Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007.

Published byAngel Love Modified over 11 years ago

Similar presentations

Presentation on theme: "The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007."— Presentation transcript:

1 The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007

2 All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Engineering Society | May 2006 Topics We Are Not Winning the Security Challenge Convergence – All Media IP – Will Bring New Challenges Rethink the Approach: Design - Build Trusted Communications Networks An Opportunity: Design In Now or Retrofit Later

3 All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Engineering Society | May 2006 Lots of Data Telling Us…The Current Approach is Not Working: Faster, Stealthier Exploits Mths Dys Wks 200320042005 Avg. exploit in 2005 5.8 days. Sources: CERT/CC, Symantec, NVD, OSVD DDOS on the Rise SPAM: 8 in 10 emails

4 All Rights Reserved © Alcatel-Lucent 2006, ##### 4 | Engineering Society | May 2006 The Challenge: Difficult, Multi-Dimensional, and In Flux Point Prods Point Roles Security un-manageable and no single situation awareness Weak Links Prevalent Inconsistent security applied to network components – un-trusted pieces make… Lack of Universal Standard That addresses security in a comprehensive way – so very difficult to integrate security Data Control & Integrity Data exchange requires better security controls Sophisticated Cyber Crime From phishing and spyware to DDOS and Network Penetration Attacks Reacting to infinite possible sources Ex: polymorphism Blacklist Defenses Ineffective Increasing Network Complexity Increased vulnerability Ex: firewall VOIP sessions Exploitation Window Zero-Day Threat occur faster than we can detect and respond before it impacts business Data Flooding SPAM – SPIT – SPASMS tough to separate wanted info Data Leakage More personal data is online – uncertain protection

5 All Rights Reserved © Alcatel-Lucent 2006, ##### 5 | Engineering Society | May 2006 Convergence – Many Benefits, Many Risks Consume RF b/w Battery drain Identity theft SPIT Scams Deperimiterization Data theft Scams Compromised system integrity Intersection of threats…beyond the reach of the law… Content theft Compromised privacy Scams

6 All Rights Reserved © Alcatel-Lucent 2006, ##### 6 | Engineering Society | May 2006 We Have a Window of Opportunity Design Trusted Communications Networks Now

7 All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Engineering Society | May 2006 It Will Take A Multi-Disciplined Approach Network & Data Integrated Security Eco-System Defenses Design End-to-End Security System (Standards) Hardening Imbed Integrity Attestation

8 All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Engineering Society | May 2006 Design-Build Secure Systems & Services ISO 2700X and X.805/ISO 18028 Standards-based approach Security as a systematic, rigorous process Applied to all network elements - system In the Product Development Lifecycle System (Standards) Hardening ISO 2700X Provides the what X.805 & ISO 18028-2 …provides the how details

9 All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Engineering Society | May 2006 Trust Can Be Required… My company can only do business with ISO 2700X certified businesses … Are you certified?

10 All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Engineering Society | May 2006 System Hardening – Standards Based Bell labs Security Framework – Instantiated in ITU/T X.805, ISO 18028 InfrastructureServicesApplications End User Control / Signaling Management Layers Planes MODULE 1MODULE 4MODULE 7 MODULE 2MODULE 5MODULE 8 MODULE 3MODULE 6MODULE 9 Access Control Authentication Non-Repudiation Data Confidentiality Comms Security Data Integrity Privacy Availability The X.805 Security Standard

11 All Rights Reserved © Alcatel-Lucent 2006, ##### 11 | Engineering Society | May 2006 ISO/IEC 27001 enhanced by ITU-T X.805 / ISO 18028-2 Security Policy Organizing Information Security Human Resources Security Asset Mgmt Physical & Environment Security Access Control Communications & Ops Mgmt Information Systems Acquisition, Development & Maintenance Information Security Incident Management Business Continuity Management Compliance ISO/IEC 27001:2005 Controls Specify acceptable use policy for equipment. Sub-controls: Access control, Authentication, Non-repudiation Restrict access to privileged information / applications to ensure service continuity. Sub-Controls: Authentication, Access Control, Non- repudiation Harden network element or system before deployment. Sub-Controls: Access control, Availability Maintain security of stored information. Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non- repudiation

12 All Rights Reserved © Alcatel-Lucent 2006, ##### 12 | Engineering Society | May 2006 Employee Database Enterprise Data Center Module 6: Management Plane of Services Layer Desktop and Laptop Support Help Desk Module 9: Management Plane of Infrastructure Layer Network Operations File System Maint. System Updates Patch Mgmt., etc. Corporate IT Employee Information is accessed for: Network Service Management Network Infrastructure Management Bell Labs Security Framework Dimensions Provide ISO/IEC 27001 Control A.10.9.2 ISMS Implementation and Operation Details ISO/IEC 27001 Controls and X.805 Applied to the Real-World Data Integrity - Use IPSec AH Communications Security - Use VPNs Data Confidentiality - Use IPsec ESP Data Integrity - Protect files w/ checksums Data Confidentiality - Encrypt files Access Control - Use file system ACLs

13 All Rights Reserved © Alcatel-Lucent 2006, ##### 13 | Engineering Society | May 2006 Opportunity…Deliver Secure Systems & Services ISO 2700X and X.805/ISO 18028 Security as a systematic, rigorous process Applied to all network elements From device to system, to infrastructure Standards-based System (Standards) Hardening Imbed Integrity Attestation Integrity Attestation Apply integrity metrics Measure at point of Creation, Delivery and in Operation Access policy based on integrity score Perform in real-time

14 All Rights Reserved © Alcatel-Lucent 2006, ##### 14 | Engineering Society | May 2006 The Issue of Integrity Drift Time Confidence IT system confidence degrades from boot time 100% Applications are installed Patches are applied Change and routine maintenance Reformatting and rebuilding from scratch The big unknown … when will it fail, what is the cause, what was lost? (by permission from SignaCert)

15 All Rights Reserved © Alcatel-Lucent 2006, ##### 15 | Engineering Society | May 2006 What if We Could Measure the Integrity…Report it, and Act on It? Time Confidence Confidence is constantly maintained 100% System and Device-level Confidence and Trust Measured and Enforced Restoring to a known and trusted state is easy (by permission from SignaCert)

16 All Rights Reserved © Alcatel-Lucent 2006, ##### 16 | Engineering Society | May 2006 Summary We actually have the know-how to improve the state of security It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems By applying the ISO 2700X with X.805/ISO-18028 standards and Integrity Measurements, we can: Baseline the state of security Have a consistent way to measure it Consistent application Completeness Repeatable Scales to size and complexity of present and future networks

Download ppt "The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel: 732-582-7179

Reliable Security Current State, Challenges, Desired State S. Rao Vasireddy Bell Laboratories, Alcatel-Lucent Tel:
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
I-Secure Product Overview © 2010 ECC International. All Rights Reserved www.eccIgroup.com 1 ECC International PHILIPPINES :: MALAYSIA :: VIETNAM © 2010.

I-Secure Product Overview © 2010 ECC International. All Rights Reserved 1 ECC International PHILIPPINES :: MALAYSIA :: VIETNAM © 2010.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright Critical Software S.A. 1998-2008 All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.

Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Similar presentations

Ads by Google