According to her, deploying IPsec is hard because not all traffic on the IPX network uses the Internet Protocol, and maintaining the kind of large public key infrastructures required by IPsec is costly for operators in developing countries. Nodes are also difficult to upgrade, and then there's the tough question of who should be in charge of creating and hosting the root certificates required by IPsec, which is likely to cause disputes between countries, she said.
And even if IPsec somehow becomes widely used, it still doesn't protect against attacks launched with the help of hacked nodes, rented network access, bribed employees or governmental ties, because these methods abuse legitimate access to the network.
According to the researchers, the best defense is a combination of measures. Operators should monitor the traffic on their networks and the traffic of their tenants and they should filter messages at their DEAs by using signaling firewalls. They should also harden their nodes, share their security experiences with other operators and put business rules in place so they can efficiently deal with misuse.
Sign up for CIO Asia eNewsletters.