We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAngel Love
Modified over 3 years ago
The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007
All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Engineering Society | May 2006 Topics We Are Not Winning the Security Challenge Convergence – All Media IP – Will Bring New Challenges Rethink the Approach: Design - Build Trusted Communications Networks An Opportunity: Design In Now or Retrofit Later
All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Engineering Society | May 2006 Lots of Data Telling Us…The Current Approach is Not Working: Faster, Stealthier Exploits Mths Dys Wks Avg. exploit in days. Sources: CERT/CC, Symantec, NVD, OSVD DDOS on the Rise SPAM: 8 in 10 s
All Rights Reserved © Alcatel-Lucent 2006, ##### 4 | Engineering Society | May 2006 The Challenge: Difficult, Multi-Dimensional, and In Flux Point Prods Point Roles Security un-manageable and no single situation awareness Weak Links Prevalent Inconsistent security applied to network components – un-trusted pieces make… Lack of Universal Standard That addresses security in a comprehensive way – so very difficult to integrate security Data Control & Integrity Data exchange requires better security controls Sophisticated Cyber Crime From phishing and spyware to DDOS and Network Penetration Attacks Reacting to infinite possible sources Ex: polymorphism Blacklist Defenses Ineffective Increasing Network Complexity Increased vulnerability Ex: firewall VOIP sessions Exploitation Window Zero-Day Threat occur faster than we can detect and respond before it impacts business Data Flooding SPAM – SPIT – SPASMS tough to separate wanted info Data Leakage More personal data is online – uncertain protection
All Rights Reserved © Alcatel-Lucent 2006, ##### 5 | Engineering Society | May 2006 Convergence – Many Benefits, Many Risks Consume RF b/w Battery drain Identity theft SPIT Scams Deperimiterization Data theft Scams Compromised system integrity Intersection of threats…beyond the reach of the law… Content theft Compromised privacy Scams
All Rights Reserved © Alcatel-Lucent 2006, ##### 6 | Engineering Society | May 2006 We Have a Window of Opportunity Design Trusted Communications Networks Now
All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Engineering Society | May 2006 It Will Take A Multi-Disciplined Approach Network & Data Integrated Security Eco-System Defenses Design End-to-End Security System (Standards) Hardening Imbed Integrity Attestation
All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Engineering Society | May 2006 Design-Build Secure Systems & Services ISO 2700X and X.805/ISO Standards-based approach Security as a systematic, rigorous process Applied to all network elements - system In the Product Development Lifecycle System (Standards) Hardening ISO 2700X Provides the what X.805 & ISO …provides the how details
All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Engineering Society | May 2006 Trust Can Be Required… My company can only do business with ISO 2700X certified businesses … Are you certified?
All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Engineering Society | May 2006 System Hardening – Standards Based Bell labs Security Framework – Instantiated in ITU/T X.805, ISO InfrastructureServicesApplications End User Control / Signaling Management Layers Planes MODULE 1MODULE 4MODULE 7 MODULE 2MODULE 5MODULE 8 MODULE 3MODULE 6MODULE 9 Access Control Authentication Non-Repudiation Data Confidentiality Comms Security Data Integrity Privacy Availability The X.805 Security Standard
All Rights Reserved © Alcatel-Lucent 2006, ##### 11 | Engineering Society | May 2006 ISO/IEC enhanced by ITU-T X.805 / ISO Security Policy Organizing Information Security Human Resources Security Asset Mgmt Physical & Environment Security Access Control Communications & Ops Mgmt Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance ISO/IEC 27001:2005 Controls Specify acceptable use policy for equipment. Sub-controls: Access control, Authentication, Non-repudiation Restrict access to privileged information / applications to ensure service continuity. Sub-Controls: Authentication, Access Control, Non- repudiation Harden network element or system before deployment. Sub-Controls: Access control, Availability Maintain security of stored information. Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non- repudiation
All Rights Reserved © Alcatel-Lucent 2006, ##### 12 | Engineering Society | May 2006 Employee Database Enterprise Data Center Module 6: Management Plane of Services Layer Desktop and Laptop Support Help Desk Module 9: Management Plane of Infrastructure Layer Network Operations File System Maint. System Updates Patch Mgmt., etc. Corporate IT Employee Information is accessed for: Network Service Management Network Infrastructure Management Bell Labs Security Framework Dimensions Provide ISO/IEC Control A ISMS Implementation and Operation Details ISO/IEC Controls and X.805 Applied to the Real-World Data Integrity - Use IPSec AH Communications Security - Use VPNs Data Confidentiality - Use IPsec ESP Data Integrity - Protect files w/ checksums Data Confidentiality - Encrypt files Access Control - Use file system ACLs
All Rights Reserved © Alcatel-Lucent 2006, ##### 13 | Engineering Society | May 2006 Opportunity…Deliver Secure Systems & Services ISO 2700X and X.805/ISO Security as a systematic, rigorous process Applied to all network elements From device to system, to infrastructure Standards-based System (Standards) Hardening Imbed Integrity Attestation Integrity Attestation Apply integrity metrics Measure at point of Creation, Delivery and in Operation Access policy based on integrity score Perform in real-time
All Rights Reserved © Alcatel-Lucent 2006, ##### 14 | Engineering Society | May 2006 The Issue of Integrity Drift Time Confidence IT system confidence degrades from boot time 100% Applications are installed Patches are applied Change and routine maintenance Reformatting and rebuilding from scratch The big unknown … when will it fail, what is the cause, what was lost? (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 15 | Engineering Society | May 2006 What if We Could Measure the Integrity…Report it, and Act on It? Time Confidence Confidence is constantly maintained 100% System and Device-level Confidence and Trust Measured and Enforced Restoring to a known and trusted state is easy (by permission from SignaCert)
All Rights Reserved © Alcatel-Lucent 2006, ##### 16 | Engineering Society | May 2006 Summary We actually have the know-how to improve the state of security It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems By applying the ISO 2700X with X.805/ISO standards and Integrity Measurements, we can: Baseline the state of security Have a consistent way to measure it Consistent application Completeness Repeatable Scales to size and complexity of present and future networks
Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel:
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch February 4, 2010.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Cyber Security : Indian perspective. 22 Internet Infrastructure in INDIA.
+ Secure C2 Systems Ali Alhamdan, PhD National Information Center Ministry of Interior April 28 th, 2015.
Dell Connected Security Solutions Simplify & unify.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
SEC835 Database and Web application security Information Security Architecture.
Section 4 : Storage Security and Management Lecture 31.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Information Management System Ali Saeed Khan 29 th April, 2016.
Module 2: Designing Network Security. Module Overview Overview of Network Security Design Creating a Network Security Plan Identifying Threats to Network.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 2 Network Security Basics.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Palo Alto Networks Jay Flanyak Channel Business Manager
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,
Empowering People-centric IT User and Device Management Access and Information Protection Microsoft Virtual Desktop Infrastructure.
Computer Security By Duncan Hall. Three protections of information Confidentiality: Ensures that only authorized parties can view the information and.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics SAFE Blueprint Overview Achieving the Balance Defining Customer Expectations Design.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Apply Mitigations Upgrade hosts and domain 2 3 Build full defenses (IPDRR)
Driving Factors Security Risk Mgt Controls Compliance.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Security Controls – What Works Southside Virginia Community College: Security Awareness.
CAT 02/05 Copyright © , CiRBA, Inc. All Rights Reserved. Security and Compliance: Looking Beyond the File Presented By: Andrew.
PC Security Data protection through device lockdown (Group Policy, app mgmt., OSD, compliance) Hardening devices against attack (patch, anti-malware,
System and Network Security Practices COEN 351 E-Commerce Security.
Module 6: Designing Security for Network Hosts. Overview Creating a Security Plan for Network Hosts Creating a Design for the Security of Network Hosts.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Stephen S. Yau CSE , Fall Security Strategies.
© 2017 SlidePlayer.com Inc. All rights reserved.