Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007.

Similar presentations


Presentation on theme: "The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007."— Presentation transcript:

1 The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007

2 All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Engineering Society | May 2006 Topics We Are Not Winning the Security Challenge Convergence – All Media IP – Will Bring New Challenges Rethink the Approach: Design - Build Trusted Communications Networks An Opportunity: Design In Now or Retrofit Later

3 All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Engineering Society | May 2006 Lots of Data Telling Us…The Current Approach is Not Working: Faster, Stealthier Exploits Mths Dys Wks Avg. exploit in days. Sources: CERT/CC, Symantec, NVD, OSVD DDOS on the Rise SPAM: 8 in 10 s

4 All Rights Reserved © Alcatel-Lucent 2006, ##### 4 | Engineering Society | May 2006 The Challenge: Difficult, Multi-Dimensional, and In Flux Point Prods Point Roles Security un-manageable and no single situation awareness Weak Links Prevalent Inconsistent security applied to network components – un-trusted pieces make… Lack of Universal Standard That addresses security in a comprehensive way – so very difficult to integrate security Data Control & Integrity Data exchange requires better security controls Sophisticated Cyber Crime From phishing and spyware to DDOS and Network Penetration Attacks Reacting to infinite possible sources Ex: polymorphism Blacklist Defenses Ineffective Increasing Network Complexity Increased vulnerability Ex: firewall VOIP sessions Exploitation Window Zero-Day Threat occur faster than we can detect and respond before it impacts business Data Flooding SPAM – SPIT – SPASMS tough to separate wanted info Data Leakage More personal data is online – uncertain protection

5 All Rights Reserved © Alcatel-Lucent 2006, ##### 5 | Engineering Society | May 2006 Convergence – Many Benefits, Many Risks Consume RF b/w Battery drain Identity theft SPIT Scams Deperimiterization Data theft Scams Compromised system integrity Intersection of threats…beyond the reach of the law… Content theft Compromised privacy Scams

6 All Rights Reserved © Alcatel-Lucent 2006, ##### 6 | Engineering Society | May 2006 We Have a Window of Opportunity Design Trusted Communications Networks Now

7 All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Engineering Society | May 2006 It Will Take A Multi-Disciplined Approach Network & Data Integrated Security Eco-System Defenses Design End-to-End Security System (Standards) Hardening Imbed Integrity Attestation

8 All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Engineering Society | May 2006 Design-Build Secure Systems & Services ISO 2700X and X.805/ISO Standards-based approach Security as a systematic, rigorous process Applied to all network elements - system In the Product Development Lifecycle System (Standards) Hardening ISO 2700X Provides the what X.805 & ISO …provides the how details

9 All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Engineering Society | May 2006 Trust Can Be Required… My company can only do business with ISO 2700X certified businesses … Are you certified?

10 All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Engineering Society | May 2006 System Hardening – Standards Based Bell labs Security Framework – Instantiated in ITU/T X.805, ISO InfrastructureServicesApplications End User Control / Signaling Management Layers Planes MODULE 1MODULE 4MODULE 7 MODULE 2MODULE 5MODULE 8 MODULE 3MODULE 6MODULE 9 Access Control Authentication Non-Repudiation Data Confidentiality Comms Security Data Integrity Privacy Availability The X.805 Security Standard

11 All Rights Reserved © Alcatel-Lucent 2006, ##### 11 | Engineering Society | May 2006 ISO/IEC enhanced by ITU-T X.805 / ISO Security Policy Organizing Information Security Human Resources Security Asset Mgmt Physical & Environment Security Access Control Communications & Ops Mgmt Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance ISO/IEC 27001:2005 Controls Specify acceptable use policy for equipment. Sub-controls: Access control, Authentication, Non-repudiation Restrict access to privileged information / applications to ensure service continuity. Sub-Controls: Authentication, Access Control, Non- repudiation Harden network element or system before deployment. Sub-Controls: Access control, Availability Maintain security of stored information. Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non- repudiation

12 All Rights Reserved © Alcatel-Lucent 2006, ##### 12 | Engineering Society | May 2006 Employee Database Enterprise Data Center Module 6: Management Plane of Services Layer Desktop and Laptop Support Help Desk Module 9: Management Plane of Infrastructure Layer Network Operations File System Maint. System Updates Patch Mgmt., etc. Corporate IT Employee Information is accessed for: Network Service Management Network Infrastructure Management Bell Labs Security Framework Dimensions Provide ISO/IEC Control A ISMS Implementation and Operation Details ISO/IEC Controls and X.805 Applied to the Real-World Data Integrity - Use IPSec AH Communications Security - Use VPNs Data Confidentiality - Use IPsec ESP Data Integrity - Protect files w/ checksums Data Confidentiality - Encrypt files Access Control - Use file system ACLs

13 All Rights Reserved © Alcatel-Lucent 2006, ##### 13 | Engineering Society | May 2006 Opportunity…Deliver Secure Systems & Services ISO 2700X and X.805/ISO Security as a systematic, rigorous process Applied to all network elements From device to system, to infrastructure Standards-based System (Standards) Hardening Imbed Integrity Attestation Integrity Attestation Apply integrity metrics Measure at point of Creation, Delivery and in Operation Access policy based on integrity score Perform in real-time

14 All Rights Reserved © Alcatel-Lucent 2006, ##### 14 | Engineering Society | May 2006 The Issue of Integrity Drift Time Confidence IT system confidence degrades from boot time 100% Applications are installed Patches are applied Change and routine maintenance Reformatting and rebuilding from scratch The big unknown … when will it fail, what is the cause, what was lost? (by permission from SignaCert)

15 All Rights Reserved © Alcatel-Lucent 2006, ##### 15 | Engineering Society | May 2006 What if We Could Measure the Integrity…Report it, and Act on It? Time Confidence Confidence is constantly maintained 100% System and Device-level Confidence and Trust Measured and Enforced Restoring to a known and trusted state is easy (by permission from SignaCert)

16 All Rights Reserved © Alcatel-Lucent 2006, ##### 16 | Engineering Society | May 2006 Summary We actually have the know-how to improve the state of security It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems By applying the ISO 2700X with X.805/ISO standards and Integrity Measurements, we can: Baseline the state of security Have a consistent way to measure it Consistent application Completeness Repeatable Scales to size and complexity of present and future networks


Download ppt "The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007."

Similar presentations


Ads by Google