Auditing in TMF615 and its Benefits



Similar documents
Risks in Middleware Migration- Demystifying the Journey

Standardize & Manage Test Environments

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Freight aggregation in order fulfilment lifecycle to achieve better freight planning

BETTER DESIGNED BUSINESS PROCESSES

Analytics in an Omni Channel World. Arun Kumar, General Manager & Global Head of Retail Consulting Practice, Wipro Ltd.

DB2 to Oracle database Migration during JD Edwards Upgrade

Evaluating Managed File Transfer Solutions

Software vendors evolution in the new industry paradigm

Mobile Application Management. Anand Kale Mobility Solutions Head- Banking & Financial Services, Wipro Mobility Solutions

CRITICAL SUCCESS FACTORS FOR A SUCCESSFUL TEST ENVIRONMENT MANAGEMENT

SaaS Maturity Evolution for Transforming ISVs business

Revenue Enhancement and Churn Prevention

The Mobile Enterprise: Employee Self Service. Deepali Majumder, Senior Consultant, Wipro Mobility Solutions

Partnering for Success: Transitioning from Shared Services to Global Business Services

Agile Change: The Key to Successful Cloud/SaaS Deployment

NFV and its Implications on Network Fault Management Abhinav Anand

Incentive compensation drivers and best practices

EMPOWER YOUR ORGANIZATION - DRIVING WORKFORCE ANALYTICS

PREDICTIVE INSIGHT ON BATCH ANALYTICS A NEW APPROACH

UNIVERSAL INVESTMENT BANKING RETRACING GROWTH PATH

Enriching In-Store Experience with Analytics

BENCHMARKING THE ENTERPRISE S B2B INTEGRATION MATURITY

INTERNET OF THINGS Delight. Optimize. Revolutionize.

MOBILITY AS A SERVICE (MaaS)

CHANGING NATURE OF THE WEALTH MANAGEMENT INDUSTRY

How To Manage A Supply Chain

Software Defined Infrastructure The Next Wave of Workload Portability Vinod Eswaraprasad Principal Architect, Wipro

High Performance Analytics through Data Appliances

CONNECTED HEALTHCARE. Multiple Devices. One Interface.

MANAGING LINEAR ASSETS Managing Linear Assets has always been a challenge; find out how customers leverage SAP to meet industry requirements.

CENTRALIZED CONTROL CENTERS FOR THE OIL & GAS INDUSTRY A detailed analysis on Business challenges and Technical adoption.

Re-Shaping Retail Integration. Changing retail landscape with Social-Mobile-Analytics-Cloud.

Retail Out-of-Stock Management:

OPTIMIZING INSURANCE DISTRIBUTION THROUGH A HYBRID MODEL

How To Design An Invoice Processing And Document Management System

Telecom Analytics: Powering Decision Makers with Real-Time Insights

OPERATIONAL BENCHMARKING DRIVING BUSINESS EFFICIENCY

DIGITAL WEALTH MANAGEMENT FOR MASS-AFFLUENT INVESTORS

Enterprise Architecture for Communication Service Providers: Aligning Business Goals to IT

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

UP IN THE CLOUD

OPTIMIZATION OF QUASI FAST RETURN TECHNIQUE IN TD-SCDMA

Transforming Distribution Utilities

WIPRO S MEDICAL DEVICES FRAMEWORK

Manage Your Leads Well to Boost Sales Volumes Anupam Bhattacharjee Shine Gangadharan

Intercompany Reconciliation and Settlement. WIPRO CONSULTING SERVICES Business Methods Series.

TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

Powering the New Supply Chain: Demand Sensing for Small and Medium-Sized Businesses

An Integrated Validation Approach to SDN & NFV

Real-Time Data Access Using Restful Framework for Multi-Platform Data Warehouse Environment

Going Seamless with SIAM. Why you need a platform-based approach for Service Integration and Management

ACCOMMODATING IOT / M2M REQUIREMENTS IN THE CELLULAR ECOSYSTEM Mahendra Agarwal Architect, Wipro Tecnologies

Future of Minerals Exploration Helping the mining industry go deeper.

Data Quality Obligation by Character but Compulsion for Existence Sukant Paikray

KEEPING ENERGY M&As ON TRACK WITH EARLY IT ENGAGEMENT

ENCOURAGING STORE ASSOCIATES IN AN OMNI CHANNEL WORLD MAKING INCENTIVE SCHEMES TRUE AND FAIR

THE TELCO MOBILE COUPON BUSINESS OPPORTUNITY

The Global Supply Chain Goes Collaborative

Amanda, a working mom, spotted a summer skirt on the website of a top clothing brand and ordered it. When the skirt arrived it was the wrong color.

THE FORECAST FOR CLOUD IS SUNNY Sudeshna Bhadury

CONDIS. IT Service Management and CMDB

Petroleum Retailers Ready to Fuel Omni-channel for a Seamless Customer Experience Sudhansu Choudhury Senior Consultant, Wipro

The Wipro NxtGen MEMS Advantage. Wipro NxtGen MEMS

Addressing Need-Based Consumerism for Cloud Services Robert Bates SMAC Architecture Group Head, Advanced Technologies & Solutions

SMART FACTORY IN THE AGE OF BIG DATA AND IoT

RIGHT INTEGRATION STRATEGY - A CORNERSTONE FOR OMNI-CHANNEL RETAIL

Open Source Software and The Enterprise

ENSURING SUCCESS IN AN AGILE-UX ENGAGEMENT

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

HR - A STRATEGIC PARTNER Evolution in the adoption of Human Capital Management systems

WIPRO S ENTERPRISE UNIFIED COMMUNICATION AND CONTACT CENTER MANAGED SERVICES

NATURAL RESOURCES: Mining the way ahead

DIGITAL INTEGRATED PLATFORM: BRINGING RESILIENCE TO CONSTRUCTION ENTERPRISE

Community Analytics Catalyzing Customer Engagement Srinath Sridhar Wipro Analytics

mhealth SOLUTIONS EMPOWER MASSES WITH AFFORDABILITY, ACCESSIBILITY AND QUALITY HEALTHCARE Santhosh Kumar Madathil Aparna Kumpatla

Transcription:

Auditing in TMF615 and its Benefits MOHAMMED IBRAHIM ALEEM www.wipro.com ARCHITECT, WIPRO TECHNOLOGIES

Table of contents 02... Introduction 03... Auditing in TMF615 Specification 04... Security Breach Problem Description 05... Problem Analysis using TMF615 Auditing 06... Finding the Login Account and User 07... Finding the Login and Logout time 08... Gathering User Information 08... Checking the Account in the Target 08... Who Created the User? 09... What Were the Details of This Suspect User? 09... Who Created the Account? 10... Asynchronous Mode in Auditing 11... Conclusion 12... Appendix 12... References 12... Terms and Definitions 13... About the Author

Introduction TMF615 specification, a specification detailed by the TM Forum, empowers service providers by enabling centralized user management by detailing an interface between the centralized and local user management systems. TMF615 specification also has an exceptionally strong auditing feature which provides a comprehensive mechanism to monitor all the user and admin activities in the service provider network. This auditing feature can be effectively used in monitoring the security of the enterprise. This whitepaper lists out the advantages of auditing in TMF615 specification and explains through scenarios as to how exactly it can be used to resolve security issues. It is clear that monitoring security breaches through TMF615 auditing will help create a compliant and risk optimized system that will have a definite competitive advantage. TM Forum or the Tele- management Forum is an international association of industries that seeks to deal with the complex issues that are inherent in the business of service provision. Vendors subscribe to the standards, specifications and procedures directed by the TMF. Wipro has found it expedient to comply with TMF s guidelines to provide the best value to its customers. In this paper, we discuss TMF615 specifications in particular and how complying with these specifications can help investigate and, thereby, minimize security risks. Telecom service providers have for long lived with the problem of provisioning/managing users and access rights across the various OSS (Operation Support System) products managing the network. In order to address this major issue, TM Forum has developed the TMF615 specification which advocates managing the entire user provisioning and auditing needs from a single place for the entire organization. In Wipro s own experience with telecom service providers, auditing with these specifications has been useful in detecting security threats and managing the network effectively. The below figure gives a overview of current problem pertaining to User Provisioning in large service networks with multiple OSS vendor solutions. OSS Provider 1 User Management Network OSS Provider 2 OSS Provider n User Management Process Flow of User Management in Heterogeneous Networks 02

TMF615 Solution TMF615 specification details an interface which makes it possible for service providers to consistently provision telecom OSS operator s access rights and authorities across systems using a central user management system (UMS-C). The interface deals with the information exchange required between UMS-C and local user management system (), related to the provision of access rights, authorities and auditing. is a local UM solution for the OSS, which is usually vendor specific OSS. TMF615 specification introduces the concept of UMS-C and, and provides a Web Services based integration profile. Following are some of the key advantages of TMF615: Centralized User Provisioning across the Network Ability of Service Provider to Define Roles Centralized User Auditing Significant Savings in terms of Money and Effort Each administrator action at UMS-C will result in a simple object access protocol (SOAP)/http message coming to, which will be processed, based on the request type and appropriate response will be sent back to UMS-C. The picture given below illustrates the process. User Access OSS Provider 1 Network OSS Provider 2 WSDL/SOAP UMS-C OSS Provider n User Management User Access TMF615 Compliant User Management 03

Auditing in TMF615 Specification Auditing is absolutely necessary for any user management system to monitor the activities of provisioned users/administrators and prevent misuse. TMF615 specification supports two types of auditing. Status Audit This is mainly used to synchronize UMS-C and with each other. This checks the user accounts and their authorities currently at. Following are the Status Audit operations supported by TMF615 specification: User Provisioning Information Target Account Information Audit Trail This deals with monitoring the activities of provisioned users over a period of time and is very critical to security. Reports which provide details on the user status and actions performed can be generated. Following are the Audit Trail operations supported by TMF615 specification: User Admin Operations User Provisioning Operations Target Admin Operations Targets Account Usage Targets Authorization Usage In order to get more information on individual audit operations, please In the following chapters, we explain each of the advantages of auditing mentioned in the TMF615 specification. To make the benefits clearer, we consider a practical problem scenario and show how different auditing features can be used for analysis and reporting. Problem Description- Security Breach A major problem faced by operators is the constant threat to security. A number of operators work round the clock to ensure that there is no loss of service to the subscribers while simultaneously ensuring that there is no loss of revenue data which is a prerequisite for billing purposes. Each of these operators has a unique role and is dedicated to specific tasks like monitoring network events, faults etc. There are number of applications which the operators use for effective monitoring and reporting purposes. Typically, the operator who monitors the network is intimated of many critical alarms indicating the loss of events from the network. This is quickly escalated to the network administrator. The network administrator during his monitoring of the telecom network discovers that the configuration of the critical section was radically transformed leading to service outage to the end customers. It leads to major management escalation as it caused a huge revenue leak and loss of credibility for the organization. The below figure depicts this problem. check TMF615 specification document from TM Forum. Network OSS SSO Network update User Access Security Breach Network Configuration Change 04

Problem Generation- How is the problem created? The following diagram is a pictorial representation of how the administrator creates a new user. The user is added to the which, in turn, updates the Database store. Automatically, the OSS application is updated with the new User Account along with its role. UMS-C DataStore Target/ OSS Application Create New User AddUser() Admin Create User and Accounts with Role () Create User and Accounts with Role () AddUser() Sequence Diagram Administrator Creates a New User Subsequently, the new User logs in and updates the network configuration creating the problem, as illustrated below. OSS SSO Application DataStore Target/OSS Network Login() User Logout() Update Network Configuration () Update Network Configuration () Sequence Diagram User Changes the Network (Problem Creation) 05

In the final act the user and its accounts are deleted by the administrator, this is illustrated below. UMS-C DataStore Target/ OSS Application Delete User Remove User() Admin Delete User and Accounts with Role () Delete User and Accounts with Role () Remove User() Sequence Diagram - Admin Deletes the User Problem Analysis- Using TMF615 Auditing Ideally, the operators who were assigned the role of Network Configurators (usually administrators or senior operators) could have implemented the network update activity. However, initial investigation revealed that none of them were actually present in office when the security breach was suspected. The TMF615 Audit feature provides a good framework for tracking and locating the exact problem. Following is a step-by-step procedure that can be followed by the auditor to resolve this specific issue. See how after every step, the auditor finds more critical information that helps him get to the root of the problem. All the steps have been mapped to audit functions mentioned under TMF615. The first task is to find the login account and user. Finding the Login Account and User The only information available to the auditor at this stage is that any operator who has been assigned the role of Network Configurator is capable of damaging the network. In order to find out which users/accounts were used with this role during that time period, the auditor can use the audit operation Target Authorization Usage. This audit operation gives a list of all accounts (and their users) which posses the role Network Configurators and were active during the specified time period. Now in this list, the auditor has to scan the accounts/users and find out the account used and the suspect user. After a brief analysis, the auditor isolates the account/user which seems to be dangling and does not actually belong to any of the existing operators or administrators. Finding the login account & user Target Authorization Target Authorization Mapped to Usage under Usage gives a TMF615 Process list of all Output accounts (and their users) Suspect user & account ID The next task is to locate the time period when the suspect account was actually used. 06

Finding the Login and Logout time In order to find the exact time slot when the suspect account was This audit operation gives the exact time slot, with login and logout time, during which this account was active. This establishes the user, account and the time duration during which the damage was inflicted. active, the auditor uses the audit operation Target Account Usage. Finding the login & logout time Target Account Usage under Target Account Usage gives the Mapped to TMF615 exact time slot Process with login & Output logout time Time slot of the security breach Gathering User Information In order to gather all the details about the user, the auditor uses the audit operation User Provisioning Information. This audit operation However, it might happen that this audit operation does not yield any significant result. The lookup user operation informs that the user does not exist. gives all the user details like accounts, roles and its working schedule. Gathering user information User Provisioning Information under TMF615 User Provisioning Operations gives user details like accounts, role and working schedule Mapped to Process Output User does not exist Checking the Account in the Target As the user is not found, the auditor tries to check if the account exists only on a target system without user association, like a dangling Information". This operation might not lead to any substantial information either. The auditor now believes that the problem in the network is not a mistake committed while using the tools but a clear case of intentional security breach. account. For this the auditor uses the audit operation "Target Account Checking account in the target Target Account Information Mapped to under TMF615 Process Output Target Account Usage provides account information Suspect account does not exist on target The next steps are crucial in locating the exact problem. 07

Below is a sequential illustration of the process by which the auditor is able to track down the User, account and time slot of the problem. Auditor UMS-C Datastore 1.a Finding the login account and User 1.d Finding the login account and User 1.b Target Authorization usage() 1.c Target Authorization usage() 2.a Finding the login and Logout time 2.d Finding the login and Logout time 2.b Target Account usage() 2.c Target Account usage() 3.a Gather all the user information 3.d Gather all the user information 3.b Users Provisioning Information() 3.c Users Provisioning Information() 4.a Check the account in the Target 4.d Check the account in the Target 4.b Target account Information() 4.c Target account Information() Sequence Diagram Auditor Locates Suspect User, Account & Time Slot of Problem Creation Who Created the User? In order to determine who was responsible for creating the user, the auditor uses the audit operation User Admin Operations and specifies the time range in which the deed was committed. This audit the suspected user was created and deleted after a short span of time. Also, it reveals crucial information about which of the existing administrators created it. Administrator can be identified using the request identifier at UMS-C. operation gives a wealth of information to the auditor. It reveals that User creation User Admin Operations User Admin Operations Mapped to under TMF615 provides Process information about Output the administrator who created the user Suspect account does not exist on target What were the Details of this Suspect User? Auditor can use the audit operation User Provisioning Operations to determine the exact provisioning details of this user. Details of the suspect user User Provisioning User Provisioning Operations Mapped to Operations provides under TMF615 Process provisioning details Output Provisioning details of the user 08

Who Created the Account? at the root of the problem is identified by using the advanced audit features supported by TM615 specification. Thus, the TM615 specification is successful in delivering in a situation that requires investigation into a security breach problem. Similarly, several other problems can also be identified and resolved by the TM615 specification. Finally, in order to determine similar details for the account, the auditor uses the audit operation Target Admin Operations and specifies the time range. This step reveals that the suspected account was created and deleted after a short span of time. More importantly, the administrator responsible for creating it is identified. The administrator who is Creator of the account User Provisioning Operations under TMF615 User Provisioning Operations provides provisioning details Mapped to Process Output Provisioning details of the user Below is a sequential illustration of how the auditor is able to isolate the details of the suspect User, account and administrator 5.a Who created the user? 5.d Who created the user? 6.a Get the details of this suspect user 6.d Get the details of this suspect user 5.b User Admin Operation() 5.c User Admin Operation() 6.b Users Provisioning Operations() 6.c Users Provisioning Operations() Get Admin Operation Data() Get Admin Operation Data() Get History User Data() Get History User Data() 7.a Who created the account? 7.d Who created the account? 7.b Target Admin Operations() 7.c Target Admin Operations() Get History Account Data() Get History Account Data() Sequence Diagram Auditor Gets Details about Suspect User, Account & Administrator 09

Future challenges: Asynchronous Mode in Auditing The only aspect of auditing that TMF615 leaves unresolved is the asynchronous mode of auditing. This, however, is a challenge for the future. As depicted in the illustration below, the asynchronous mode of auditing allows the to collect auditing data regularly and send the reports to UMS-C. Such reports are extremely useful to the administrator in managing and monitoring the OSS security effectively. UMS-C DataStore Target/ OSS Application Create New Auditing Request Enable Auditing() Admin Activate Auditing Log Collection() Activate Auditing Log Collection() Enable Auditing() Collect Audit Data() Auditing Report Collect Audit Data() Collect Audit Data() Auditing Report Collect Audit Data() Sequence Diagram Asynchronous Mode in Auditing Compliant and risk optimized solution TMF615 is specifically geared towards enhancing the efficiency of a system focusing on the security threats that plague modern result in compliant and risk optimized solutions that have a distinct competitive advantage. Given this benefit, it is only a question of time before more telecom services providers adopt TMF615 specifications to ward-off security threats and manage the system more effectively. organizations and systems. Systematic investigation of security breaches 10

Conclusion It is clear that TMF615 supported auditing delivers huge benefits to service providers. Auditing can also be managed completely at the UMS-C, if it captures all the user provisioning data sent to sthe major advantages of TMF615 are: Centralized management of all operators in the service provider network Single sign on/off can be realized quickly through proper integration with TMF614 specification Increased security with the auditing feature Increased security due to proper management of operator permission and schedule Following future improvements are being considered for enterprise security at TM Forum: Asynchronous operations support Enhanced error reporting More information for operators relating to integration and migration to TMF615/TMF614 and SCA standards Specific ongoing work in order to standardize audit through "Security Compliance Audit Automation (SCA)" Faster user provisioning and increased automation leading to considerable cost benefits Despite these improvements suggested for the future, TMF615 is definitely geared towards creating compliant and risk optimized systems. Telecom services providers would have a competitive edge were they to adopt this solution for their systems. 11

Appendix References Terms and Definitions TM Forum. TMF615 Specification. Website: http://www.tmforum.org/informationagreements/tmf615telec omoss/37358/article.html Unified Modeling Language (UML). Website: http://www.omg.org/spec/uml/ World Wide Web Consortium (W3C). SOAP 1.2 Specification. Website: http://www.w3.org/tr/soap12 Oasis Advancing Open Standards for the Information Society. SPML 2.0 specification. Website: www.oasis-open.org/specs/ etom enhanced Telecom Operation Map NE Network Element OS Operating System OSS Operation Support System SOAP Simple Object Access Protocol SSO Single Sign On TMF Tele Management Forum World Wide Web Consortium (W3C). WSDL 2.0 Specification. Website: http://www.w3.org/tr/wsdl20 12

Mohammed Ibrahim Aleem is an Architect working with Wipro's Global Media and Telecom division. He has extensive experience is architecting/designing and providing consultancy for telecom OSS solutions. He is a specialist in the areas of identity management and security. He has been involved with many telecom solution implementations and consulting assignments and is well aware of the processes, standards and the best practices involved. He is an active member of the Enterprise Security Group at TM Forum and is working closely towards the development of user management and single sign on/off standards. Wipro in Media & Telecom Wipro Global Media and Telecom is the newly formed SBU which combines Telecom Equipment Vendors (TEV), Global Communications Service Providers (GCSP) and Media & OTT business units globally. Wipro is a strategic partner across the digital supply chain starting from content creation to content consumption and uniquely positioned to address Digital transformation and help organizations Do Business Better in a Digital World. Wipro s vertically aligned business model gives a deep understanding of customers businesses to build industry specific solutions, while technology service lines provide the ability to design new solutions on emerging technologies delivering winning business outcomes. About Wipro Technologies Wipro Technologies, the global IT business of Wipro Limited (NYSE:WIT) is a leading Information Technology, Consulting and Outsourcing company, that delivers solutions to enable its clients do business better. Wipro Technologies delivers winning business outcomes through its deep industry experience and a 360 degree view of Business through Technology helping clients create successful and adaptive businesses. A company recognised globally for its comprehensive portfolio of services, a practitioner s approach to delivering innovation and an organization wide commitment to sustainability, Wipro Technologies has over 120,000 employees and clients across 54 countries. For more information, please visit www.wipro.com or info@wipro.com 13

DO BUSINESS BETTER W W W. W I P R O. C O M N Y S E : W I T OV E R 1 2 0, 0 0 0 E M P L OY E E S 5 4 C O U N T R I E S C O N S U L T I N G S Y S T E M I N T E G R AT I O N O U T S O U R C I N G WIPRO TECHNOLOGIES, DODDAKANNELLI, SARJAPUR ROAD, BANGALORE - 560 035, INDIA TEL : +91 (80) 2844 0011, FAX : +91 (80) 2844 0256, email : info@wipro.com North America South America Canada United Kingdom Germany France Switzerland Poland Austria Sweden Finland Benelux Portugal Romania Japan Philippines Singapore Malaysia Australia Copyright 2011. Wipro Technologies. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without express written permission from Wipro Technologies. Specifications subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. Specifications subject to change without notice. IND/UNPL/JULY2011-DEC2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information