{"id":325,"date":"2021-09-17T07:07:36","date_gmt":"2021-09-17T07:07:36","guid":{"rendered":"https:\/\/sendpk.com\/blog\/?p=325"},"modified":"2021-12-10T09:36:36","modified_gmt":"2021-12-10T09:36:36","slug":"security-measures-by-all-telecom-operators-sms-aggregators","status":"publish","type":"post","link":"https:\/\/sendpk.com\/blog\/2021\/09\/17\/security-measures-by-all-telecom-operators-sms-aggregators\/","title":{"rendered":"Security Measures by all Telecom Operators\/SMS Aggregators."},"content":{"rendered":"\n<ol class=\"wp-block-list\"><li>It has been observed with grave concern that misleading SMS have beendisseminated to the telecom subscribers, as relevant operators\/ sms aggregators had not employed sufficientsecurity controls to mitigate such threats. Furthermore, some of them are not maintaining required logs.<br><\/li><li>In order to safeguard against such attacks in future, following security measures be included, along with other effective standard security controls by all Telecom operators:<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">No.<\/th><th class=\"has-text-align-left\" data-align=\"left\">Recommendations<\/th><th class=\"has-text-align-right\" data-align=\"right\">Applicable To<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">1<\/td><td class=\"has-text-align-left\" data-align=\"left\">All licensees should manage their servers within Pakistan, as per the license awarded to them, which clearly mentions to establish, maintain and operate in Pakistan.<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">2<\/td><td class=\"has-text-align-left\" data-align=\"left\">Bind static IP addresses with user accounts for API \/ Web portal Access to foreign IP addresses should be blocked through geo-fencing at firewalls.<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">3<\/td><td class=\"has-text-align-left\" data-align=\"left\">Maintain all types of logs including but not limited to Access Log, Events Log, &#8220;Failed&#8221; .<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">4<\/td><td class=\"has-text-align-left\" data-align=\"left\">Login Attempts with complete IP details\u201d and \u201cAPI failed connections\u201d, in accordance with clause 6 (5) of<strong> CTDISR 2000<\/strong>, issued by <strong>PTA<\/strong> .<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">5<\/td><td class=\"has-text-align-left\" data-align=\"left\"><br>Password baselining restrictions be implemented i.e. blocking of account on a limited number of failed attempts.<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">6<\/td><td class=\"has-text-align-left\" data-align=\"left\">Dedicated \/ Managed services of Web Application Firewall (WAF) be used to secure networks from layer 7 attacks.<\/td><td class=\"has-text-align-right\" data-align=\"right\">All Licensees<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">7<\/td><td class=\"has-text-align-left\" data-align=\"left\">Security from roaming SMS links be ensured.<\/td><td class=\"has-text-align-right\" data-align=\"right\">Whoever Providing SMS Service<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">8<\/td><td class=\"has-text-align-left\" data-align=\"left\">Two-factor authentication (2FA) be implemented for all customers on every login to SMS application. An OTP be used for every broadcast message.<\/td><td class=\"has-text-align-right\" data-align=\"right\">SMS Aggregator\/ CMOs<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">9<\/td><td class=\"has-text-align-left\" data-align=\"left\">Weblinks in the SMS content be blocked, as it generally refers to phishing links.<\/td><td class=\"has-text-align-right\" data-align=\"right\"> SMS Aggregator\/ CMOs <\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">10<\/td><td class=\"has-text-align-left\" data-align=\"left\">Personal Data Requests should <strong>not be allowed<\/strong> in the SMS.<\/td><td class=\"has-text-align-right\" data-align=\"right\"> SMS Aggregator\/ CMOs <\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><\/td><td class=\"has-text-align-left\" data-align=\"left\"><\/td><td class=\"has-text-align-right\" data-align=\"right\"><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"1024\" src=\"https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure-670x1024.jpg\" alt=\"\" class=\"wp-image-326\" srcset=\"https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure-670x1024.jpg 670w, https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure-196x300.jpg 196w, https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure-768x1175.jpg 768w, https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure-1004x1536.jpg 1004w, https:\/\/sendpk.com\/blog\/wp-content\/uploads\/2021\/09\/security-measure.jpg 1275w\" sizes=\"auto, (max-width: 670px) 100vw, 670px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>It has been observed with grave concern that misleading SMS have beendisseminated to the telecom subscribers, as relevant operators\/ sms aggregators had not employed sufficientsecurity<\/p>\n","protected":false},"author":1,"featured_media":328,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[14,13,15,16],"class_list":["post-325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-pta-instructions","tag-security-measure","tag-sms-aggregators","tag-sms-services"],"_links":{"self":[{"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/posts\/325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/comments?post=325"}],"version-history":[{"count":1,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/posts\/325\/revisions"}],"predecessor-version":[{"id":327,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/posts\/325\/revisions\/327"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/media\/328"}],"wp:attachment":[{"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/media?parent=325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/categories?post=325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sendpk.com\/blog\/wp-json\/wp\/v2\/tags?post=325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}