1 / 17

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347. Charter of FG1B. Generate Best Practices for cybersecurity Telecommunications sector Internet services Propose New Actions (if needed) Deliverables

aaron-velazquez
Download Presentation

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347

  2. Charter of FG1B • Generate Best Practices for cybersecurity • Telecommunications sector • Internet services • Propose New Actions (if needed) • Deliverables • December 2002 – prevention (105 BPs) • March 2003 – recovery (45 BPs) • Have made all deliverables, complete and on-time

  3. Composition and Organization • Members include security officers, VPs, directors managers and subject matter experts (SMEs) • Members also include various U.S. Government agencies such as US DoC, U.S. DoD, U.S. DoJ, FCC, Federal Reserve, etc. • Group is divided into 8 working teams, each with a team leader volunteer to generate BPs for a given subject area

  4. FG1B Teams • Fundamentals & Architecture • OAM&P (operations, administration, maintenance and provisioning) • AAA (authentication, accounting, audit) • Services • Signaling • Personnel • Users • Incidents

  5. Guidance on Cybersecurity Best Practices • Current list of best practices (BPs) are constrained by what can be implemented • Recommended BPs are considered implementable due to expert experience from the team • Not all BPs are appropriate for all service providers or architectural implementations • The BPs are not intended for mandatory regulatory efforts • There will continue to exist security conditions that will require development of technologies and techniques that are not currently practical or available to solve the security issues they create. Focus group is working on recommendations for inclusion in final report. • This is a moving target that will require continual refinement, additions and improvement

  6. Driving Principles in Cyber Security Best Practices • Capability Minimization • Allow only what is needed re: services, ports, addresses, users, etc. • Disallow everything else • Partitioning and Isolation • Defense in Depth • Aka “belt & suspenders” • Application, host and network defenses • KISS • Complexity makes security harder • General IT Hygiene • Backups, change control, privacy, architectures, processes, etc. • Avoid Security by Obscurity • A proven BAD IDEA™

  7. The Past

  8. The Present Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html

  9. Prevention Best Practices Deliverable (December 2002) • Composed of 103 best practices for preventing cybersecurity “events” • Includes • BP number • Title • Best practice for prevention • If any: reference and dependencies on other BPs • Implementors

  10. Example of Prevention Best Practice for Cybersecurity

  11. Cybersecurity Recovery BPs • 45 delivered per charter • Most are more technical than preventative • Some are focused on known issues • Extensive work on incident response • Some items too extensive for BPs are included as appendices to the recovery BPs • Not a one-to-one match to prevention BPs • Not all prevention BPs will stop incidents due to the nature of technologies used

  12. Real World Application Example: January 25, 2003, “Slammer” Worm Attack • FG1B Prevention BPs that apply • 6-6-8000 “Disable Unnecessary Services” • 6-6-8008 “Network Architecture Isolation/Partitioning” • 6-6-8015 “Segmenting Management Domains” • 6-6-8020 “Security HyperPatching” • 6-6-8032 “Patching Practices” • 6-6-8034 “Software Patching Policy” • 6-6-8037 “System Inventory Maintenance “ • 6-6-8039 “Patch/Fix Verification” • 6-6-8041 “Prevent Network Element Resource Saturation” • 6-6-8071 “Threat Awareness” • 6-6-8074 “Denial of Service Attack – Target” • 6-6-8091 “Validate source addresses”

  13. What “Slammer” Did… • Originated in Asia at 12:30am 1-25-03 • Very small, very high propagation rate • Attacked MS SQL installations • Patch was available in July 2002 • Affected SQL Server and MSDE installs • Did not affect sites that used general BP concept of “turn it off if not needed” • Sites that disabled UDP 1433 & 1434 did not allow propagation to network • Took 3 days to effectively kill it off

  14. Some “Slammer” Lessons • Rapid propagation time • Code Red in 2001 took many hours (self replication in 37 minutes on average) • Slammer estimates are 8 minutes (self replication was almost immediate) • Payload was very small and efficient • From original demo code of the problem written last July, very compact • Payload was NIL, but easily could have been very, very UGLY • Companies that followed appropriate FG1B BPs NOW were unaffected by Slammer

  15. What Does this Mean? • Prevention of cyberattack is cheaper • Maintain SLAs, avoid penalties • Maintain reliability of connectivity • Reduce manpower costs • Consistent service and delivery • Increase customer satisfaction • Reduce support costs • Reduce negative PR burden • Many others…

  16. Next Steps • Evangelism efforts for FG1B BPs • Trade shows • Speeches and conferences • Internal efforts • Publications and interviews • Update of BPs later in 2003 • Comments back from ballot efforts • Industry comments • Known need to add a few more • Preparation for industry survey in 2004 for adoption of FG1B cybersecurity BPs

  17. Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347

More Related