Presentation is loading. Please wait.

Presentation is loading. Please wait.

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair 972-740-7347.

Published byBarrie Newton Modified over 9 years ago

Similar presentations

Presentation on theme: "Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair 972-740-7347."— Presentation transcript:

1 Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair bill.hancock@cw.com 972-740-7347

2 Purpose of Today’s Brief Review of Charter and Architecture of FG1B Explanation of deliverables and work efforts Brief discussion of Prevention Best Practices deliverable for December, 2002 Review work plan and deliverables for March Guidance to NRIC on subsequent deliverables in March 2003 on recovery BPs and additional issues and items related to cybersecurity

3 Charter of FG1B Generate Best Practices for cybersecurity –Telecommunications sector –Internet services Deliverables –December 2002 – prevention –March 2003 – recovery New team, limited baseline material

4 Security is Very Complex Security is currently where networking was 15 years ago Many parts & pieces Complex parts Lack of expertise in the industry (60% vacancy with no qualified personnel) No common GUIs Lack of standards Attacks are growing Customers require security from providers

5 As Systems Get Complex, Attackers are Less Sophisticated… PASSWORD GUESSING SELF-REPLICATING CODE PASSWORD CRACKING EXPLOITING KNOWN VULNERABILITIES BURGLARIES HIJACKING SESSIONS NETWORK MANAGEMENT DIAGNOSIS GUI AUTOMATED PROBES/SCANS WWW ATTACKS DISTRIBUTED ATTACK TOOLS STAGED ATTACK SOPHISTICATION INTRUDER KNOWLEDGE LOW HIGH 19801985199019952000 DISABLING AUDITS BACK DOORS SWEEPERS SNIFFERS PACKET SPOOFING DENIAL OF SERVICE “STEALTH”/ADVANCED SCANNING TECHNIQUES CROSS SITE SCRIPTING

6 Attack Growth – Security Business is Good and Growing (Unfortunately) 1999200020012002 9,85921,75652,65886,000 Source: CERT/CC

7 0 10 20 30 40 50 MILLIONS Software Is Too Complex Sources of Complexity: –Applications and operating systems –Data mixed with programs –New Internet services XML, SOAP, VoIP –Complex Web sites –Always-on connections –IP stacks in cell phones, PDAs, gaming consoles, refrigerators, thermostats WINDOWS 3.1 (1992)WINDOWS NT (1992)WINDOWS 95 (1995) WINDOWS NT 4.0 (1996) WINDOWS 98 (1998) WINDOWS 2000 (2000) 3 4 15 16.5 18 35 WINDOWS XP (2001) 45

8 Security Must Make Business Sense to Be Adopted COST OF SECURITY COUNTERMEASURES COST OF SECURITY BREACHES OPTIMAL LEVEL OF SECURITY AT MINIMUM COST TOTAL COST COST ($) 0%SECURITY LEVEL100%

9 Composition and Organization Members include security officers, VPs, directors managers and subject matter experts (SMEs) Members also include various U.S. Government agencies such as US DoC, U.S. DoD, U.S. DoJ, FCC, Federal Reserve, etc. Group is divided into 8 working teams, each with a team leader volunteer to generate BPs for a given subject area

10 FG1B Teams Fundamentals & Architecture OAM&P (operations, administration, maintenance and provisioning) AAA (authentication, accounting, audit) Services Signaling Personnel Users Incidents

11 Delivery Plan for FG1B Cybersecurity Best Practices December 2002 – Preventative BPs –Excel document for Industry comment and improvement March 2003 – Recovery BPs –Excel document for Industry comment and improvement –New, improved version of prevention BPs Early 2003 – Final Report (date TBD) –Cover document with cybersecurity topics that clarify the offerings, issues that require research and additional work, strategic issues in cybersecurity, implementation guidance and related topics –Prevention and recovery BPs

12 Guidance on Cybersecurity Best Practices Current list of best practices (BPs) are constrained by what can be implemented Recommended BPs are considered implementable due to expert experience from the team Not all BPs are appropriate for all service providers or architectural implementations The BPs are not intended for mandatory regulatory efforts There will continue to exist security conditions that will require development of technologies and techniques that are not currently practical or available to solve the security issues they create. Focus group is working on recommendations for inclusion in final report. This is a moving target that will require continual refinement, additions and improvement

13 Driving Principles in Cyber Security Best Practices Capability Minimization –Allow only what is needed re: services, ports, addresses, users, etc. –Disallow everything else Partitioning and Isolation Defense in Depth –Aka “belt & suspenders” –Application, host and network defenses KISS –Complexity makes security harder General IT Hygiene –Backups, change control, privacy, architectures, processes, etc. Avoid Security by Obscurity –A proven BAD IDEA™

14 Prevention Best Practices Deliverable (December 2002) Composed of 103 best practices for preventing cybersecurity “events” Includes –BP number –Title –Best practice for prevention –If any: reference and dependencies on other BPs –Implementors

15 Example of Prevention Best Practice for Cybersecurity Number6-6-8008 TitleNetwork Architecture Isolation/Partitioning Preventative Best Practice Compartmentalization of technical assets is a basic isolation principle of security where contamination or damage to one part of an overall asset chain does not disrupt or destroy other parts of an asset chain. Network Operators and Service Providers should give deliberate thought to and document an Architecture plan that partitions and isolates network communities and information, through the use of firewalls, DMZ or (virtual) private networks. In particular, where feasible, it is suggested the user traffic networks, network management infrastructure network, customer transaction system networks and enterprise communication/business operations networks be separated and partitioned from one another. Special care must to taken to assess OS, protocol and application vulnerabilities, and subsequently hardened and secure systems and applications, which are located in DMZ's or exposed to the open Internet. ReferenceISF SB52, www.sans.org Dependency ImplementorNO, SP

16 Next Steps Publish preventative cybersecurity best practices for Industry comment and improvement, following NRIC Council acceptance of December 2002 cybersecurity deliverables. Refinement of recovery BPs for March 2003 deliverable Creation of March 2003 cover document with: –General cybersecurity recommendations –Strategic cybersecurity issues –Technology issues that require resolution for future BPs Additional refinement and addition of BPs for prevention and recovery as reviews are completed by NRIC membership

Download ppt "Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair 972-740-7347."

Similar presentations

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Similar presentations

Ads by Google