Legacy Closed Network (SS7/Diameter) ➔ All-IP Infrastructure (SIP/IMS) ➔ Open to Web-Style Attack Vectors Core Security Pillars Defined by FS.38
Flooding SIP servers to disrupt service availability.
As operators move away from legacy SS7 protocols—which have their own security guidelines like GSMA FS.11 —FS.38 provides the necessary outcome-based principles to handle modern IP-based signaling threats. It ensures that the of communications services are maintained even as networks become more open and interconnected. Interworking Security - GSMA gsma fs.38
As mobile networks transitioned from 2G/3G to 4G and 5G, voice calls shifted from circuit-switched tech to Internet Protocol (IP). This document, often used by SecurityGen for telecom assessments, addresses the unique vulnerabilities created by this shift.
As security expert Silke Holtmanns notes, for professionals entering the field of telecom security, the GSMA recommendations are an excellent starting point because they are written in a concise and understandable way. Interworking Security - GSMA As mobile networks transitioned
The GSMA engineered FS.38 to shift carrier mindsets away from basic fraud prevention toward a comprehensive . The guidelines cover several critical domains: 1. Beyond the Perimeter: Moving Past Basic SBC Reliance
: Guidance on deploying Session Border Controllers (SBCs) and firewalls to monitor and filter SIP traffic. The GSMA engineered FS
: MNOs mistakenly assumed that Border Protection Nodes—such as Session Border Controllers (SBCs)—were impenetrable barriers, rendering internal core nodes safe from exploitation.
It describes specific technical controls to mitigate identified risks, such as packet filtering and protocol validation.
Mobile operators faced a unique problem: A compromised IoT device on their network could be used to: