All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise) networks  Bertrand Marquet / François Cosquer  Alcatel.

Slides:

Advertisements

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

Advertisements

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Lisa Farmer, Cedo Vicente, Eric Ahlm

The State of Security Management By Jim Reavis January 2003.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Chapter 12 Network Security.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

Term Project Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and server side) Submit a.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

SEC835 Database and Web application security Information Security Architecture.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 FCC-NTIA Joint Advisory Committee on Communications Capabilities of.

Lessons Learned in Smart Grid Cyber Security

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.

Final Presentation CSD200424/05/2004. Integrating services such as TV, Telephony & Internet over the same IP network. One Connection. One Package. One.

Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice

Chapter 6 of the Executive Guide manual Technology.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Note1 (Admi1) Overview of administering security.

Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.

Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

IS3220 Information Technology Infrastructure Security

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Security Management in Practice

CS457 Introduction to Information Security Systems

Information Security Program

Security Engineering.

Security in Networking

RISK MANAGEMENT An Overview: NIPC Model

ISMS Information Security Management System

The University of Adelaide, School of Computer Science

How to Mitigate the Consequences What are the Countermeasures?

Cybersecurity Threat Assessment

Albeado - Enabling Smart Energy

Fundamental Principles of Information Security

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise) networks  Bertrand Marquet / François Cosquer  Alcatel

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 2 Agenda The security challenge Situational awareness by Security Assurance measurement How can security assurance be measured Addressing complexity Illustrations Conclusion / questions

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 3 Security challenge  Deploying new technologies, businesses are faced with challenge of : Reducing possible associated risks With increasing productivity based on confidence in current security functions deployed Security Assurance = confidence / (residual) risks Risks Confidence in counter measures Manage it in an acceptable range (ratio cost/loss) Cost too high Loss too high

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 4 Situational awareness by security assurance measurement  Assurance Measurement is characterized by : Effectiveness of the security countermeasure versus Likelihood of a risk occurrence Security Assurance = confidence / (residual) risks Risks Confidence in counter measures Measurement Cost too high loss too high Effectiveness Likelihood

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 5 How can assurance be measured ?  Mainly, using two systems, sometimes combined, Intrusion Detection System  Measure lack of effectiveness of security function  Generate too much (security) noise Vulnerability assessment / patch management  Measure likelihood of an potential vector of risk based on combination of several thousands identified vulnerabilities  Scalability challenging  Main challenge is to address complexity

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 6 Addressing complexity (1/2): Concepts Ability to assure in operation = F (1/Complexity)  Reduce the complexity to measure the assurance  Selection of points of measurement of the assurance

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 7 Addressing complexity (2/2): One implementation  Reduce selectively the complexity to measure the assurance  Phase 2 Deploy and Calibrate intelligent “probes”  Phase 2 Provide (near) real time associated indicators During operation (require light process)  Phase 1 Spot top 10(-20) “problems” in the topology Before operation (compatible with heavy process)

All rights reserved © 2005, Alcatel (Simplified) Illustration  Wireless / Mobile

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 9 Risk / Topology base station fixed nomadic access controller NMS billing system IP Backbone WiMAX Internet fixed nomadic WiFi Access Points AAA server mobile SIP phone access controller Fixed Threat level High Medium Low

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 10 Low level of security assurance base station fixed nomadic access controller NMS billing system Gateway IP Backbone WiMAX Internet fixed nomadic WiFi Access Points AAA server mobile SIP phone access controller Fixed Assurance Level High = A+B+C Medium = A +B Low = A A A A

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 11 Increased level of assurance + SOX base station fixed nomadic access controller NMS billing system Gateway IP Backbone WiMAX Internet fixed nomadic WiFi Access Points AAA server mobile SIP phone access controller Fixed Assurance Level High = A+B+C Medium = A +B Low = A Regulation specific = R B A A A B B B R

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 12 Security assurance topology B A A A B B R B A A A Metric - Successful / failed auths Calibration Statistics Metric Calibration Metric Calibration Low assurance Higher assurance

All rights reserved © 2005, Alcatel Conclusion

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 14 Conclusion  Security assurance as, a confidence factor, needs to be measured when securing (enterprise) network  Complexity of data and voice networks is a major obstacle to measure the security assurance  We are working on complementary approaches to guaranty effective security in order to protect Intellectual property (Confidentiality, Integrity) Continuity of business (Availability) But also, Justify security (investments) Provide proofs (Regulation/law compliance)  Alcatel has initiated and is involved in several research projects to address those topics Funded Canadian Defense project Funded European Consortium

All rights reserved © 2005, Alcatel

Toronto, May 19th, 2005 Page 16 Security  Reducing risks to an Enterprise Network  “Strategic, Technical” Protection of the intellectual property of the enterprise Business continuity  “Legal” Regulation and legal compliance

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 17 Countermeasures (1/2)   Giving countermeasures of potential threats to assets of the enterprise Incidentals Deliberate Internal/external  Necessary (mandatory) response for regulations compliance SOX, GLBA HIPAA, More to come ….

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 18 Countermeasures (2/2)  Protection mechanisms deployed to guaranty fundamental properties: Confidentiality, Integrity, Availability.  Of data flows through diverse and combined types of measures Preventive, Detective, Reactive.

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 19 Losses vs. costs Manage it in an acceptable range Situational awareness Security assurance $ “security level” Risk costs Risk losses Risk losses + costs

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 20 Phase 1 “Security Reduced” topology One solution is Topology overlay to spot most critical devices, based on vulnerabilities research  So the reduced topology become the top critical devices or functions  Heavy process as a decision support not operation Regulations explicitly describe point of measurement  Traceability from requirements  Assurance required on the identified security enforcing component

All rights reserved © 2005, Alcatel Toronto, May 19th, 2005 Page 21 Phase 2:  Challenges: Define Metrics Heavy process results can be used  to validate metrics and calibrate measurement  To limit false positive / retroaction Visualization with simple indicators Association of security Assurance level  Increase/decrease the requested level of assurance – Change metrics of indicators – Increase/decrease the numbers of indicators