Upload
amelia-mccall
View
218
Download
2
Embed Size (px)
Citation preview
InternationalTelecommunicationUnion
IP NGN Security Framework
Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia
ITU-T Workshop on“New challenges for Telecommunication
Security Standardizations"
Geneva, 9(pm)-10 February 2009
Geneva, 9(pm)-10 February 2009
InternationalTelecommunicationUnion
Scott Borg, Dartmouth College, Institute for Security Technology Studies
Mischief of course, but mostly money – a miscreant economy has evolved to steal or extort money from attractive targets
Yesterday’s Threats
Geeks and adolescents
Operated alone or with asmall group of friends
Interested in demonstratingProwess, gaining notoriety
Targeted individual computersor applications
Little or no businessSophistication
Today’s Threats
Professional hackers
Operating in syndicates orcooperatives
Interested in extortion, espionage, or economic gain
Targeting businesses,governments, and networks
BotNets for Sale…
IP NGN SecurityA Paradigm Shift in Miscreant Economy
Geneva, 9(pm)-10 February 20092
InternationalTelecommunicationUnion
IP NGN Secure PlatformWhat is IP NGN Security?
A hierarchical model for framing security discussions with service providers
Security PrincipalsSecurity Principals
Describes the primary Security Principals that are affected by
security policies
VisibilityVisibility
ControlControl
Security ActionsSecurity Actions
Describes essential actions that enable Visibility and
Control
IdentifyIdentify
MonitorMonitor
CorrelateCorrelate
HardenHarden
IsolateIsolate
EnforceEnforce
Business RelevanceBusiness Relevance
Describes customer-specific business goals, and the threats
to goal attainment
Business Goals and Objectives
Business Goals and Objectives
Threats to Goals and Objectives
Threats to Goals and Objectives
Security PoliciesSecurity Policies
Describes the iterative development and monitoring of
security policies
Threat and Risk
Assessment
Threat and Risk
Assessment
Security PoliciesSecurity Policies
Security Operations
Security Operations
Geneva, 9(pm)-10 February 20093
InternationalTelecommunicationUnion
Adherence to social and legal requirements for parental control, data retention, and service monitoring is mandated in many markets
Regulatory Requirements Adherence
Safeguard BrandPublic disclosure of security or privacy breaches can destroy carefully managed marketing campaigns and brand reputation
Protect Service RevenueBusiness disruptions due to security events can result in both immediate and long-term loss of revenue
Security helps meet all key business goals and objectives for service providers:
Meet Customer Expectations / Minimize ChurnCustomers expect safe, private, reliable services, and they’re willing to change operators to get them…
Business RelevanceBusiness Goals and Objectives
Geneva, 9(pm)-10 February 20094
InternationalTelecommunicationUnion
Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary.
An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G
2G 3.5G
Isolated Highly Networked
No IP IP End-to-End
Simple Devices
Sophisticated Devices
Proprietary Services
Open Services
Few Security Targets
Numerous Security Targets
Little Risk Much Risk
Business RelevanceThreats to Business Goals Leads to Risk Analysis
Geneva, 9(pm)-10 February 20095
InternationalTelecommunicationUnion
IP NGN Security requires the definition of security policies, but is agnostic to the methodologies needed to create them
Developing Security PoliciesRisk Assessment Methodologies
eTOM – enhanced Telecom Operators Map
ITIL – Information Technology Infrastructure Library
Geneva, 9(pm)-10 February 20096
InternationalTelecommunicationUnion
Regardless of the risk assessment methodology utilized, the core steps are the same:
These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service
Threat ModelsHow can the device, service, or system be attacked, disrupted, compromised, or exploited?
Risk Assessments
What impact would an attack have on my business? How important is the asset?
Policy Development
What entities, attributes, processes, or behaviors can be controlled to prevent or mitigate each attack?
Developing Security PoliciesMany Methodologies – One Goal
Geneva, 9(pm)-10 February 20097
InternationalTelecommunicationUnion
IP NGN Security PrinciplesVisibility and Control
Security Policies always define a need or means to increase Visibility or Control
Visibility:Identify subscribers, traffic, applications, protocols, behaviors…Monitor and record baselines patterns for comparisons to real-timeCollect and correlate data from every source to identify trends, macro eventsClassify to allow the application of controls
Control:Limit access and usage per subscriber, protocol, service, packet…Protect against known threats and exploitsAuthenticate management- and control-plane access / trafficIsolate subscribers, services, subnetsReact dynamically to anomalous events
No visibility means no control; no control means no security Geneva, 9(pm)-10 February 2009
8
InternationalTelecommunicationUnion
IP NGN Security ActionsIncreasing Visibility and Control
IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control
Identify
Monitor
Correlate
Isolate
Enforce
Harden
These actions, properly taken, enhance service security, resiliency, and reliability – primary goals for subscribers and operators alike
Geneva, 9(pm)-10 February 20099
InternationalTelecommunicationUnion
IP NGN Security ActionsIdentify
Identifying and assigning trust-levels to subscribers, networks, devices, services, and traffic is a crucial first step to infrastructure security
Identify Monitor Correlate Isolate EnforceHarden
Principal Actions Relevant Technologies
Identify and authenticate subscribers and subscriber devices (where possible)
Associate security profiles with each subscriber and device
Associate network addresses and domain identifiers subscriber devices
Classify traffic, protocols, applications, and services at trust-boundaries
Inspect traffic headers and payloads to identify subscribers, protocols, services, and applications
Authentication, Authorization, and Accounting (AAA) Servers
Extensible Authentication Protocols Deep Packet Inspection Network-Base Application Recognition Service Control Engines / Application
Performance Assurance DNS / DHCP Servers Service / Subscriber Authenticators Service Gateways Signaling Gateways Session Border Controllers
Geneva, 9(pm)-10 February 200910
InternationalTelecommunicationUnion
IP NGN Security ActionsMonitor
Identify Monitor Correlate Isolate EnforceHarden
Any device that touches a packet or delivers a service can provide data describing policy compliance, subscriber behavior, and network health
Principal Actions Relevant Technologies
Gather performance- and security-relevant data inherent to routers and switches
Log transactional and performance data at access and service gateways
Link IP traffic with specific subscribers devices, and origins whenever possible
Deploy protocol-, traffic-, and service-inspection for reporting and detection
Develop behavior baselines for comparison to real-time measurements
Employ command / change accounting
Netflow SNMP / RMON / SysLog Network / Traffic Analysis Systems Intrusion Detection Systems Virus- / Message-Scanning Systems Deep Packet Inspection Packet Capturing Tools SPAN / RSPAN Authentication, Authorization, and
Accounting (AAA) Servers DHCP / DNS Servers
Geneva, 9(pm)-10 February 200911
InternationalTelecommunicationUnion
IP NGN Security ActionsCorrelate
Identify Monitor Correlate Isolate EnforceHarden
Important macro trends and events can often go unrecognized until other numerous – seemingly unrelated – events are correlated
Principal Actions Relevant Technologies
Assure time synchronization throughout network and service infrastructures
Collect and collate data from distributed, disparate monitoring services
Analyze and correlate data to identify trends and macro-level events
Security Information Management Systems (SIMS)
Netflow Analysis Systems Event Correlation Systems Behavioral Analysis Systems Anomaly Detection Systems
Geneva, 9(pm)-10 February 200912
InternationalTelecommunicationUnion
IP NGN Security ActionsHarden
Identify Monitor Correlate Isolate EnforceHarden
Hardening is the application of tools and technologies to prevent known – or unknown – attacks from affecting network or service infrastructures
Principal Actions Relevant Technologies
Deploy layered security measures – defense-in-depth
Authenticate control-, and management-plane traffic
Authenticate and limit management access to devices, servers, and services
Prevent Denial of Service (DoS) attacks – state attacks, resource exhaustion, protocol manipulation, buffer overflows...
Validate traffic sources to prevent spoofing
Access Control Lists Authentication, Authorization, and
Accounting (AAA) systems Reverse-Path Forwarding Checks Control-Plane Policing Role-based control interfaces Memory and CPU thresholds Intrusion Detection Systems High-Availability Architectures Load Balancing
Geneva, 9(pm)-10 February 200913
InternationalTelecommunicationUnion
IP NGN Security ActionsIsolate
Identify Monitor Correlate Isolate EnforceHarden
Isolating is a critical design practice then helps prevent access to critical resources, protect data, and limit the scope of disruptive events
Principal Actions Relevant Technologies
Limit and control access to (and visibility into) transport-, operations-, and service-delivery infrastructures
Prevent visibility and access between different services, customers…
Create network zones to isolate based on functionality – DNS, network management, service delivery, access…
Define strict boundaries between networks, operational layers, and services of different trust-levels
Encrypt sensitive traffic to prevent unauthorized access
Virtual Private Networks Virtual Routing and Forwarding Route Filtering Routing Protocol / Transport Boundaries Firewalls IPSec and SSL Encryption Out-of-Band Management Demarcation / Functional Separation
Zones Access Control Lists
Geneva, 9(pm)-10 February 200914
InternationalTelecommunicationUnion
IP NGN Security ActionsEnforce
Identify Monitor Correlate Isolate EnforceHarden
Shaping the behavior of subscribers, traffic, and services, as well as the mitigation of detected security events are the primary goals of enforcement
Principal Actions Relevant Technologies
Prevent the entry and propagation of known exploits – viruses, worms, SPAM
Identify and mitigate anomalous traffic, events, and behaviors
Detect and prevent address spoofing Limit subscribers and traffic to
authorized networks, services, and service-levels
Shape and police traffic the assure compliance with established service level agreements
Identify and quench unauthorized protocols, services, and applications
Firewalls Intrusion Prevention Systems Remotely Triggered Black Holes Service Control Engines Traffic Classifiers, Policers, and Shapers Virus and Message Filtering Systems Anomaly Guards / Traffic Filters Quarantine Systems Policy Enforcement Points (Routers,
Access Gateways, Session Border Controllers)
Geneva, 9(pm)-10 February 200915
InternationalTelecommunicationUnion
IP NGN SecurityImplementation and Operations
IP NGN Security defines the actions and technologies to be implemented and operated by an organization
The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence
Geneva, 9(pm)-10 February 200916
InternationalTelecommunicationUnion
IP NGN SecuritySummary
Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability.
Security PrincipalsSecurity Principals
Describes the primary Security Principals that are affected by
security policies
VisibilityVisibility
ControlControl
Security ActionsSecurity Actions
Describes essential actions that enable Visibility and Control
IdentifyIdentify
MonitorMonitor
CorrelateCorrelate
HardenHarden
IsolateIsolate
EnforceEnforce
Business RelevanceBusiness Relevance
Describes customer-specific business goals, and the threats to goal
attainment
Business Goals and Objectives
Business Goals and Objectives
Threats to Goals and Objectives
Threats to Goals and Objectives
Security PoliciesSecurity Policies
Describes the iterative development and monitoring of security policies
Threat and Risk Assessment
Threat and Risk Assessment
Security Policies
Security Policies
Security Operations Security Operations
Geneva, 9(pm)-10 February 200917