2.8.4 Stateful Security Dynamic Learning
The Stateful Security Dynamic Learning feature enables vSTP to create and use a whitelist that is created as part of learning from the validation attempts defined in VLR Validation. This feature is independent of the category of messages but it provides protection against all the messages coming from VLRs that fail the validation and are not part of the created whitelists. A grey list and black list is also created for the VLRs that fail the validation.
Learning is controlled by these modes using a mode parameter in the SFAPPOPTS table:
-
Learn Mode: This mode allows to learn about new VLRs and no validations are performed. The newly learnt VLRs are considered as whitelisted.
Note:
The user can configure the amount of time for which the vSTP operates in Learn mode. The time is configured in SFAPPOPTS table.Hence, the switch from Learn to Test mode can happen either by configuring the timer, or manual switch.
-
Test Mode: This mode validates all the learned VLRs. In case the VLR is not validated, the learnt VLRs remains greylisted and and measurements and alarms are generated.
-
Active Mode : This mode allows validations based on the learned white lists in the system. New VLRs are also learned in this mode.
The status of dynamically learnt VLRs are changed to whitelist or blacklist as per their status.
- OFF Mode: When none of the above modes is active, it is considered as OFF
mode. In this mode, if VLR entry is in whitelist, then no validation is performed
for that VLR.
By default, the OFF mode remains enabled. That means the SFAPP dynamic learning functinality is disabled.
Note:
- In any mode, if VLR is in whitlist table, then it is considered as whitelisted, and the message is forwarded to HLR.
- If user has changed the mode from Learn/Test/Active mode to OFF mode, then the user has to wait for at least 10 mins before switching the mode again to Active/Learn/Test mode.