1 Introduction
The Security Guide provides an overview of the security relevant information that applies to Cloud Native Core Network Functions. In case there are specific aspects for the underlying scenarios or applications, these are described in an NF specific chapters. This document contains recommendations (short statements on how to operate and manage the CNC software) and procedures (step-by-step instructions) to assist the customer in tailoring or hardening the CNC system.
Install the CNC system software as "secure by default" where possible. In the few cases where this isn't possible, an installation time checklist procedure is created and listed on the Cloud Native Core Security Checklist. It is a short list of post-installation hardening activities that must be performed by the customer before placing the system into operation. The recommendations and other procedures found in this document are optional, and must be considered in the context of your organization's approved security policies.
This security guide also provides a simplified trust model for the system.
References
The following references provide additional background on product operations and support:
- Oracle Communications Signaling, Cloud Native Environment (OC-CNE) Installation Guide
- Cloud Native Core Console (CNCC) Installation Guide
- Network Slice Selection Function (NSSF) Cloud Native Installation Guide
- Service Communication Proxy (SCP) Cloud Native Installation Guide
- Cloud Native Core Policy Installation Guide
- Cloud Native Unified Data Repository (UDR) Installation and Upgrade Guide
- Network Repository Function (NRF) Cloud Native Installation and Upgrade Guide
- Security Edge Protection Proxy (SEPP) Cloud Native Installation Guide
Acronyms
Table 1-1 Acronyms
| Term | Definition |
|---|---|
| OSSA | Oracle Software Security Assurance |
| OC-CNE | Oracle Communications CNE |
| NF | Network Function. A service providing some function in the 5G Core Network. |
| NRF | Network Repository Function |
| SCP | Service Communication Proxy |
| NSSF | Network Slice Selection Function |
| SEPP | Security Edge Protection Proxy |
| PCF | Policy Control Function |
| BSF | Binding Support Function |
| cnDRA | Cloud Native Diameter Routing Agent Network |
| CNE | Cloud Native Environment |
| 5GC | 5G Core Network |
| PKI | Public Key Infrastructure |
| mTLS | Mutual Transport Layer Security |
| OWASP | Open Source Foundation for Application Security |
| UDR | Unified Data Repository |
| CNCC | Cloud Native Core Console |