Download presentation
Presentation is loading. Please wait.
Published byAugust Warner Modified over 8 years ago
1
© 2009 Wipro Ltd - Confidential 1 Security Challenges and Opportunities -Indian ISP Scenario
2
© 2009 Wipro Ltd - Confidential 2 Challenges and Opportunities:An Indian Scenario Reducing Internet Bandwidth Losses and Saving Costs IP Blacklisting Prevention, DDoS protection, Reduction of Outbound Spam, Content Caching etc. Increasing ARPU by offering new value-added Security services for subscribers Customized Security as a Service Offerings, Dynamic Subscriber Profiling, Parental Control etc. Compliance to Indian Government Guidelines on Internet Usage Implementing TRAI URL Filtering Guidelines, Lawful Intercept (LI) etc. Providing subscribers with secure malware free Connectivity Offering Clean Pipe Services for malware control, MMS AV Scanning etc. Increasing customer loyalty and attracting new subscribers in a highly competitive market scenario
3
© 2009 Wipro Ltd - Confidential 3 Telecom Security Solution Offerings IP Blacklisting Prevention through Outbound E-mail Anti-Spam using the Fortinet FortiMail Appliances. Implementing TRAI URL filtering guidelines by deploying the innovative Fortinet FortiGate appliance based Solution. Deploying GTP Firewalling, SIP Signalling Firewall and MMS Anti-Virus Scanning using FortiOS Carrier solutions. Cost Saving and Compliance Solutions Clean Internet Bandwidth as a value added Managed Security Service offering for subscribers using the Security Service Virtualization capabilities of FortiGate UTM appliances. URL Filtering and Parental Control solutions for Mobile Broadband and Mobile Internet users by using Dynamic User Profiling capabilities Revenue Generation Solutions
4
© 2009 Wipro Ltd - Confidential 4 ISP IP Blacklisting Prevention -Outbound E-mail Anti-Spam
5
© 2009 Wipro Ltd - Confidential 5 RankCountryMessages% of Total 1India430,84313.8% 2Russia298,7929.6% 3Brazil216,8897.0% 4Ukraine187,0956.0% 5United States161,9795.2% 6S. Korea145,2714.7% 7Vietnam122,6013.9% 8Britain69,6422.2% 9Romania69,1162.2% 10Israel63,6972.0% Top 10 Countries Sending Spam Last Week - 7/19/10-7/25/10
6
© 2009 Wipro Ltd - Confidential 6 Spamming IP addresses are tracked and detailed in Blacklists (DNSBL, RBL) Most Internet MTAs refuse e-mail from blacklisted IP addresses – DNSBL is a popular technique, widely used as an Anti-Spam filter by peering ISP’s CASE #1: Low Impact: E-mail activities of certain subscribers are affected – The blacklisted IP is reassigned to a clean subscriber ➽ The latter can not send mail ISP Blacklisting – Context and Subscriber Impact
7
© 2009 Wipro Ltd - Confidential 7 CASE #2: High Impact: E-mail activities of all subscribers are affected ➽ All subscribers are impacted and can not send mail RESOLUTION: Through Anti-Spam Scanning of Outbound E-mail Traffic – Reduce Spam content in e-mail flow originating in the local network Transparent E-mail Traffic Scanning for Spam Other protocols like FTP, P2P and HTTP can be bypassed Analyze and Report on Offending Subscribers through Radius Integration Drop confirmed spam e-mails and initiate Out-of-Band remediation process against repeatedly offending subscribers. ISP Blacklisting – Subscriber impact and Resolution
8
© 2009 Wipro Ltd - Confidential 8 Outbound Anti-Spam : Process Flow Identification : Inspect the Internet traffic and identify the SMTP based e-mail traffic for further action. Isolation : Transparently re-direct only the SMTP traffic towards a cluster of Anti-Spam Appliances for scanning. Other types of traffic to be passed through. Interrogation: The load balanced cluster of Anti-Spam appliances would scan for various configured parameters to identify spam e-mails Intervention : The identified spam mails are dropped and clean mails are processed for delivery to intended recipients. Appropriate reporting mechanisms configured to identify offending ADSL/3G subscribers.
9
© 2009 Wipro Ltd - Confidential 9 Policy-based routing (PBR) rules on the Internet Gateway Router makes sure subscriber's mail flow are redirected to FortiMail for scanning – No need to process web, ftp, pop3, etc. traffic – No need to redirect/scan incoming mail flow High PBR related performance impact on existing routing infrastructure. Outbound Anti-Spam – The Traditional Approach
10
© 2009 Wipro Ltd - Confidential 10 Policy Based SMTP Re-direction using third-party high performance DPI engine to reduce any induced latency on the network. No impact on existing network performance. Load Balancing of multiple FortiMail Appliances for performance scalability Fully transparent SMTP e-mail scanning for subscriber mobility and ease of use. Outbound Anti-Spam – An Innovative Approach
11
© 2009 Wipro Ltd - Confidential 11 For 3G mobile networks, subscriber ID = MSISDN For ADSL networks, subscriber ID = ADSL modem login – Track the offending subscriber ID – Initiate remediation process, block all e-mail traffic from offending subscriber on repeated offence. Reporting: Identifying Offending ADSL/3G subscribers
12
© 2009 Wipro Ltd - Confidential 12 Solution Benefits The solution improves the end customer experience thereby increasing stickiness of its subscribers. Increased credibility and protected reputation ensures that newer value added services are appreciated faster by subscribers. Deploying an Outbound Anti-Spam solution reduces outgoing e-mail volume significantly by reducing spam related traffic. The solution prevents incidents of IP Blacklisting due to Spam, saving costs in terms of fines and penalties. The solution can help in identification of offending ADSL/3G subscribers for remedial action. The solution can also be scaled in the future to offer inbound e-mail scanning services for subscribers.
13
© 2009 Wipro Ltd - Confidential 13 Case Studies: Securing Telecom Networks -Wipro and Fortinet
14
© 2009 Wipro Ltd - Confidential 14 Large Telecom Player in India Part of one of India’s most reputed Business groups First ISP to offer UTM based Virtual Security-as-a-Service offerings for Indian customers Solution jointly deployed by Fortinet and Wipro using chassis based FortiGate UTM appliances. Customized Security Services being offered by the ISP to various enterprise Hosted Services and Network Services customers since last 2 years. Case Study #1: Virtual Security Solution
15
© 2009 Wipro Ltd - Confidential 15 Large Telecom Player in India Part of one of India’s most reputed Business groups Required compliance to DoT guidelines for blocking Anti-India Content Unique Solution jointly deployed by Fortinet and Wipro using modular FortiGate UTM appliances List of URL’s to be blocked is configured on the Fortigate appliance Only relevant traffic requests are evaluated. Blocked URL requests are blocked. Rest of the traffic is transmitted untouched. Additional URL’s can be added when required. Solution enabled since last 2 years. Case Study #2: Meeting TRAI URL Blocking Guidelines
16
© 2009 Wipro Ltd - Confidential 16 Thank You -Ravi Vaz, Wipro Infotech
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.