NSN White paper December Nokia Solutions and Networks Network security - An imperative for the global economy

Size: px
Start display at page:

Download "NSN White paper December 2013. Nokia Solutions and Networks Network security - An imperative for the global economy"

Transcription

1 NSN White paper December 2013 Nokia Solutions and Networks Network security - An imperative for the global economy

2 CONTENTS 1. Executive summary 3 2. Introduction 4 3. General Trends that Impact Network Security New Threats New Challenges for operators Telecommunication Network Solutions 7 in Industrial and Rural Sectors 3.4 Network Equipment in Residential and 7 Public Areas 3.5 Smart Objects and Internet-of-Things 8 (IoT) 3.6 Impact of Virtualization and Cloud 8 Computing 4. Selected Technical Trends and Challenges 9 for Network Security 4.1 Ubiquitous Access Security Advanced Network Management 10 Security Functions 4.3 Software Integrity Cryptographic SW Integrity Protection Trusted Computing Mechanisms Backdoor Detection Unwanted Traffic Malware and Botnets Regulatory Framework Overall Challenge: Privacy versus 15 Public Safety 5.2 Lawful Interception (LI) Critical Infrastructures Security Compliances 16 Page 2

3 CONTENTS 6. Nokia Solutions and Networks Security 17 Approach 6.1 General Product Security Security Solutions for operators Security Solutions Security Consulting Integration and Care Summary List of Acronyms Executive summary Tomorrow s network security offers both challenges and opportunities. A key challenge is to adopt the Internet model for ubiquitous connectivity and five billion people. This must be realized while maintaining a high level of security that ensures smooth operation of communication networks. Another major challenge is the need to balance user requirements for privacy and anonymity with regulatory requirements. On the other hand, tomorrow s network security will provide the basis for many new communications and collaboration applications and secure communication networks will play a pivotal role with regard to public safety. It is therefore hard to overstate their importance to the global economy. Nokia Solutions and Networks (NSN) creates and markets solutions that deliver advanced security features for end users, enable the smooth operation of carrier networks, and protect what has become part of the critical infrastructures of our society. This paper outlines the security aspects of NSN s vision of tomorrow s connected world. It looks ahead to the year 2015 and analyzes security-specific trends as well as their impact on network developments and market requirements. Page 3

4 2. Introduction In future we will increasingly rely on the exchange of information via open, IP-based telecommunication networks. This development will place new, sophisticated requirements on these networks, for example: They will carry much larger volumes of information than today. This comes via millions of new customers of operators as well as the new bandwidth-hungry applications. Networks will therefore grow in order to accommodate the additional traffic, and new architectures will be needed to enable ubiquitous connectivity for multiple access types (fixed, wireless, mobile, etc.). In particular, sophisticated devices like smart phones will pose additional requirements related to mobile internet access. These developments will expose carrier networks to more security threats. At the same time, the potential damage caused by successful attacks will increase, as more and more businesses and applications will depend on network services. Tomorrow s networks will therefore become an increasingly attractive target for cyber-crime and cyber-terrorism. In turn this means that the protection of carrier networks against will become an important success factor for the global economy. In addition to ensuring network availability, maintaining user privacy, confidentiality and the integrity of communication processes will become increasingly complex. And the requisite security solutions must also balance these market requirements against regulatory requirements like law enforcement. This paper details the security challenges and the necessary security functions for tomorrow s communication networks. Chapter 2 analyzes general trends and their impact on security, e.g. new types of threats. In chapter 3 we detail selected technical developments in the network security area itself. Chapter 4 complements this analysis by exploring related regulatory topics. Chapter 5 outlines the way NSN approaches this multi-faceted topic. Finally, chapter 6 gives a summary of this document. Page 4

5 3. General Trends that Impact Network Security 3.1 New Threats The increased use of IP combined with ubiquitous connectivity will result in the introduction of a number of new threats. They will include more sophisticated and powerful attack tools and mechanisms (e.g. botnets) and we can expect to see commercial attack products becoming available at low prices. The company s vision of tomorrow s connected world is based on a simple, smart, flat architecture. This approach will result in significant benefits for operators and their customers, but since it is based on IP there are attendant risks. This is the case with all IP-centric networks. It is therefore necessary to implement powerful security mechanisms and to update them in line with the emergence of new threats. Network cores will be simpler in future but the edge of the network will be more complex, e.g. due to fixed-mobile convergence, software complexity, new service platforms and systems, new access technologies like Femto, I-HSPA, LTE, and the need for interoperation between new and established access technologies like UTRAN and WLAN. This means that the overall communications infrastructure will potentially result in more vulnerabilities and the increased likeliness of a wrong configuration, unwanted backdoors in software programs, etc. Taking appropriate measures against these threats and vulnerabilities is becoming more important. Not only are they increasing, but professionals and organized criminals are also mounting them for monetary reasons. Attacks are no longer limited to script kiddies and leisure time hackers, but follow mechanisms of a criminal eco-system. Number of security threats Fig. 1. Number of security threats in IP-networks. Page 5

6 3.2 New Challenges for Operators In addition to the general threats, new security challenges are also emerging specifically to operators, e.g. network operators. For example: Due to new business models, operators need to diversify and take on new roles: e.g. network operator vs. service/application provider, and virtual operator. Another factor is the need to differentiate between access and core providers. Therefore new modes of operation and practices have to be developed. Insider threats will increase due to increasing co-operation with sub-contractors, collaborators, partners, temporary relationships, etc. Operators will therefore look to implement new models for interoperator security assurance as well as sophisticated prevention systems against internal fraud. Solution providers like NSN will be requested to support these activities via related security solutions, e.g., in the areas of mutual security co-operation, intrusion detection/ prevention, Security Information and Event Management (SIEM) (see 3.2 below) and fraud management. Security spending of operators worldwide is growing strongly in the last year more than 7% - and this trend is set to continue with a CAGR of 11% from 2009 until 2014 (see Figure 2) Total market in million Euro Security market Year Fig. 2. Security spending of operators worldwide. Page 6

7 3.3 Telecommunication Network Solutions in Industrial and Rural Sectors The penetration of telco-like structures and IP technology in industrial areas (factory networks, remote control of manufacturing, plant operation, clinical communication, etc.) will increase further. The Stuxnet malware which received major news coverage in 2010 due to its objective to manipulate industrial processes and system control units, has demonstrated very clearly that such areas can no longer be viewed as protected areas, but face similar security challenges / threats as known from the public internet. However, in many cases staff having the requisite knowledge and experience may not yet be available, and the required organizational protection structures have not yet been established. Similar developments can also be seen in rural environments, particularly in the emerging markets where financial resources for sophisticated protection mechanisms may not be available. An additional challenge in rural areas comes from the fact that the network equipment might be physically exposed and therefore subject to vandalism and damage. Security gaps originating in industrial networks and / or rural networks may also impact core telecommunication networks or even whole economic infrastructures. New threats caused by this potential development will have to be analyzed and taken into account. Operators will therefore increasingly offer Security-as-a-Service functions for these sectors. 3.4 Network Equipment in Residential and Public Areas Home networks will be more sophisticated in future. They will go beyond simple WLAN/home router configurations and may, for example, integrate mobile network technologies using Home- (e)nodeb/ Femto base stations. Configuring all this advanced communications equipment and enabling a secure environment is an upcoming security challenge, e.g. related to access rights, the handling of possible closed subscriber groups, and the separation of local and external traffic. This issue is compounded by market requirements such as the need for remote control, Intelligent Building Technologies, surveillance functions and the fact that vendors cannot expect users to have technical knowledge. One of the research keywords in this area is therefore zero configuration security, ideally accomplished via a plug-and-play solution. Page 7

8 Eventually, LTE- based communication networks will require network elements to also be located in public environments, e.g. airport hot spots. Therefore possible threats caused by accidental or intended damage to the equipment have to be taken into account. 3.5 Smart Objects and Internet-of-Things (IoT) Network security today often relies on human interfaces e.g. using passwords and smart cards. In the future, more and more autonomous, embedded systems (often summarized as smart objects ) will become players in communication networks, e.g. residential consumer equipment with network interfaces, vending machines, any kind of sensors (machine-to-machine communications), and medical equipment. The latter could involve emergency applications based on telemetric sensors. Major changes and progress is particularly expected in an area called smart grid / smart energy, where telecommunication networks are used for a more efficient and smart energy distribution, and this might be complemented by smart meters at locations where power is consumed. Also, cars, trains and traffic lights (or other traffic control systems) are very likely to be upgraded with smart communications functions. Although some of these smart objects require sophisticated security functions, most of these systems will have to be cheap and simple, and they may also have limited functionality, which in turn means that new types of network security solutions will be needed. These demanding requirements will e.g. be via the development of low-cost ICs that enable secure, one-way-authentication and an identity that cannot be forged. 3.6 Impact of Virtualization and Cloud Computing Cloud Computing denotes the usage of shared servers, resources, software, and data, provided as a service by cloud providers in the Internet. Particularly by the use of virtualization and the related decoupling of software from hardware, cloud providers are expected to be able to offer their services at much lower cost and faster, and more flexible than traditional IT centers. Also, virtualization and cloud computing may offer security benefits as for example isolation of customers to provide multi-tenant applications. Page 8

9 On the other hand, security issues are currently the biggest blocking point and concern related to the use of cloud computing. In particular, traditional security mechanisms like traffic separation, security architectures using walled gardens, demilitarized zones, etc. are no longer applicable; instead, users of cloud services will depend on security functions offered by the cloud provider. Applications deployed on cloud systems are exposed to the Internet and will be accessed by many users. Correspondingly, they have to provide a so-called defense-in-depth strategy with multiple layers of security. Users of cloud services therefore have to carefully select a cloud provider based on the offered security functions and on the detailed contractual terms. For such a selection, a dedicated security checklist should be used. Also, a user should make a detailed threat and risk analysis to decide on which application is suitable for a cloud implementation and whether expected benefits like cost savings outweigh possible related security risks. 4. Selected Technical Trends and Challenges for Network Security While many network security areas will continue to evolve (e.g. firewalls, antivirus software and VPNs), there will be new trends and challenges in the network security area itself, and these may lead to disruptions as well as new business opportunities. The purpose of this chapter is not to give a comprehensive overview on all security functions (cf e.g. ITU-T Rec. X.805), but rather to focus on a number of selected new trends and challenges. Most of the expected security trends and challenges can be summarized to refer to the areas of: security assurance (verification of a certain behavior or security level, or of the compliance to security specifications or standards) and trust co-operation (methods, tools and organizational arrangements for security collaboration of two or more partners) 4.1 Ubiquitous Access Security Future telecommunication networks will be multi-access structures, allowing parallel access to fixed broadband (xdsl, cable, fiber) and mobile wireless networks. In addition there will be flexible, smooth roaming and handover between them. Such Fixed-Mobile- Convergence (FMC) solutions will enable ubiquitous access to a wide range of applications. Page 9

10 These multi-access structures will require related security solutions, e.g. maintaining security associations when changing to a new access network. These associations will include access agnostic security functions, follow-me security, session continuity with security context transfer, handover keying, and security context pre-establishment to prepare handover. In multi-access networks, the deployment of security solutions and related equipment has historically evolved over time, and often there is a zoo of different, dedicated equipment in various network parts, located at different locations. This results in a significant increase in complexity and there is also the possibility of unintended crosseffects between security functions. In turn this introduces difficulties in the management of these solutions. There is therefore a need for holistic security concepts for such networks, which often include functional consolidation, e.g. based on virtual firewall concepts, blade server solutions or UTM (Unified Threat Management) platforms. Quite often, the number of security devices can be reduced significantly by such concepts. A topic also related to multi-access networks is the need for personal (network-access independent) authentication which can e.g. be based on biometric identification such as fingerprints, or on citizen cards / medical cards, which can be combined with one-time tokens or passwords. It can be used for functions like parental control, medical applications, personalized services for individual persons or user groups. In some countries, government programs to support such personal authentication (e.g. electronic ID cards) have already been initiated. 4.2 Advanced Network Management Security Functions In addition to the ongoing evolution and improvement of current functions, the security functionality in the network management area will have to react to the new challenges outlined in section 2.2, as well as the growing complexity of future networks outlined in section 2.1. This means that security solutions from the area of Identity Management will also be used for network management purposes, e.g. for implementing centralized authentication of network management staff and authorization solutions across multiple heterogeneous networks. Centralized staff authentication and identity management systems will be further expanded in order to encompass network management of the whole network. Page 10

11 A further challenge for the network management security area is the need to handle and structure the information created by various network elements, to identify what information may be securityrelated, and to define appropriate counter-measures. For example, network management systems may create alarm and logging data, firewalls may block traffic and issue related notifications, IDS/IPS systems may identify and re-act to possible intrusions, etc. The challenge for an operator is to handle and structure all this information in order to identify real attacks or other security issues, to distinguish them from the large amount of noise (false positives) as well as cluster notifications, alarms, and logs belonging to the same event. And then the operator must react accordingly. This area is often referred to as Security Information and Event Management (SIEM). SIEM is considered to be one of the areas with significant market growth. Another aspect of network management is the fact that the configuration of network elements will require even more attention. Tomorrow s network architectures will be simpler fewer elements but logically they will be more complicated. A careless change in configuration data could cause a severe loss of service or more subtle, hard-to-detect problems that will impact on the quality and reliability of service. Formal verification of configuration data will therefore be needed before data is committed to network elements. Collection & Storage Analysis & Correlation Reports: Compliance & Performance Log data Incident Handling Alarms Collector Forensics Fig. 3. Security monitoring in the Network Management area. Page 11

12 4.3 Software Integrity New types of attacks to various devices often try to exploit weak SW/HW implementations by using root kits and manipulated firmware (e.g. targeting base stations). This increases the need to check the integrity of these devices, particularly in SW installation and update processes and before attaching or reattaching them to a communications network. Of course, proper security rules in software development processes, and the thorough implementation of hardening (e.g. closing unused TCP-/UDP ports and unused services) are a pre-condition for SW integrity protection. Additionally, further complementing mechanisms will most likely be needed in the future, particularly methods and mechanisms which can be applied to fight against unintended behavior, induced by hostile attacks - but also by unintended modifications - and thus are able to prevent and to detect malicious or harmful anomalies. These mechanisms may include Cryptographic SW integrity protection, trusted computing mechanisms and backdoor detection as well as malware detection (which is described in section 4.3.2) Cryptographic SW Integrity Protection Cryptographic SW Integrity protection (SW-IP) is based on good reference measurement values (describing the system as it has been implemented by the manufacturer) as reference for comparison with the real system at a certain stage of usage or operation (e.g. just before it is installed or booted). By nature, SW-IP does not try to examine or to understand any SW, data or any other content which is protected, but just identifies deviations from a verifiable correct sample; correspondingly, hostile code is detected if it is causing measurable changes in the original SW image. SW-IP mechanisms advantageously are based on PKI systems and code signatures to assure vendor governance and reliable security control. Initially SW-IP will be applied in scenarios like secure boot, secure SW delivery and installation. It is expected that in a few years, SW-IP mechanisms may also evolve to detect SW manipulations during the run-time of equipment, e.g. related to installed SW each time before it is loaded or during execution. This is one of the active research areas of NSN. Page 12

13 4.3.2 Trusted Computing Mechanisms To support cryptographic SW-IP, local mechanisms are also currently being discussed related to the trustworthiness of network equipment, e.g. attack resistant implementation of roots of trust and verification routines for local anomaly detection methods e.g., the application of trusted computing technologies (such as a Trusted Platform Module (TPM)). While such technologies may be widely accepted for standard IT systems (such as a standard processor based PC or Laptop), transfer of these onto network elements and integration into a telecommunication network environment and infrastructure is difficult and has to be balanced with alternative technologies (such as protected firmware, virtualization, process separation, or attack mitigation mechanisms), which may be easier to implement and might provide sufficient protection for many scenarios, even beyond the scope of SW-IP Backdoor Detection The term backdoor is often used to denote a hidden access to a system. Such a backdoor may be implemented with malicious intent to enable unauthorized retrieval of information. The term is sometimes also used to denote hidden programs installed for hostile or subversive purposes. In international discussions, particularly possible backdoors used for espionage are discussed. Backdoors are a major breach of trust related to the integrity of software. It is therefore very important that SW vendors deploy particular rules and checks within SW development and testing processes to make the deployment of backdoors as difficult as possible. NSN also sees the development of tools to detect backdoors as an important security research area. 4.4 Unwanted Traffic Unwanted traffic is known from (spam), and in the future is likely to extend to VoIP calls (SPIT = Spam in IP Telephony) and other areas (unwanted advertisements). There are anti-spam and anti-spit mechanisms that are based on blacklists, white lists and keywords, but they may be less successful in future since attackers are likely to hide or spoof their source address information and prepare for these mechanisms. Therefore, more sophisticated mechanisms will have to be created and deployed e.g., enhanced signaling interpretation, behavior or traffic analysis, or human user detection. Page 13

14 4.5 Malware and Botnets In the area of detection of malware (a term comprising all types of malicious SW, including viruses, worms, etc.), some major paradigm changes are expected. In particular, the traditional approach of pattern-based detection will have to be complemented by other mechanisms. Pattern-based (also called signature-based ) approaches try to identify known attack patterns in data or executable code or try to determine possible derived variants. Such anomalies will also be detected in integrity protected code, if the SW has been manipulated during creation or after verification of cryptographic protection. As malware can appear in different shapes (e.g. modified versions or even hidden in compressed data), for such (partly) unknown patterns heuristics have to be applied, which may come along with reduced malware detection coverage. Consequently, malware detection is able to examine dynamic changes in continuously modified systems, as long as the attack patterns are known or similarities with known patterns can be derived. In the future, pattern-based malware detection will be complemented by other approaches, e.g. by behavioral malware analysis, which compares a system s real behavior with an expectation of it or with known misbehavior. This allows black box views, without the need for any examination of HW or a code level implementation of a system. That way, systems can also be examined on protocol level without any knowledge of their internal structure or implementation details. A particular trend in the area of malware is the establishment of botnets, where infected computers (called bots ) are silently controlled by a herder or controller, who is able to instruct the bots for co-ordinated actions like spam distribution or running ddos attacks. Botnets often comprise hundreds or thousands of infected computers. For the detection and mitigation of botnets, typical malware detection mechanisms are not sufficient, but have to be complemented with detection mechanisms for traffic anomalies and unusual user behavior, the use of honeypots and botnet analysis structures, and a rapid information exchange about known botnet herders and their activities. Page 14

15 5. Regulatory Framework 5.1 Overall Challenge: Privacy versus Public Safety New threats and the possibility of increased impacts on network and economy infrastructures mean that tomorrow s communication networks will face a balancing challenge. On one hand they need to meet user requirements for privacy, anonymity, etc. On the other hand there are the requirements of society for public safety, protection against terror, and related user surveillance. These are not contradictory requirements. Security solutions can accommodate both privacy and public safety requirements if certain basic conditions are met: Transparency of the applied security mechanisms rather than security by obfuscation Clear and known roles, responsibilities, privacy levels, authorizations, etc., and their enforcement, rather than silent backdoors. NSN follows these principles in order to meet the challenge and find network security solutions that accommodate both requirements. Also, the implementation of privacy-enhancing technologies and privacy-by-design are important work areas to satisfy related requirements from end users, operators and authorities. 5.2 Lawful Interception (LI) Lawful interception capabilities are present in today s networks. There are minor deviations in the related legal framework from country to country, e.g., differences related to the rules on the signaling information (who communicates with whom) versus the rules on the communication content. In tomorrow s networks some new challenges for LI will emerge (e.g., P2P traffic and encrypted traffic) and corresponding standardization activities have already started in the 3GPP SA 3 LI working group. 5.3 Critical Infrastructures Due to the growing importance of telecommunication networks for a society, they are attributed to be part of the critical infrastructure, similar to traffic infrastructure, governmental institutions, the health system and energy distribution networks. Page 15

16 Broad national-scale attacks on networks in Estonia, and other similar attacks associated with military conflicts have shown that the telecommunication infrastructure is vulnerable and exposed to attacks. Furthermore, it also can function as an attack path to a country s other critical infrastructures (see Figure 4). Governments in many parts of the world have therefore started initiatives to ensure that attacks on this infrastructure become as difficult as possible. Examples are the European activities on CIIP (Critical Information Infrastructure Protection) and on NIS (Network and Information Security). Telecommunications Networks: Critical Infrastructure and Link between Critical Infrastructures Electricity Food/water supply Government Telecommunication Network Finance Traffic & Logistics Emergency Health Care Fig. 4. Telecommunications networks: critical infrastructure and link between critical infrastructures. 5.4 Security Compliance Current network equipment is typically subject to sophisticated security tests and vulnerability scanning. To cope with threats emerging in the future, it is foreseen that the telecommunication vendors testing and security processes will have to be further refined and will be more intensively verified and demonstrated. Statementsof-compliance detailing which security measures have been applied will be one way to communicate the efforts. Establishment of stronger trust co-operations between vendors, network operators and government authorities are already on the way. In general, compliance requirements will also be a major driver for stronger deployment of security functions, e.g. related to data loss prevention, SIEM, identity management, business continuity management and information security management systems. Page 16

17 6. NSN Security Approach 6.1 General Product Security Taking the earlier outlined trends, challenges and regulatory frameworks into account, NSN has established a number of security rules, guidelines, processes and awareness programs for its development units to be applied across the whole Software Development Lifecycle. A detailed mandatory security framework, including both proactive and reactive security measures, is in place. Proactive measures include: mandatory e2e security concepts for all products/solutions full flavored Security Development Lifecycle tailored to the special needs of telecommunication equipment security awareness program throughout all business units, including security seminars and trainings with regular updates clear rules on secure software development (e.g. promoting secure coding practices and general application of completeness checks ) sophisticated security testing and independent auditing Reactive measures include: best-in-class security vulnerability monitoring and patching system rapid sales and service information on newly detected vulnerabilities In addition to these rules, vendor/carrier trust relationships have been established. These include lab visits, security test information sharing and security monitoring co-operation. An important cornerstone of NSN security strategy is also the fact that the company carries out its own security research as well as active standardization support. This ensures that state-of-the-art security functionalities are incorporated into the company s products. NSN also leads the multicompany project Asmonia (www.asmonia. de) on attack detection and protection concepts for future mobile networks, funded by the German government (BMBF). NSN further co-operates closely with a number of leading security vendors to provide a complete portfolio of security products. Page 17

18 Improve operational efficiency Enhance Customer experience Drive new revenue streams NGN Security Identity & Access Mgmt. for Subscribers Revenue Assurance Network Security as a Service Content Security Identity & Access Mgmt. for OSS/BSS Fraud Management Content Security as a Service Security Management Identity Mgmt. for Network Elements Remote Access as a Service Security Consulting, Integration & Care Services Fig. 5. The right services and solutions to improve operation efficiency, enhance customer experience and drive new revenue streams. 6.2 Security Solutions for Operators NSN offers a full range of security services and solutions to meet the specific needs of operators. Customers can choose from a wide set of security services to complement their in-house security resources. They can also select the needed NSN turnkey security solutions, which are based on bestof-breed 3rd party products. All solutions are fully customizable with an emphasis on customer interaction throughout the entire consulting and delivery process. Operators can rely on the skills and experience of NSN professional security consultants to safeguard against the full spectrum of threats in today s mobile (2G, 2.5G, 3G, LTE) and fixed-line networks Security Solutions For today s networks a proper IP design including the appropriate security is essential. This is a combination of security specific devices (Firewalls, Intrusion Detection & Prevention Systems, Anti-Virus, and Anti-Spam) and an inherently secure configuration of core technology like routers, switches, GGSN, network servers, and application servers. NSN offers turnkey Security Solutions which cover operator-specific issues. They comprise a bundle of pre-integrated, secure network elements (both hardware and software) and a pre-defined set of services. The security portfolio is complemented by best-of-breed security products from suppliers like Check Point, Cisco, Crossbeam and Juniper. Page 18

19 NGN Security provides efficient and reliable security for networks transforming to all-ip. The solution protects the network (e.g. LTE-transport, Mobile Packet Core, IMS, SDM) against security attacks, e.g. intrusion, eavesdropping, hacking, denial of service, sniffing and botnets and protects data from unauthorized access, manipulation and misuse. It also fulfills compliance requirements from standardization and regulatory bodies (e.g. 3GPP) Content Security improves operator s competitive advantage through secure customer experience and differentiation as clean service provider (e.g. secure browsing gateway). The solution protects customers from spam, viruses and malware and supports the fulfillment of regulatory requirements (e.g. child protection). By reducing unwanted traffic, the solution frees up bandwidth and saves system resources and thus saves OPEX. Security Management NSN Security Management Solutions help operators to keep control of security incidents and security status. The solutions are also aimed to support compliance requirements. Two major components of Security Management are Security Operation Centre (SOC), the main customer benefit of which is the reduction of OPEX by centralizing security monitoring and management, and Security Information & Event Management (SIEM), where the value is in the consolidation and analysis of security information from a huge number of different sources (e.g. Firewalls, Web-Servers, Routers, MSC, GGSN). Identity & Access Management NSN provides Identity & Access Management solutions for: Subscribers To simplify their experience through single sign-on and federated services. In addition, operators have the opportunity to generate revenue from subscriber data assets as a trusted identity provider. Operator employees in the OSS/BSS domains The Identity & Access Management solutions in the OSS/BSS domains include for example Role Based Access Control, Unified User Management and Single-Sign-On. All the solutions aim to simplify the daily operations and thus reduce OPEX. At the same time the solutions increase the level of security and the fulfillment of compliance and regulations. The solutions can also prevent unauthorized changes resulting in outages, which could then cause churn. Page 19

20 Network Elements Identity Management for Network Elements (e.g. enodeb) via Certificates as part of an operator PKI reduces OPEX and prevents loss of revenue, damage to image, subscriber loss and contractual penalties. Securing key network elements via certificates provides business benefits for operators as secured infrastructure prevents service and business disruption.the solution also enables secure, encrypted and remote management including pointed software updates. Security as a Service Providing Security as a Service to their business- and private customers opens up new sources of predictable revenue streams and growth for operators. These solutions provide a flexible suite of cloud/network-based security services with pre-defined and easily selectable service packages available to end customers independent of user end device (PC, notebook, netbook, smart phone). Security as a Service modules include Content Security (secure web/ ), Network Security (perimeter protection, intrusion and basic ddos prevention) and Remote Access. Revenue Assurance & Fraud Management NSN offers a modular, flexible service portfolio and complete turnkey solutions for Revenue Assurance and Fraud Management. The company provides consulting and integration services plus fully automated tools that detect, analyze and recover revenue leakage Security Consulting NSN supports its customers by designing and implementing security strategies, processes and policies that tie security issues to business requirements. Experienced security consultants support operators with the following security core topics: With a broad range of Security Assessment offers, e.g. Vulnerability Assessment, Penetration Testing, Security Audits, NSN helps its customers to reduce the risk of security incidents. Business Continuity services reduce the risk of revenue loss and churn due to service outage and reduce time and cost to recover from an incident. Security Governance services support operators to manage the balance between threat, risk and control. NSN provides advice on the security strategies, architectures and governance approaches to maximise the effectiveness of shrinking security budgets. Operators encounter increasing challenges to meet government and industry security compliance requirements. NSN Compliance Consulting helps to achieve compliance cost effectively and to streamline compliance reporting processes. Page 20

Network Security. Hard to overstate its importance

Network Security. Hard to overstate its importance Network Security Hard to overstate its importance 2008 Network Security Resume This paper outlines the security aspects of the Nokia Siemens Networks Vision of tomorrow s connected world. It looks ahead

More information

Security Solutions Secure your network and minimize the risks

Security Solutions Secure your network and minimize the risks Secure your network and minimize the risks 02/08 Charting a safe path to the future Security is becoming one of the major business concerns for telecommunications around the globe. In the past, security

More information

Nokia Networks. security you can rely on

Nokia Networks. security you can rely on Nokia Networks security you can rely on Protecting communication networks is critical 7 billion mobile subscriptions in 2014 1 Mobile broadband network traffic expected to grow by a factor of 1,000 by

More information

Security MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved.

Security MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved. Security MWC 2014 2013 Nokia Solutions and Networks. All rights reserved. Security Ecosystem overview Partners Network security demo + End-user security demo + + + + NSN end-to-end security solutions for

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem FIGHTING FRAUD ON 4G Neutralising threats in the LTE ecosystem TABLE OF CONTENTS Introduction...3 New and Old Vulnerabilities...4 Identity Management...5 A Unified Response...6 Data Mining...7 An Evolving

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Managed Security Services for Data

Managed Security Services for Data A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified

More information

Nokia Siemens Networks mobile softswitching Taking voice to the next level

Nokia Siemens Networks mobile softswitching Taking voice to the next level Nokia Siemens Networks mobile softswitching Taking voice to the next level Providing an answer for today and tomorrow Evolving technologies Nokia Siemens Networks provides a solid platform for the future

More information

Security Executive Summary. Securing LTE Radio Access Networks Effectively

Security Executive Summary. Securing LTE Radio Access Networks Effectively Security Executive Summary Securing LTE Radio Access Networks Effectively LTE networks require a dedicated security solution As an all-ip technology, LTE brings new capabilities to improve the customer

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Guiding principles for security in a networked society

Guiding principles for security in a networked society ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in

More information

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk Proposed PhD Research Areas I am looking for strong PhD candidates to work on the projects listed below. The ideal candidate would have a mix of theoretical and practical skills, achieved a distinction

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

Alcatel-Lucent Services

Alcatel-Lucent Services SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or

More information

Business aware traffic steering

Business aware traffic steering Nokia Networks Business aware traffic steering Nokia Networks white paper Business aware traffic steering Contents 1. Executive Summary 3 2. Static load or QoS-based traffic steering alone is no longer

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

How to secure an LTE-network: Just applying the 3GPP security standards and that's it? How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

SECURITY IN THE INTERNET OF THINGS

SECURITY IN THE INTERNET OF THINGS The Intelligence in the Internet of Things SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future By AJ Shipley, Senior Director, Security Solutions, Wind River INNOVATORS START

More information

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ALCATEL-LUCENT OPENTOUCH SESSION BORDER CONTROLLER A SECURE SOLUTION FOR BORDERLESS CONVERSATIONS APPLICATION

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Fraud Detection for Next-Generation Networks

Fraud Detection for Next-Generation Networks Fraud Detection for Next-Generation Networks Name of company/ies submitting case study: University of Deusto Web links to company/ies submitting case studies: http://www.deusto.es http://www.fundacion-deusto.deusto.es/

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions EXECUTIVE SUMMARY Outdoor wireless networks are playing a vital role in helping municipalities deliver critical services to citizens.

More information

Bachelor of Information Technology (Network Security)

Bachelor of Information Technology (Network Security) Bachelor of Information Technology (Network Security) Course Structure Year 1: Level 100 Foundation knowledge subjects SEMESTER 1 SEMESTER 2 ITICT101A Fundamentals of Computer Organisation ITICT104A Internetworking

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009 S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information

Research Topics in the National Cyber Security Research Agenda

Research Topics in the National Cyber Security Research Agenda Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Efficient evolution to all-ip

Efficient evolution to all-ip Press information June 2006 Efficient evolution to all-ip The competitive landscape for operators and service providers is constantly changing. New technologies and network capabilities enable new players

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Embedded Java & Secure Element for high security in IoT systems

Embedded Java & Secure Element for high security in IoT systems Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product

More information

The Cisco ASA 5500 as a Superior Firewall Solution

The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls

More information

Cisco Satellite Services Platform Delivering Managed Services over Satellite

Cisco Satellite Services Platform Delivering Managed Services over Satellite Solution Overview Cisco Satellite Services Platform Delivering Managed Services over Satellite With the increase in available bandwidth from the launch of high-throughput satellites, satellite service

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Cyber Threats in Physical Security Understanding and Mitigating the Risk Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.

More information

Nokia Siemens Networks Flexi Network Server

Nokia Siemens Networks Flexi Network Server Nokia Siemens Networks Flexi Network Server Ushering network control into the LTE era 1. Moving towards LTE Rapidly increasing data volumes in mobile networks, pressure to reduce the cost per transmitted

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

Femtocell: Femtostep to the Holy Grail

Femtocell: Femtostep to the Holy Grail . Femtocell: Femtostep to the Holy Grail... Ravishankar Borgaonkar, Kévin Redon.. Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Network Security in Building Networks

Network Security in Building Networks Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content

More information

Clean VPN Approach to Secure Remote Access for the SMB

Clean VPN Approach to Secure Remote Access for the SMB Clean VPN Approach to Secure Remote Access for the SMB A clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. CONTENTS Extending Business Beyond

More information

A Model-based Methodology for Developing Secure VoIP Systems

A Model-based Methodology for Developing Secure VoIP Systems A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

Threat-Centric Security for Service Providers

Threat-Centric Security for Service Providers Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

AMI security considerations

AMI security considerations AMI security considerations Jeff McCullough Introduction Many electric utilities are deploying or planning to deploy smart grid technologies. For smart grid deployments, advanced metering infrastructure

More information

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.

More information

Trusted Network Connect (TNC)

Trusted Network Connect (TNC) Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Internet Content Provider Safeguards Customer Networks and Services

Internet Content Provider Safeguards Customer Networks and Services Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor

More information

Building a Web Security Ecosystem to Combat Emerging Internet Threats

Building a Web Security Ecosystem to Combat Emerging Internet Threats I D C V E N D O R S P O T L I G H T Building a Web Security Ecosystem to Combat Emerging Internet Threats September 2005 Adapted from: Worldwide Secure Content Management 2005 2009 Forecast Update and

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

Security Threats on National Defense ICT based on IoT

Security Threats on National Defense ICT based on IoT , pp.94-98 http://dx.doi.org/10.14257/astl.205.97.16 Security Threats on National Defense ICT based on IoT Jin-Seok Yang 1, Ho-Jae Lee 1, Min-Woo Park 1 and Jung-ho Eom 2 1 Department of Computer Engineering,

More information

Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

More information