Telecom Security for Olympic Events

Transcription

1 Telecom Security for Olympic vents Prepared for: 2006 CQR Conference Contact: John Kimmins June 7, 2006

2 nformation Sensitivity Axis Services Axis National Security Multi-Dimensional Challenge Corporate Proprietary Video Competition Axis Technology Axis Threat Source Axis Personal Privacy Cyber Terrorists ndustrial spionage Commercially Copyrighted Malicious Hackers Curious Kids Public Domain Protocol Layer Axis Application Presentation Session Transport Network Data Link Physical Data conomic Axis Control 2002 Management 2003 Customer Networks 2004 Data Access Private Telephony Line None None Nonexistent Draft Weak nexpensive Research Recession Cost Strong Prototype ffective Lab Test Field Trial Robust xorbitant First Customer Deployment Functional Axis 2005 Cost Axis 2006 Local Core Mature 2010 Wide-Area Core Time Axis nteroperable Spatial Axis Standards Axis CQR 2

3 CQR 3 Another Look at Dimensions PHYSCAL NTWORK CONTNT APPLCATON MANTAN DPLOY NGNR PLAN ASSSS S C U R Y T R L A B L T Y R S L N C S C U R T Y

4 Major Technical Security Challenges Service Networks Circuit Packet Data Communication Networks Backbone Operations Public Networks nternet Wireless Web Node Security Operations Flow-thru New Services Software ntegrity Routing & Addressing Legacy Systems Denial of Service Security Management Mobile Devices CQR 4

5 nd-to-end approach to security ( Platforms Analyze nfrastructure - Assets Signal/Mgt. nteractions Core Network Operations Analyze the Attack Strategies signaling switching transport ACCSS Access O/S ntrusion Link ntrusion Privilege Abuse Wireless Disruption lement Crash Bogus Signaling Controls SDH Mgt. Corruption Web Services CQR 5

6 Athens Olympic Lessons Learned Telecom Perspective Perform baseline security assessment to identify/address gaps before events Manage vulnerability remediation ntegrate Network & T network security functions stablish new management interfaces to support information sharing and enhance incident detection/response Create security awareness program across a broad range of users ncrease and train security staff to handle 7x24 support Address interconnection with legacy and new networks Manage vendor support throughout period Address security for Major Web Portals mplement strict configuration management for security elements and telecom/t infrastructure CQR 6

7 Converged Communications. Multiple Accessed over Multiple Devices via Communications Portal Call Logs mail Click to Dial Calendar Address Book nstant Messaging Unified Messaging call notification click to dial Manage Collaboration Service Features Messages, News, Advertising Video Home Networking Customer Self Service audio exchange call management call notification call disposition call logs with click to dial directories with click to dial call notification call disposition call logs with click to dial service management CQR 7

8 volving Security Boundaries Session Admission Control Policy Decision Function Authentication Trusted VoP Network Softswitch Control Management SBC Demarcation Point Topology Hiding Threats Denial of Service Service Theft Rogue Media Rogue Signalling Malicious Malfunction SBC Session Border Controller CQR 8

9 MS: A Security Perspective Third Party Application Providers 3rd Party Apps ParlayX ParlayX APs ParlayX APs Parlay X Parlay X Web Services Parlay / OSA APs OSA / Parlay and Services Layer OSA / Parlay OSA / Parlay Gateway N-based OSA / Parlay APs SP-based SP-based N Service Control Point Vendor-specific N APs nterfaces between /Services Layer and MS Layer (e.g., SP/SC) SP Server APs SP App. Server SP Server MS Core M-SSF CS-Domain N Network Protocols (e.g., NAP) Network Layer CQR 9

10 Security Roadmap for Network/Service nfrastructures Benchmark Security Address risk Platforms, applications & protocols Process flows Security architecture Security management Procurement Process Controls Vulnerability Assessment Processes Security design Operations testing & turn-up New Services Rollout Controls process Vulnerability assessment Procedures Training Service testing & turn-up Threat & Vulnerability Monitoring Patch management Periodic Vulnerability assessments Training Current Network nfrastructure New Services New Network Technology nsertion volving Network nfrastructure CQR 10

11 New Security Directions Balancing Defense-in-Depth across networks, platforms, interfaces and applications Recognizing security as part of QoS policy management ntegrating security operations capabilities Technical and organizational aspects Utilizing identity management Providing end-to-end nformation Security Developing common look & feel interfaces CQR 11