We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAngel Love
Modified over 4 years ago
The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007
All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Engineering Society | May 2006 Topics We Are Not Winning the Security Challenge Convergence – All Media IP – Will Bring New Challenges Rethink the Approach: Design - Build Trusted Communications Networks An Opportunity: Design In Now or Retrofit Later
All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Engineering Society | May 2006 Lots of Data Telling Us…The Current Approach is Not Working: Faster, Stealthier Exploits Mths Dys Wks 200320042005 Avg. exploit in 2005 5.8 days. Sources: CERT/CC, Symantec, NVD, OSVD DDOS on the Rise SPAM: 8 in 10 emails
All Rights Reserved © Alcatel-Lucent 2006, ##### 4 | Engineering Society | May 2006 The Challenge: Difficult, Multi-Dimensional, and In Flux Point Prods Point Roles Security un-manageable and no single situation awareness Weak Links Prevalent Inconsistent security applied to network components – un-trusted pieces make… Lack of Universal Standard That addresses security in a comprehensive way – so very difficult to integrate security Data Control & Integrity Data exchange requires better security controls Sophisticated Cyber Crime From phishing and spyware to DDOS and Network Penetration Attacks Reacting to infinite possible sources Ex: polymorphism Blacklist Defenses Ineffective Increasing Network Complexity Increased vulnerability Ex: firewall VOIP sessions Exploitation Window Zero-Day Threat occur faster than we can detect and respond before it impacts business Data Flooding SPAM – SPIT – SPASMS tough to separate wanted info Data Leakage More personal data is online – uncertain protection
All Rights Reserved © Alcatel-Lucent 2006, ##### 5 | Engineering Society | May 2006 Convergence – Many Benefits, Many Risks Consume RF b/w Battery drain Identity theft SPIT Scams Deperimiterization Data theft Scams Compromised system integrity Intersection of threats…beyond the reach of the law… Content theft Compromised privacy Scams
All Rights Reserved © Alcatel-Lucent 2006, ##### 6 | Engineering Society | May 2006 We Have a Window of Opportunity Design Trusted Communications Networks Now
All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Engineering Society | May 2006 It Will Take A Multi-Disciplined Approach Network & Data Integrated Security Eco-System Defenses Design End-to-End Security System (Standards) Hardening Imbed Integrity Attestation
All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Engineering Society | May 2006 Design-Build Secure Systems & Services ISO 2700X and X.805/ISO 18028 Standards-based approach Security as a systematic, rigorous process Applied to all network elements - system In the Product Development Lifecycle System (Standards) Hardening ISO 2700X Provides the what X.805 & ISO 18028-2 …provides the how details
All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Engineering Society | May 2006 Trust Can Be Required… My company can only do business with ISO 2700X certified businesses … Are you certified?
All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Engineering Society | May 2006 System Hardening – Standards Based Bell labs Security Framework – Instantiated in ITU/T X.805, ISO 18028 InfrastructureServicesApplications End User Control / Signaling Management Layers Planes MODULE 1MODULE 4MODULE 7 MODULE 2MODULE 5MODULE 8 MODULE 3MODULE 6MODULE 9 Access Control Authentication Non-Repudiation Data Confidentiality Comms Security Data Integrity Privacy Availability The X.805 Security Standard
All Rights Reserved © Alcatel-Lucent 2006, ##### 11 | Engineering Society | May 2006 ISO/IEC 27001 enhanced by ITU-T X.805 / ISO 18028-2 Security Policy Organizing Information Security Human Resources Security Asset Mgmt Physical & Environment Security Access Control Communications & Ops Mgmt Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance ISO/IEC 27001:2005 Controls Specify acceptable use policy for equipment. Sub-controls: Access control, Authentication, Non-repudiation Restrict access to privileged information / applications to ensure service continuity. Sub-Controls: Authentication, Access Control, Non- repudiation Harden network element or system before deployment. Sub-Controls: Access control, Availability Maintain security of stored information. Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non- repudiation
All Rights Reserved © Alcatel-Lucent 2006, ##### 12 | Engineering Society | May 2006 Employee Database Enterprise Data Center Module 6: Management Plane of Services Layer Desktop and Laptop Support Help Desk Module 9: Management Plane of Infrastructure Layer Network Operations File System Maint. System Updates Patch Mgmt., etc. Corporate IT Employee Information is accessed for: Network Service Management Network Infrastructure Management Bell Labs Security Framework Dimensions Provide ISO/IEC 27001 Control A.10.9.2 ISMS Implementation and Operation Details ISO/IEC 27001 Controls and X.805 Applied to the Real-World Data Integrity - Use IPSec AH Communications Security - Use VPNs Data Confidentiality - Use IPsec ESP Data Integrity - Protect files w/ checksums Data Confidentiality - Encrypt files Access Control - Use file system ACLs
All Rights Reserved © Alcatel-Lucent 2006, ##### 13 | Engineering Society | May 2006 Opportunity…Deliver Secure Systems & Services ISO 2700X and X.805/ISO 18028 Security as a systematic, rigorous process Applied to all network elements From device to system, to infrastructure Standards-based System (Standards) Hardening Imbed Integrity Attestation Integrity Attestation Apply integrity metrics Measure at point of Creation, Delivery and in Operation Access policy based on integrity score Perform in real-time
All Rights Reserved © Alcatel-Lucent 2006, ##### 14 | Engineering Society | May 2006 The Issue of Integrity Drift Time Confidence IT system confidence degrades from boot time 100% Applications are installed Patches are applied Change and routine maintenance Reformatting and rebuilding from scratch The big unknown … when will it fail, what is the cause, what was lost? (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 15 | Engineering Society | May 2006 What if We Could Measure the Integrity…Report it, and Act on It? Time Confidence Confidence is constantly maintained 100% System and Device-level Confidence and Trust Measured and Enforced Restoring to a known and trusted state is easy (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 16 | Engineering Society | May 2006 Summary We actually have the know-how to improve the state of security It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems By applying the ISO 2700X with X.805/ISO-18028 standards and Integrity Measurements, we can: Baseline the state of security Have a consistent way to measure it Consistent application Completeness Repeatable Scales to size and complexity of present and future networks
Driving Factors Security Risk Mgt Controls Compliance.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel:
Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Agenda What is Compliance? Risk and Compliance Management
CAT 02/05 Copyright © , CiRBA, Inc. All Rights Reserved. Security and Compliance: Looking Beyond the File Presented By: Andrew.
I-Secure Product Overview © 2010 ECC International. All Rights Reserved 1 ECC International PHILIPPINES :: MALAYSIA :: VIETNAM © 2010.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Palo Alto Networks Jay Flanyak Channel Business Manager
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics SAFE Blueprint Overview Achieving the Balance Defining Customer Expectations Design.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
System and Network Security Practices COEN 351 E-Commerce Security.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
© 2018 SlidePlayer.com Inc. All rights reserved.