1 / 17

IP NGN Security Framework

IP NGN Security Framework. Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia mkader@cisco.com. ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009. Geneva, 9(pm)-10 February 2009. Today’s Threats. Yesterday’s

Patman
Download Presentation

IP NGN Security Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP NGN Security Framework Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia mkader@cisco.com ITU-T Workshop on“New challenges for Telecommunication Security Standardizations"Geneva, 9(pm)-10 February 2009 Geneva, 9(pm)-10 February 2009

  2. Today’s Threats Yesterday’s Threats • Geeks and adolescents • Operated alone or with a • small group of friends • Interested in demonstrating • Prowess, gaining notoriety • Targeted individual computers • or applications • Little or no business • Sophistication • Professional hackers • Operating in syndicates or • cooperatives • Interested in extortion, • espionage, or economic gain • Targeting businesses, • governments, and networks • BotNets for Sale… IP NGN SecurityA Paradigm Shift in Miscreant Economy Mischief of course, but mostly money – a miscreant economy has evolved to steal or extort money from attractive targets Scott Borg, Dartmouth College, Institute for Security Technology Studies 2 Geneva, 9(pm)-10 February 2009

  3. IP NGN Secure PlatformWhat is IP NGN Security? Security Policies Business Relevance Security Principals Security Actions Identify Security Operations Visibility Business Goals and Objectives Monitor Correlate Threat and Risk Assessment Harden Control Isolate Threats to Goals and Objectives Security Policies Enforce Describes customer-specific business goals, and the threats to goal attainment Describes the primary Security Principals that are affected by security policies Describes the iterative development and monitoring of security policies Describes essential actions that enable Visibility and Control A hierarchical model for framingsecurity discussions with service providers 3 Geneva, 9(pm)-10 February 2009

  4. Protect Service Revenue Business disruptions due to security events can result in both immediate and long-term loss of revenue • Meet Customer Expectations / Minimize Churn Customers expect safe, private, reliable services, and they’re willing to change operators to get them… • Safeguard Brand Public disclosure of security or privacy breaches can destroy carefully managed marketing campaigns and brand reputation • Regulatory Requirements Adherence Adherence to social and legal requirements for parental control, data retention, and service monitoring is mandated in many markets Business RelevanceBusiness Goals and Objectives Security helps meet all key business goals and objectives for service providers: 4 Geneva, 9(pm)-10 February 2009

  5. Business RelevanceThreats to Business Goals Leads to Risk Analysis Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary. An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G 5 Geneva, 9(pm)-10 February 2009

  6. Developing Security PoliciesRisk Assessment Methodologies IP NGN Security requires the definition of security policies, but is agnostic to the methodologies needed to create them eTOM – enhanced Telecom Operators Map ITIL – Information Technology Infrastructure Library 6 Geneva, 9(pm)-10 February 2009

  7. Developing Security PoliciesMany Methodologies – One Goal Regardless of the risk assessment methodology utilized, the core steps are the same: These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service 7 Geneva, 9(pm)-10 February 2009

  8. IP NGN Security PrinciplesVisibility and Control Security Policies always define a need or means to increase Visibility or Control • Visibility: • Identify subscribers, traffic, applications, protocols, behaviors… • Monitor and record baselines patterns for comparisons to real-time • Collect and correlate data from every source to identify trends, macro events • Classify to allow the application of controls • Control: • Limit access and usage per subscriber, protocol, service, packet… • Protect against known threats and exploits • Authenticate management- and control-plane access / traffic • Isolate subscribers, services, subnets • React dynamically to anomalous events No visibility means no control; no control means no security 8 Geneva, 9(pm)-10 February 2009

  9. IP NGN Security ActionsIncreasing Visibility and Control IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control Identify Monitor Correlate Harden Isolate Enforce These actions, properly taken, enhance service security, resiliency, and reliability – primary goals for subscribers and operators alike 9 Geneva, 9(pm)-10 February 2009

  10. IP NGN Security ActionsIdentify Identifying and assigning trust-levels to subscribers, networks, devices, services, and traffic is a crucial first step to infrastructure security Principal Actions Relevant Technologies • Identify and authenticate subscribers and subscriber devices (where possible) • Associate security profiles with each subscriber and device • Associate network addresses and domain identifiers subscriber devices • Classify traffic, protocols, applications, and services at trust-boundaries • Inspect traffic headers and payloads to identify subscribers, protocols, services, and applications • Authentication, Authorization, and Accounting (AAA) Servers • Extensible Authentication Protocols • Deep Packet Inspection • Network-Base Application Recognition • Service Control Engines / Application Performance Assurance • DNS / DHCP Servers • Service / Subscriber Authenticators • Service Gateways • Signaling Gateways • Session Border Controllers Identify Monitor Correlate Harden Isolate Enforce 10 Geneva, 9(pm)-10 February 2009

  11. IP NGN Security ActionsMonitor Any device that touches a packet or delivers a service can provide data describing policy compliance, subscriber behavior, and network health Principal Actions Relevant Technologies • Gather performance- and security-relevant data inherent to routers and switches • Log transactional and performance data at access and service gateways • Link IP traffic with specific subscribers devices, and origins whenever possible • Deploy protocol-, traffic-, and service-inspection for reporting and detection • Develop behavior baselines for comparison to real-time measurements • Employ command / change accounting • Netflow • SNMP / RMON / SysLog • Network / Traffic Analysis Systems • Intrusion Detection Systems • Virus- / Message-Scanning Systems • Deep Packet Inspection • Packet Capturing Tools • SPAN / RSPAN • Authentication, Authorization, and Accounting (AAA) Servers • DHCP / DNS Servers Identify Monitor Correlate Harden Isolate Enforce 11 Geneva, 9(pm)-10 February 2009

  12. IP NGN Security ActionsCorrelate Important macro trends and events can often go unrecognized until other numerous – seemingly unrelated – events are correlated Principal Actions Relevant Technologies • Assure time synchronization throughout network and service infrastructures • Collect and collate data from distributed, disparate monitoring services • Analyze and correlate data to identify trends and macro-level events • Security Information Management Systems (SIMS) • Netflow Analysis Systems • Event Correlation Systems • Behavioral Analysis Systems • Anomaly Detection Systems Identify Monitor Correlate Harden Isolate Enforce 12 Geneva, 9(pm)-10 February 2009

  13. IP NGN Security ActionsHarden Hardening is the application of tools and technologies to prevent known – or unknown – attacks from affecting network or service infrastructures Principal Actions Relevant Technologies • Deploy layered security measures – defense-in-depth • Authenticate control-, and management-plane traffic • Authenticate and limit management access to devices, servers, and services • Prevent Denial of Service (DoS) attacks – state attacks, resource exhaustion, protocol manipulation, buffer overflows... • Validate traffic sources to prevent spoofing • Access Control Lists • Authentication, Authorization, and Accounting (AAA) systems • Reverse-Path Forwarding Checks • Control-Plane Policing • Role-based control interfaces • Memory and CPU thresholds • Intrusion Detection Systems • High-Availability Architectures • Load Balancing Identify Monitor Correlate Harden Isolate Enforce 13 Geneva, 9(pm)-10 February 2009

  14. IP NGN Security ActionsIsolate Isolating is a critical design practice then helps prevent access to critical resources, protect data, and limit the scope of disruptive events Principal Actions Relevant Technologies • Limit and control access to (and visibility into) transport-, operations-, and service-delivery infrastructures • Prevent visibility and access between different services, customers… • Create network zones to isolate based on functionality – DNS, network management, service delivery, access… • Define strict boundaries between networks, operational layers, and services of different trust-levels • Encrypt sensitive traffic to prevent unauthorized access • Virtual Private Networks • Virtual Routing and Forwarding • Route Filtering • Routing Protocol / Transport Boundaries • Firewalls • IPSec and SSL Encryption • Out-of-Band Management • Demarcation / Functional Separation Zones • Access Control Lists Identify Monitor Correlate Harden Isolate Enforce 14 Geneva, 9(pm)-10 February 2009

  15. IP NGN Security ActionsEnforce Shaping the behavior of subscribers, traffic, and services, as well as the mitigation of detected security events are the primary goals of enforcement Principal Actions Relevant Technologies • Prevent the entry and propagation of known exploits – viruses, worms, SPAM • Identify and mitigate anomalous traffic, events, and behaviors • Detect and prevent address spoofing • Limit subscribers and traffic to authorized networks, services, and service-levels • Shape and police traffic the assure compliance with established service level agreements • Identify and quench unauthorized protocols, services, and applications • Firewalls • Intrusion Prevention Systems • Remotely Triggered Black Holes • Service Control Engines • Traffic Classifiers, Policers, and Shapers • Virus and Message Filtering Systems • Anomaly Guards / Traffic Filters • Quarantine Systems • Policy Enforcement Points (Routers, Access Gateways, Session Border Controllers) Identify Monitor Correlate Harden Isolate Enforce 15 Geneva, 9(pm)-10 February 2009

  16. IP NGN SecurityImplementation and Operations IP NGN Security defines the actions and technologies to be implemented and operated by an organization The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence 16 Geneva, 9(pm)-10 February 2009

  17. IP NGN SecuritySummary Security Policies Business Relevance Security Principals Security Actions Identify Security Operations Visibility Business Goals and Objectives Monitor Correlate Threat and Risk Assessment Harden Control Isolate Threats to Goals and Objectives Security Policies Enforce Describes customer-specific business goals, and the threats to goal attainment Describes the primary Security Principals that are affected by security policies Describes the iterative development and monitoring of security policies Describes essential actions that enable Visibility and Control Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability. 17 Geneva, 9(pm)-10 February 2009

More Related