PDF of this tutorialA comprehensive access mediation system provides a protective barrier against unwanted and inappropriate signaling traffic. The following system requirements are fundamental to ensuring the continued reliability, service quality and security of the SS7 network.
Granular Inspection
Access mediation devices shouldn't be limited to analyzing traffic based on the message header. These devices should be capable of both syntax and content inspection. Syntax inspection ensures each message is properly formatted based on standards and requirements used in the network. Messages that are not coded correctly should not be permitted into the network. Content inspection operates at multiple layers of the protocol stack to validate messages, parameters and their values for compliance with the carrier's policies and agreements. Coupling these two types of analysis gives carriers a strong barrier against traffic that threatens network revenue, security, and integrity.
Figure 2: Syntax and Content Inspection of Each Message
Analyze every message
Access mediation devices must be able to perform a detailed analysis of every message entering and exiting the network. The device should be capable of checking these messages against the service provider's operations policies and interconnect agreements. Using the results of its examination, the access mediation device should have the intelligence to pass, block, modify and/or alert on each message. In addition, the alerting function should have a logging capability that enables messages to be collected for further analysis.
Policy-based enforcement
Access mediation devices should govern how the network can be used through policy-based enforcement. This type of enforcement should be interconnection specific. And each rule should determine how in-depth each message is examined. The level of detail must be configurable since each interconnection may require different levels of analysis depending on the types of traffic it carries.
Network Transparency
To minimize the impact of a new network infrastructure deployment, installation time and effort should be minimal. Therefore, deploying an access mediation device should not require a point code. Access mediation devices should be transparent, in-line devices. This eliminates the need for network re-engineering, enabling rapid deployment.
Access mediation devices should also interoperate with network equipment regardless of the manufacturer or the signaling mode (channel associated or quasi-associated). Vendor-independence allows the same rules to be applied network-wide and custom rules to be applied at specific locations. Signaling mode independence avoids the need for grooming equipment as the non-signaling channels of a T-1/E-1 can be passed through the mediation device.
