Download presentation
Presentation is loading. Please wait.
1
1 Telstra in Confidence Managing Security for our Mobile Technology
2
2 Telstra in Confidence Security Management Purpose Protection of Assets Protection of Services Prevention of Fraud Overall protection of revenue
3
3 Telstra in Confidence Content 1.Physical Security 2.Infrastructure Security 3.Responding to Emergencies
4
4 Telstra in Confidence Physical Base stations Data centres Network sites Network/Platform Infrastructure Servers Routers Firewalls Two Areas of Security
5
5 Telstra in Confidence Corporate Strategies – Physical Security Managed access –Managing who has the right to access Security monitoring –Monitoring priority sites through cameras and electronic access Fences, keys, alarming –Securing the perimeter to prevent access Site security auditing –Ensuring compliance to security policy Guard monitoring
6
6 Telstra in Confidence The Infrastructure Security Posture ATTACK WORM Every Way In WORM
7
7 Telstra in Confidence Corporate Strategies – Infrastructure Security Establish security policies Security alert methods Dedicated centre of excellence for IT/IP security mgt Vulnerability management processes Security incident management processes Intrusion detection
8
8 Telstra in Confidence Today's Organizational Issues Management of Infrastructure Security Increase of skills in hacking and fraudulent tools and techniques Protecting what you don’t know (understanding the risk) Cost of managing security Ability for organizations to act Complexity of our infrastructure Increasing identification of vulnerabilities Recognition and support by senior management of security management
9
9 Telstra in Confidence Defense in Depth Protect at all levels Focus on depth in setting up defense Apply security technology at all layers Apply security principles and processes at all layers
10
10 Telstra in Confidence Code Red Propagation July 19, midnight - 159 hosts infected
11
11 Telstra in Confidence Code Red Propagation (cont’d) July 19, 11:40 am - 4,920 hosts infected
12
12 Telstra in Confidence Code Red Propagation (cont’d) July 20, midnight - 341,015 hosts infected
13
13 Telstra in Confidence Technical knowledge required Threat Capabilities: More Dangerous and Easier to Use Sophistication of hacker tools Packet Forging/ Spoofing 19901980 Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Sweepers Sniffers Stealth Diagnostics High Low 2000 DDoS Internet Worms
14
14 Telstra in Confidence Type of Crime20022003 Unauthorized Privileged Access $ 106K$322K +300% Financial fraud $ 807K$3.5M +430% Telecommunications Fraud$ 101K$415K +410% Web Defacement$ -$58K - Denial of service $ 181K$397K +220% Virus, Worm, Trojan Infection $ 891K$2.2M +245% Unauthorized Insider Access$ 145K$262K +180% –TOTAL$ 2.2M$7.1M +320% –Compare this to the cost of implementing a comprehensive security solution! Cost of Poor Security Source: 2003 Australian Computer Crime and Security Survey
15
15 Telstra in Confidence Responding to Emergencies
16
16 Telstra in Confidence Business Continuity Plans Business Continuity Plans have been developed for all our strategic sites, Internet Data Centres, and Melbourne and Sydney cable tunnels. Generic Site recovery Process developed for 410 sites and is generic enough to apply to all sites. Critical processes and applications used to support the processes have: –Business Continuity Plans –Application Recovery Plans –Infrastructure Recovery Plans
17
17 Telstra in Confidence Blackout 2003 Scenario in Australia All category 1 and 2 sites have Emergency Power Plant Sites which do not have Emergency Power Plant would run out of battery reserve over a varied period of time Portable generation equipment would not be viable in this scenario due to demands by other community groups and the likelihood of theft. Business Continuity Plans applied to protect services Initiate Serious Incident Mgt Process
18
18 Telstra in Confidence Example - Responding to Fires, Floods, etc The Key is Process How it would work - Example Centralised Serious Incident Mgt Team Sites in affected area monitored Situation monitored Distribution of resources Appropriate activities commissioned Centralised, national command and planning activities
19
19 Telstra in Confidence Conclusion Mobile’s Infrastructure Security mgt expands across both Physical and Logical aspects Corporate strategies to address the growing complexity of security risk in infrastructure Key to any Security or Emergency mgt – Is its management processes Focus on the management of Security Risk with prevention as the priority
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.