indoor coverage in poor-signal areas; security depends on IPsec authentication with EAP-AKA, integrity of the ePDG, and proper IMS access controls. VoWiFi reuses the same MSISDN and IMS identity as VoLTE/VoNR.", "tags": [ "Radio Access Network", "Core Network", "Identity and Subscriber" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/vowifi" }, { "term": "Midhaul", "expansion": null, "definition": "In telecom networks, Midhaul is the transport segment between the Distributed Unit (DU) and the Central Unit (CU) in a split RAN architecture, carrying the F1 interface. Together with fronthaul (DU-RU) and backhaul (CU-Core), it forms the three-tier transport model for disaggregated RAN.", "tags": [ "Radio Access Network", "Core Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/midhaul" }, { "term": "Edge Computing", "expansion": null, "definition": "In telecommunications, Edge Computing is the placement of compute, storage, and applications close to the radio access or aggregation sites to reduce latency and backhaul use. In mobile networks it is realized through MEC, enabling use cases such as industrial automation, AR/VR, and local breakout for enterprise traffic.", "tags": [ "Radio Access Network" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/edge-computing" }, { "term": "MEC Security", "expansion": null, "definition": "In telecom networks, MEC Security covers the controls protecting Multi-access Edge Computing platforms, including isolation between tenant applications, authentication of edge applications to the 5G core (typically as Application Functions), secure exposure APIs, physical security of distributed sites, and integrity of the underlying O-Cloud.", "tags": [ "Core Network", "Security Controls", "Cloud and Virtualization" ], "aliases": [], "url": "https://glossary.p1sec.com/telcosec-glossary/mec-security" } ], "whitepapers": [ { "title": "LTE Pwnage: Hacking HLR/HSS and MME Core", "summary": "Attack surface and exploitation paths against LTE core elements (HSS, MME) — Diameter abuse, subscriber data exfiltration, and operator impact.", "topics": [ "LTE", "Diameter", "HSS", "MME", "Core Network" ], "url": "https://www.p1sec.com/white-paper/lte-pwnage" }, { "title": "Hacking Telco Equipment — The HLR/HSS", "summary": "Reverse engineering, default credentials, OAM exposure and post-exploitation on real telco vendor equipment, with focus on HLR/HSS.", "topics": [ "HLR", "HSS", "Vendor Security", "OAM" ], "url": "https://www.p1sec.com/white-paper/hacking-telco-equipment" }, { "title": "Worldwide attacks on SS7/SIGTRAN networks", "summary": "Global telemetry on SS7/SIGTRAN attack patterns: location tracking, SMS interception, call rerouting, and operator-level mitigations.", "topics": [ "SS7", "SIGTRAN", "Threats and Attacks", "Roaming" ], "url": "https://www.p1sec.com/white-paper/worldwide-attacks-on-ss7-sigtran-network" }, { "title": "Towards Harmonization — EU Telecom Security Regulation", "summary": "Mapping NIS2, ENISA telecom guidance, GSMA and 3GPP into a coherent compliance baseline for European MNOs and MVNOs.", "topics": [ "Regulation", "NIS2", "GSMA", "Compliance" ], "url": "https://www.p1sec.com/white-paper/towards-harmonization" }, { "title": "Attacking GRX — GPRS Roaming eXchange", "summary": "GTP exposure, GRX peering risks, and concrete attacks against the inter-operator data plane underlying mobile roaming.", "topics": [ "GTP", "GRX", "Roaming", "Threats and Attacks" ], "url": "https://www.p1sec.com/white-paper/attacking-grx-gprs-roaming-exchange" }, { "title": "SS7 Attacker Heaven turns into Riot — Paper", "summary": "How filtering, monitoring and category-3 controls turn a once-trivial SS7 attack surface into a hostile environment for adversaries.", "topics": [ "SS7", "Defense", "Monitoring" ], "url": "https://www.p1sec.com/white-paper/ss7-attacker-heaven-turns-into-riot" }, { "title": "SS7 Attacker Heaven turns into Riot — Presentation", "summary": "Slide deck companion to the paper — visual walkthrough of attack categories, telemetry and operator-side countermeasures.", "topics": [ "SS7", "Defense", "Presentation" ], "url": "https://www.p1sec.com/white-paper/ss7-attacker-heaven-turns-into-riot-presentation" }, { "title": "Reverse Engineering — Legality & Telecom Research", "summary": "Legal framework around reverse engineering of telecom equipment and protocols — what researchers and operators can and cannot do.", "topics": [ "Reverse Engineering", "Legal", "Research" ], "url": "https://www.p1sec.com/white-paper/reverse-engineering" }, { "title": "Telecom Signaling Attacks on 3G/LTE Networks", "summary": "Cross-protocol view of 3G and LTE signalling attacks: MAP, Diameter, GTP — discovery, exploitation, and detection signatures.", "topics": [ "3G", "LTE", "Signaling", "Diameter", "MAP" ], "url": "https://www.p1sec.com/white-paper/telecom-signaling-attacks-on-3g-and-lte-networks" } ], "webinars": [ { "title": "TelcoSec Talk #2 — Iran CyberAttacks & APT Landscape", "summary": "Deep dive into Iran-linked APT activity targeting telecom infrastructure — actors, TTPs, and operator implications.", "topics": [ "APT", "Threats and Attacks", "Geopolitics" ], "date": "2026-03", "duration": "1h 45m", "url": "https://watch.getcontrast.io/register/p1-security-telcosec-talk-v2-iran-cyberwar-telecom-infrastructure" }, { "title": "Physical to 5G Core Compromise", "summary": "Chained attack from physical site access to full compromise of a 5G Standalone core. End-to-end kill chain on real-world deployments.", "topics": [ "5G", "Core Network", "Red Team", "Physical Security" ], "date": "2026-02", "duration": "1h 07m", "url": "https://watch.getcontrast.io/register/p1-security-physical-to-5g-core-compromise" }, { "title": "TelcoSec Talk: A Deep Dive", "summary": "Open conversation on the state of telecom security: what attackers are actually doing in 2025 and what defenders keep getting wrong.", "topics": [ "TelcoSec", "Threat Landscape" ], "date": "2025-12", "duration": "59m", "url": "https://watch.getcontrast.io/register/p1-security-telcosec-talk-a-deep-dive" }, { "title": "Top 5G Security Vulnerabilities — Pentest Insights", "summary": "Findings from real 5G penetration tests: SBA misconfigurations, NRF/SCP abuse, SEPP gaps, and N32 weaknesses.", "topics": [ "5G", "Pentest", "SBA", "SEPP" ], "date": "2025-10", "duration": "1h 04m", "url": "https://watch.getcontrast.io/register/p1-security-top-5g-security-vulnerabilities-insights-from-p1-security-pentest-activities" }, { "title": "Exploring O-RAN Security", "summary": "O-RAN attack surface: SMO, RIC, xApps/rApps, and disaggregated interfaces. What O-RAN actually changes for the security model.", "topics": [ "Open RAN", "O-RAN", "RIC", "Radio Access Network" ], "date": "2025-07", "duration": "1h 10m", "url": "https://watch.getcontrast.io/register/p1-security-open-ran" }, { "title": "VKB Series #2", "summary": "Walkthrough of the P1 Vulnerability Knowledge Base — second session, focused on detection and exploitation patterns.", "topics": [ "VKB", "Vulnerability Management" ], "date": "2025-05", "duration": "39m", "url": "https://watch.getcontrast.io/register/p1-security-vkb-series-2" }, { "title": "VKB Series #1", "summary": "Introduction to the P1 Vulnerability Knowledge Base — structure, scoring model, and how operators use it day-to-day.", "topics": [ "VKB", "Vulnerability Management" ], "date": "2025-03", "duration": "35m", "url": "https://watch.getcontrast.io/register/p1-security-vkb-series-1" }, { "title": "Security Risk of International IP-based SIP & SIP IDS", "summary": "Risks introduced by international IP-SIP interconnect and how SIP-aware IDS can — and cannot — mitigate them.", "topics": [ "SIP", "IMS", "Voice Security", "IDS" ], "date": "2025-02", "duration": "1h 05m", "url": "https://watch.getcontrast.io/register/p1-security-security-risk-of-international-ip-based-sip-network-and-effectiveness-of-sip-ids" }, { "title": "GT Leasing — A Security Vulnerability?", "summary": "Why Global Title leasing on SS7 has become an industrial attack vector and what penetration testing reveals about exposure.", "topics": [ "SS7", "GT Leasing", "Roaming", "Threats and Attacks" ], "date": "2025-01", "duration": "1h 10m", "url": "https://watch.getcontrast.io/register/p1-security-penetration-testing-and-gt-leasing" }, { "title": "Aligning NIS2 & TelcoSec Guidelines for 5G", "summary": "How to map NIS2 obligations onto practical 5G security controls without drowning in paperwork.", "topics": [ "NIS2", "Regulation", "5G", "Compliance" ], "date": "2024-10", "duration": "1h", "url": "https://watch.getcontrast.io/register/p1-security-aligning-regulatory-frameworks-such-as-nis2-telcosec-guidelines-for-real-world-5g-security" }, { "title": "Navigating 5G Security Realities (Rerun)", "summary": "Updated rerun of the 5G readiness session — what operators actually deployed vs the hype curve.", "topics": [ "5G", "Operator Strategy" ], "date": "2024-07", "duration": "1h 02m", "url": "https://watch.getcontrast.io/register/p1-security-rerun-navigating-5g-security-realities-readiness-priorities-and-market-insights" }, { "title": "New Release: QCSuper v2.0", "summary": "Launch of QCSuper v2.0 — the open-source Qualcomm baseband sniffing and analysis toolkit.", "topics": [ "QCSuper", "Baseband", "Open Source", "Tooling" ], "date": "2024-03", "duration": "45m", "url": "https://watch.getcontrast.io/register/p1-security-new-release-qcsuper-v2-0" }, { "title": "Fighting Phishing & Smishing SMS at Country Scale", "summary": "Operator and country-level approaches to detecting and stopping SMS phishing and smishing campaigns.", "topics": [ "SMS", "Phishing", "Smishing", "Fraud" ], "date": "2024-03", "duration": null, "url": "https://watch.getcontrast.io/register/p1-security-fighting-phishing-and-smishing-sms-threats-at-operator-and-country-scale" }, { "title": "Discover MobileSecGPT", "summary": "Introduction to MobileSecGPT — P1's domain-tuned LLM assistant for mobile network security teams.", "topics": [ "AI", "MobileSecGPT", "LLM", "Tooling" ], "date": "2024-02", "duration": null, "url": "https://watch.getcontrast.io/register/p1-security-introducing-mobilesecgpt" }, { "title": "Navigating 5G Security Realities (Original)", "summary": "The original 5G readiness session — operator priorities and market reality before the 2024 rerun.", "topics": [ "5G", "Operator Strategy" ], "date": "2023-11", "duration": null, "url": "https://watch.getcontrast.io/register/p1-security-navigating-5g-security-realities-readiness-priorities-and-market-insights" }, { "title": "What is Intrusion Detection for Mobile Network Security?", "summary": "Introduction to IDS in the mobile network context — what it actually means across SS7, Diameter, GTP and SBA.", "topics": [ "IDS", "Detection", "Monitoring" ], "date": "2023-07", "duration": null, "url": "https://watch.getcontrast.io/register/p1-security-what-is-intrusion-detection-for-mobile-network-security" } ], "quizzes": [ { "title": "Signalling 101", "slug": "signalling-101", "description": "Test your grasp of the core mobile signalling protocols: SS7/SIGTRAN, Diameter, and GTP — and the attacks that target them.", "difficulty": "Beginner", "topics": [ "SS7", "SIGTRAN", "Diameter", "GTP", "MAP" ], "url": "https://glossary.p1sec.com/quiz/signalling-101", "questionCount": 10 }, { "title": "5G Core Security", "slug": "5g-core", "description": "From the Service Based Architecture and HTTP/2 to SEPP, NRF and PLMN-to-PLMN N32 — how 5G changes the threat model.", "difficulty": "Intermediate", "topics": [ "5G SBA", "SEPP", "NRF", "AMF", "N32" ], "url": "https://glossary.p1sec.com/quiz/5g-core", "questionCount": 10 }, { "title": "Roaming & Interconnect", "slug": "roaming", "description": "Inter-operator interconnect is where most signalling attacks live. Test your knowledge of GRX/IPX, roaming agreements and GT leasing risk.", "difficulty": "Intermediate", "topics": [ "GRX", "IPX", "Roaming", "GT Leasing", "SS7 Firewall" ], "url": "https://glossary.p1sec.com/quiz/roaming", "questionCount": 10 }, { "title": "TelcoSec Regulation", "slug": "regulation", "description": "From NIS2 in the EU to GSMA Fraud & Security guidelines, this track covers the regulatory landscape every TelcoSec team needs to know.", "difficulty": "Beginner", "topics": [ "NIS2", "EECC", "GSMA FS.11", "GSMA FS.19", "Regulation" ], "url": "https://glossary.p1sec.com/quiz/regulation", "questionCount": 10 }, { "title": "IMS & VoLTE Security", "slug": "ims-volte", "description": "Test your understanding of the IP Multimedia Subsystem and Voice over LTE — the SIP-based call control plane that sits behind every modern mobile call.", "difficulty": "Intermediate", "topics": [ "IMS", "VoLTE", "SIP", "CSCF", "IMS-AKA" ], "url": "https://glossary.p1sec.com/quiz/ims-volte", "questionCount": 10 }, { "title": "Telecom Fraud & SIM Attacks", "slug": "fraud-sim", "description": "From international revenue share fraud to SIM swap and eSIM hijacking, this track covers the fraud and identity attacks that hit operators and subscribers every day.", "difficulty": "Beginner", "topics": [ "IRSF", "Wangiri", "SIM Swap", "eSIM", "CLI Spoofing" ], "url": "https://glossary.p1sec.com/quiz/fraud-sim", "questionCount": 10 }, { "title": "Open RAN Security", "slug": "open-ran", "description": "From the O-RAN Alliance architecture and the RIC to xApps, rApps and the O1/E2/A1 interfaces, test your knowledge of the security challenges of disaggregated, multi-vendor RAN.", "difficulty": "Advanced", "topics": [ "Open RAN", "RIC", "xApp", "rApp", "O-RAN Interfaces" ], "url": "https://glossary.p1sec.com/quiz/open-ran", "questionCount": 10 } ], "trainings": [ { "code": "TS-201", "title": "2G, 3G and SS7 Mobile Network Security", "level": "Intermediate", "durationDays": 3, "summary": "In-depth SIGTRAN, SS7, GPRS and GRX. Attacks against telecom network elements, architecture, and 3GPP releases.", "topics": [ "SS7", "SIGTRAN", "GPRS", "GRX", "Roaming" ], "url": "https://online-training.p1sec.com/course/2g3g-telecom-security-ts-201" }, { "code": "TS-401", "title": "LTE Security and Insecurity", "level": "Advanced", "durationDays": 3, "summary": "Modern 4G LTE networks: EPC architecture, Diameter, security mechanisms and concrete vulnerabilities.", "topics": [ "LTE", "EPC", "Diameter", "S6a" ], "url": "https://online-training.p1sec.com/course/lte-security-ts-270" }, { "code": "TS-501", "title": "5G Telecom Security — hands-on", "level": "Advanced", "durationDays": 3, "summary": "5G key concepts, SBA architecture, implementation choices and the related risks — with hands-on exercises.", "topics": [ "5G", "SBA", "SEPP", "AMF", "SMF" ], "url": "https://online-training.p1sec.com/course/5g-telecom-security-ts-501" }, { "code": "TS-250", "title": "IMS Security", "level": "Intermediate", "durationDays": 3, "summary": "Evolution of legacy telecom into IMS networks; reuse of SIP, RTP and Diameter in the IMS context and security implications.", "topics": [ "IMS", "SIP", "VoLTE", "Diameter" ], "url": "https://online-training.p1sec.com/course/ims" } ] }