We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAngel Love
Modified over 2 years ago
The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007
All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Engineering Society | May 2006 Topics We Are Not Winning the Security Challenge Convergence – All Media IP – Will Bring New Challenges Rethink the Approach: Design - Build Trusted Communications Networks An Opportunity: Design In Now or Retrofit Later
All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Engineering Society | May 2006 Lots of Data Telling Us…The Current Approach is Not Working: Faster, Stealthier Exploits Mths Dys Wks Avg. exploit in days. Sources: CERT/CC, Symantec, NVD, OSVD DDOS on the Rise SPAM: 8 in 10 s
All Rights Reserved © Alcatel-Lucent 2006, ##### 4 | Engineering Society | May 2006 The Challenge: Difficult, Multi-Dimensional, and In Flux Point Prods Point Roles Security un-manageable and no single situation awareness Weak Links Prevalent Inconsistent security applied to network components – un-trusted pieces make… Lack of Universal Standard That addresses security in a comprehensive way – so very difficult to integrate security Data Control & Integrity Data exchange requires better security controls Sophisticated Cyber Crime From phishing and spyware to DDOS and Network Penetration Attacks Reacting to infinite possible sources Ex: polymorphism Blacklist Defenses Ineffective Increasing Network Complexity Increased vulnerability Ex: firewall VOIP sessions Exploitation Window Zero-Day Threat occur faster than we can detect and respond before it impacts business Data Flooding SPAM – SPIT – SPASMS tough to separate wanted info Data Leakage More personal data is online – uncertain protection
All Rights Reserved © Alcatel-Lucent 2006, ##### 5 | Engineering Society | May 2006 Convergence – Many Benefits, Many Risks Consume RF b/w Battery drain Identity theft SPIT Scams Deperimiterization Data theft Scams Compromised system integrity Intersection of threats…beyond the reach of the law… Content theft Compromised privacy Scams
All Rights Reserved © Alcatel-Lucent 2006, ##### 6 | Engineering Society | May 2006 We Have a Window of Opportunity Design Trusted Communications Networks Now
All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Engineering Society | May 2006 It Will Take A Multi-Disciplined Approach Network & Data Integrated Security Eco-System Defenses Design End-to-End Security System (Standards) Hardening Imbed Integrity Attestation
All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Engineering Society | May 2006 Design-Build Secure Systems & Services ISO 2700X and X.805/ISO Standards-based approach Security as a systematic, rigorous process Applied to all network elements - system In the Product Development Lifecycle System (Standards) Hardening ISO 2700X Provides the what X.805 & ISO …provides the how details
All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Engineering Society | May 2006 Trust Can Be Required… My company can only do business with ISO 2700X certified businesses … Are you certified?
All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Engineering Society | May 2006 System Hardening – Standards Based Bell labs Security Framework – Instantiated in ITU/T X.805, ISO InfrastructureServicesApplications End User Control / Signaling Management Layers Planes MODULE 1MODULE 4MODULE 7 MODULE 2MODULE 5MODULE 8 MODULE 3MODULE 6MODULE 9 Access Control Authentication Non-Repudiation Data Confidentiality Comms Security Data Integrity Privacy Availability The X.805 Security Standard
All Rights Reserved © Alcatel-Lucent 2006, ##### 11 | Engineering Society | May 2006 ISO/IEC enhanced by ITU-T X.805 / ISO Security Policy Organizing Information Security Human Resources Security Asset Mgmt Physical & Environment Security Access Control Communications & Ops Mgmt Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance ISO/IEC 27001:2005 Controls Specify acceptable use policy for equipment. Sub-controls: Access control, Authentication, Non-repudiation Restrict access to privileged information / applications to ensure service continuity. Sub-Controls: Authentication, Access Control, Non- repudiation Harden network element or system before deployment. Sub-Controls: Access control, Availability Maintain security of stored information. Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non- repudiation
All Rights Reserved © Alcatel-Lucent 2006, ##### 12 | Engineering Society | May 2006 Employee Database Enterprise Data Center Module 6: Management Plane of Services Layer Desktop and Laptop Support Help Desk Module 9: Management Plane of Infrastructure Layer Network Operations File System Maint. System Updates Patch Mgmt., etc. Corporate IT Employee Information is accessed for: Network Service Management Network Infrastructure Management Bell Labs Security Framework Dimensions Provide ISO/IEC Control A ISMS Implementation and Operation Details ISO/IEC Controls and X.805 Applied to the Real-World Data Integrity - Use IPSec AH Communications Security - Use VPNs Data Confidentiality - Use IPsec ESP Data Integrity - Protect files w/ checksums Data Confidentiality - Encrypt files Access Control - Use file system ACLs
All Rights Reserved © Alcatel-Lucent 2006, ##### 13 | Engineering Society | May 2006 Opportunity…Deliver Secure Systems & Services ISO 2700X and X.805/ISO Security as a systematic, rigorous process Applied to all network elements From device to system, to infrastructure Standards-based System (Standards) Hardening Imbed Integrity Attestation Integrity Attestation Apply integrity metrics Measure at point of Creation, Delivery and in Operation Access policy based on integrity score Perform in real-time
All Rights Reserved © Alcatel-Lucent 2006, ##### 14 | Engineering Society | May 2006 The Issue of Integrity Drift Time Confidence IT system confidence degrades from boot time 100% Applications are installed Patches are applied Change and routine maintenance Reformatting and rebuilding from scratch The big unknown … when will it fail, what is the cause, what was lost? (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 15 | Engineering Society | May 2006 What if We Could Measure the Integrity…Report it, and Act on It? Time Confidence Confidence is constantly maintained 100% System and Device-level Confidence and Trust Measured and Enforced Restoring to a known and trusted state is easy (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 16 | Engineering Society | May 2006 Summary We actually have the know-how to improve the state of security It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems By applying the ISO 2700X with X.805/ISO standards and Integrity Measurements, we can: Baseline the state of security Have a consistent way to measure it Consistent application Completeness Repeatable Scales to size and complexity of present and future networks
Cyber Security in Evolving Enterprise Environments TechNet International 09 Adrian R Hartman, PhD Senior Manager & Architect LGS Innovations, Bell Labs.
Securing a Virtualized Environment Stefano Alei Senior Systems Engineer.
Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel:
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
E. Gelbstein A. Kamal Information Insecurity Part II: The Solution Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 48.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
E-Procurement for Improving Governance Session 5: Integrity Protection of eProcurement systems A World Bank live e-learning event addressing the design.
Special Security Issues Prof. WB & ADBe-Procurement conference 19th May 2006 Creating Digital Trust For G- e P Beyond PKI & Digital Signatures.
GSC: Standardization Advancing Global Communications Telecommunication Security Herbert Bertine Chairman, ITU-T SG 17 SOURCE:ITU-T TITLE:ITU-T Security.
Trends in Endpoint Security by Richard Lau Trends in Endpoint Security by Richard Lau 29 September 2005.
How to secure an information security environment January 15, 2014 Lance P. Hawk CFE, CGEIT, CISA, CISM, CRISC
Telecommunication Security Herbert Bertine Chairman, ITU-T Study Group 17 SOURCE:ITU-T TITLE:Telecommunication Security AGENDA ITEM: CONTACT: [Insert Document.
© Copyright Ovum. All rights reserved. Ovum is a subsidiary of Informa plc. 1 Addressing “The BYOD Gap” Richard Absalom, Analyst, Consumer Impact Technology.
Field TDM Deck Optimize and Secure Your Core Infrastructure for Midsize Businesses.
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Funded by: Accredit UK Conference, 24 th June 2008 The Heritage Motor Centre.
Principles of Information Security, 3rd Edition 2 Explain what contingency planning is and how incident response planning, disaster recovery planning,
Adding Value to Your e-business with IBM Tivoli Performance & Availability Solutions Manage Your Technology Master Your Business Customer Name Speaker.
Securing your move to VoIP… Luis Eguiagaray, Managing Director Professional Services EMEA Lucent Worldwide Services 15 November 2005, Lisbon.
Security Beyond the Firewall Protecting Information in the Enterprise.
Cloud Security Assessment. 2 CoE IT Leadership.- Progress report Introduction »Cloud computing is an approach in which infrastructure and software resources.
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
1 Kaspersky CCleaner VerbAce WinRar. 2 About VerbAce 2008 Freeware VerbAce 2008 freeware is a translation software with a Arabic-English-Arabic dictionary.
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. Enterprise Information Protection When DLP is Not Enough? Graham.
PCI Boot Camp Presented by the PCI Compliance Task Force.
GSC Global Standards Collaboration GSC#10 28 August – 2 September 2005 Sophia Antipolis, France ITU-T Security Standardization Herb Bertine Chairman ITU-T.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
© 2016 SlidePlayer.com Inc. All rights reserved.