ip ngn security framework n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IP NGN Security Framework PowerPoint Presentation
Download Presentation
IP NGN Security Framework

Loading in 2 Seconds...

play fullscreen
1 / 17

IP NGN Security Framework - PowerPoint PPT Presentation


  • 234 Views
  • Uploaded on

IP NGN Security Framework. Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia mkader@cisco.com. ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009. Geneva, 9(pm)-10 February 2009. Today’s Threats. Yesterday’s

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IP NGN Security Framework' - Patman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ip ngn security framework

IP NGN Security Framework

Mikhail Kader,

Distinguished Systems Engineer, Cisco, Russia

mkader@cisco.com

ITU-T Workshop on“New challenges for Telecommunication Security Standardizations"Geneva, 9(pm)-10 February 2009

Geneva, 9(pm)-10 February 2009

slide2

Today’s

Threats

Yesterday’s

Threats

  • Geeks and adolescents
  • Operated alone or with a
  • small group of friends
  • Interested in demonstrating
  • Prowess, gaining notoriety
  • Targeted individual computers
  • or applications
  • Little or no business
  • Sophistication
  • Professional hackers
  • Operating in syndicates or
  • cooperatives
  • Interested in extortion,
  • espionage, or economic gain
  • Targeting businesses,
  • governments, and networks
  • BotNets for Sale…

IP NGN SecurityA Paradigm Shift in Miscreant Economy

Mischief of course, but mostly money – a miscreant economy has evolved to steal or extort money from attractive targets

Scott Borg, Dartmouth College, Institute for Security Technology Studies

2

Geneva, 9(pm)-10 February 2009

ip ngn secure platform what is ip ngn security
IP NGN Secure PlatformWhat is IP NGN Security?

Security Policies

Business Relevance

Security Principals

Security Actions

Identify

Security Operations

Visibility

Business Goals and Objectives

Monitor

Correlate

Threat and Risk Assessment

Harden

Control

Isolate

Threats to Goals and Objectives

Security Policies

Enforce

Describes customer-specific business goals, and the threats to goal attainment

Describes the primary Security Principals that are affected by security policies

Describes the iterative development and monitoring of security policies

Describes essential actions that enable Visibility and Control

A hierarchical model for framingsecurity discussions with service providers

3

Geneva, 9(pm)-10 February 2009

slide4

Protect Service Revenue

Business disruptions due to security events can result in both immediate and long-term loss of revenue

  • Meet Customer Expectations / Minimize Churn

Customers expect safe, private, reliable services, and they’re willing to change operators to get them…

  • Safeguard Brand

Public disclosure of security or privacy breaches can destroy carefully managed marketing campaigns and brand reputation

  • Regulatory Requirements Adherence

Adherence to social and legal requirements for parental control, data retention, and service monitoring is mandated in many markets

Business RelevanceBusiness Goals and Objectives

Security helps meet all key business goals and objectives for service providers:

4

Geneva, 9(pm)-10 February 2009

slide5

Business RelevanceThreats to Business Goals Leads to Risk Analysis

Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary.

An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G

5

Geneva, 9(pm)-10 February 2009

slide6

Developing Security PoliciesRisk Assessment Methodologies

IP NGN Security requires the definition of security policies,

but is agnostic to the methodologies needed to create them

eTOM – enhanced Telecom Operators Map

ITIL – Information Technology Infrastructure Library

6

Geneva, 9(pm)-10 February 2009

slide7

Developing Security PoliciesMany Methodologies – One Goal

Regardless of the risk assessment methodology utilized, the core steps are the same:

These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service

7

Geneva, 9(pm)-10 February 2009

ip ngn security principles visibility and control
IP NGN Security PrinciplesVisibility and Control

Security Policies always define a need or means to increase Visibility or Control

  • Visibility:
  • Identify subscribers, traffic, applications, protocols, behaviors…
  • Monitor and record baselines patterns for comparisons to real-time
  • Collect and correlate data from every source to identify trends, macro events
  • Classify to allow the application of controls
  • Control:
  • Limit access and usage per subscriber, protocol, service, packet…
  • Protect against known threats and exploits
  • Authenticate management- and control-plane access / traffic
  • Isolate subscribers, services, subnets
  • React dynamically to anomalous events

No visibility means no control; no control means no security

8

Geneva, 9(pm)-10 February 2009

ip ngn security actions increasing visibility and control
IP NGN Security ActionsIncreasing Visibility and Control

IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control

Identify

Monitor

Correlate

Harden

Isolate

Enforce

These actions, properly taken, enhance service security, resiliency, and reliability – primary goals for subscribers and operators alike

9

Geneva, 9(pm)-10 February 2009

ip ngn security actions identify
IP NGN Security ActionsIdentify

Identifying and assigning trust-levels to subscribers, networks, devices, services, and traffic is a crucial first step to infrastructure security

Principal Actions

Relevant Technologies

  • Identify and authenticate subscribers and subscriber devices (where possible)
  • Associate security profiles with each subscriber and device
  • Associate network addresses and domain identifiers subscriber devices
  • Classify traffic, protocols, applications, and services at trust-boundaries
  • Inspect traffic headers and payloads to identify subscribers, protocols, services, and applications
  • Authentication, Authorization, and Accounting (AAA) Servers
  • Extensible Authentication Protocols
  • Deep Packet Inspection
  • Network-Base Application Recognition
  • Service Control Engines / Application Performance Assurance
  • DNS / DHCP Servers
  • Service / Subscriber Authenticators
  • Service Gateways
  • Signaling Gateways
  • Session Border Controllers

Identify

Monitor

Correlate

Harden

Isolate

Enforce

10

Geneva, 9(pm)-10 February 2009

ip ngn security actions monitor
IP NGN Security ActionsMonitor

Any device that touches a packet or delivers a service can provide data describing policy compliance, subscriber behavior, and network health

Principal Actions

Relevant Technologies

  • Gather performance- and security-relevant data inherent to routers and switches
  • Log transactional and performance data at access and service gateways
  • Link IP traffic with specific subscribers devices, and origins whenever possible
  • Deploy protocol-, traffic-, and service-inspection for reporting and detection
  • Develop behavior baselines for comparison to real-time measurements
  • Employ command / change accounting
  • Netflow
  • SNMP / RMON / SysLog
  • Network / Traffic Analysis Systems
  • Intrusion Detection Systems
  • Virus- / Message-Scanning Systems
  • Deep Packet Inspection
  • Packet Capturing Tools
  • SPAN / RSPAN
  • Authentication, Authorization, and Accounting (AAA) Servers
  • DHCP / DNS Servers

Identify

Monitor

Correlate

Harden

Isolate

Enforce

11

Geneva, 9(pm)-10 February 2009

ip ngn security actions correlate
IP NGN Security ActionsCorrelate

Important macro trends and events can often go unrecognized until other numerous – seemingly unrelated – events are correlated

Principal Actions

Relevant Technologies

  • Assure time synchronization throughout network and service infrastructures
  • Collect and collate data from distributed, disparate monitoring services
  • Analyze and correlate data to identify trends and macro-level events
  • Security Information Management Systems (SIMS)
  • Netflow Analysis Systems
  • Event Correlation Systems
  • Behavioral Analysis Systems
  • Anomaly Detection Systems

Identify

Monitor

Correlate

Harden

Isolate

Enforce

12

Geneva, 9(pm)-10 February 2009

ip ngn security actions harden
IP NGN Security ActionsHarden

Hardening is the application of tools and technologies to prevent known – or unknown – attacks from affecting network or service infrastructures

Principal Actions

Relevant Technologies

  • Deploy layered security measures – defense-in-depth
  • Authenticate control-, and management-plane traffic
  • Authenticate and limit management access to devices, servers, and services
  • Prevent Denial of Service (DoS) attacks – state attacks, resource exhaustion, protocol manipulation, buffer overflows...
  • Validate traffic sources to prevent spoofing
  • Access Control Lists
  • Authentication, Authorization, and Accounting (AAA) systems
  • Reverse-Path Forwarding Checks
  • Control-Plane Policing
  • Role-based control interfaces
  • Memory and CPU thresholds
  • Intrusion Detection Systems
  • High-Availability Architectures
  • Load Balancing

Identify

Monitor

Correlate

Harden

Isolate

Enforce

13

Geneva, 9(pm)-10 February 2009

ip ngn security actions isolate
IP NGN Security ActionsIsolate

Isolating is a critical design practice then helps prevent access to critical resources, protect data, and limit the scope of disruptive events

Principal Actions

Relevant Technologies

  • Limit and control access to (and visibility into) transport-, operations-, and service-delivery infrastructures
  • Prevent visibility and access between different services, customers…
  • Create network zones to isolate based on functionality – DNS, network management, service delivery, access…
  • Define strict boundaries between networks, operational layers, and services of different trust-levels
  • Encrypt sensitive traffic to prevent unauthorized access
  • Virtual Private Networks
  • Virtual Routing and Forwarding
  • Route Filtering
  • Routing Protocol / Transport Boundaries
  • Firewalls
  • IPSec and SSL Encryption
  • Out-of-Band Management
  • Demarcation / Functional Separation Zones
  • Access Control Lists

Identify

Monitor

Correlate

Harden

Isolate

Enforce

14

Geneva, 9(pm)-10 February 2009

ip ngn security actions enforce
IP NGN Security ActionsEnforce

Shaping the behavior of subscribers, traffic, and services, as well as the mitigation of detected security events are the primary goals of enforcement

Principal Actions

Relevant Technologies

  • Prevent the entry and propagation of known exploits – viruses, worms, SPAM
  • Identify and mitigate anomalous traffic, events, and behaviors
  • Detect and prevent address spoofing
  • Limit subscribers and traffic to authorized networks, services, and service-levels
  • Shape and police traffic the assure compliance with established service level agreements
  • Identify and quench unauthorized protocols, services, and applications
  • Firewalls
  • Intrusion Prevention Systems
  • Remotely Triggered Black Holes
  • Service Control Engines
  • Traffic Classifiers, Policers, and Shapers
  • Virus and Message Filtering Systems
  • Anomaly Guards / Traffic Filters
  • Quarantine Systems
  • Policy Enforcement Points (Routers, Access Gateways, Session Border Controllers)

Identify

Monitor

Correlate

Harden

Isolate

Enforce

15

Geneva, 9(pm)-10 February 2009

ip ngn security implementation and operations
IP NGN SecurityImplementation and Operations

IP NGN Security defines the actions and technologies to be implemented and operated by an organization

The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence

16

Geneva, 9(pm)-10 February 2009

ip ngn security summary
IP NGN SecuritySummary

Security Policies

Business Relevance

Security Principals

Security Actions

Identify

Security Operations

Visibility

Business Goals and Objectives

Monitor

Correlate

Threat and Risk Assessment

Harden

Control

Isolate

Threats to Goals and Objectives

Security Policies

Enforce

Describes customer-specific business goals, and the threats to goal attainment

Describes the primary Security Principals that are affected by security policies

Describes the iterative development and monitoring of security policies

Describes essential actions that enable Visibility and Control

Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability.

17

Geneva, 9(pm)-10 February 2009