Evolving Optical Transport Network Security



Similar documents
Computer System Security Updates

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Quelle sécurité dans une banque? " Sécurité des transactions électroniques sur Internet et KYC"

Relationship between SMP, ASON, GMPLS and SDN

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

OPTICAL TRANSPORT NETWORKS

Securing SIP Trunks APPLICATION NOTE.

HACKING RELOADED. Hacken IS simple! Christian H. Gresser

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Transport SDN Toolkit: Framework and APIs. John McDonough OIF Vice President NEC BTE 2015

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

COPYRIGHTED MATERIAL. Contents. Foreword. Acknowledgments

Cisco Advanced Services for Network Security

ASON for Optical Networks

Cybersecurity Strategic Talent Management. March, 2012

Carrier Ethernet: New Game Plan for Media Converters

GMPLS Network Management: Challenges and Solutions

NETWORK SECURITY ASPECTS & VULNERABILITIES

Recommended IP Telephony Architecture

Sudden Impact: How Cloud Services Affect the Network and Drive Business Transformation. Monday, March 11, :30-3:15 p.m.

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Since 1998, AT&T invested more than $35 billion to support customer needs in data, Internet protocol (IP), local and global services.

Kick starting science...

BlackRidge Technology Transport Access Control: Overview

whitepaper Cloud Servers: New Risk Considerations

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

A Systems Engineering Approach to Developing Cyber Security Professionals

Jort Kollerie SonicWALL

IP/Optical integration & Management. WDM Stuff AKA. Sami COPYRIGHT 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Performance Management for Next- Generation Networks

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Carrier Ethernet SLAs Technology Advancements to Differentiate and Improve Operational Efficiency

What s New and What s Next in Cable Wholesale? Monday, March 17, :15-11 a.m.

MRV EMPOWERS THE OPTICAL EDGE.

Transport SDN - Clearing the Roadblocks to Wide-scale Commercial

Alcatel-Lucent 1850 TSS-3 Transport Service Switch. A versatile network termination unit

13 Ways Through A Firewall

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

CMPT 471 Networking II

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Unified Subsea-Terrestrial Mesh Networking the New Normal

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

State of Texas. TEX-AN Next Generation. NNI Plan

Connection-oriented Ethernet (COE) Combining the Reliability, Performance, and Security of SONET with the Flexibility and Efficiency of Ethernet

Effective Defense in Depth Strategies

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

UK Networks & Security An Overview. Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008

Broadband Networks Virgil Dobrota Technical University of Cluj-Napoca, Romania

Keyword: Cloud computing, service model, deployment model, network layer security.

Failsafe Protection for Utility Critical Infrastructure

DEPLOYING VoIP SECURELY

OTN, MPLS, and Control Plane Strategies

XO Network Evolution Overview. Randolph C. Nicklas CTO & SVP Engineering XO Communications

Need for Signaling and Call Control

ETSI TR V1.1.2 ( )

BotNets- Cyber Torrirism

White Paper. Requirements of Network Virtualization

Maximizing the Impact of Optical Technology OFC/NFOEC 2007

VOICE OVER IP SECURITY

Review of Industry Trends & Forecasts

In This Issue: System Upgrades Edition

How To Create An Intelligent Infrastructure Solution

Transport SDN Directions. March 20, 2013 Lyndon Ong Ciena

Network Security. Vorlesung Kommunikation und Netze SS 10 E. Nett

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Incident Response 101: You ve been hacked, now what?

Chapter 1 Personal Computer Hardware hours

SIP Trunking Configuration with

Virtualized Converged Data Centers & Cloud how these trends are effecting Optical Networks

Security Issues with Integrated Smart Buildings

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Whitepaper. 10 Metrics to Monitor in the LTE Network. blog.sevone.com

R e v o l u t i o n i z i n g Broadband Services with GPON

How To Use Connection-Oriented Ether (Coe) For Cloud Services

Complete Protection against Evolving DDoS Threats

What Applications Can be Deployed with Software Defined Elastic Optical Networks?

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Broadband Networks. Prof. Karandikar. Department of Electrical Engineering. Indian Institute of Technology, Bombay. Lecture - 26

13 Ways Through A Firewall What you don t know will hurt you

High speed Ethernet WAN: Is encryption compromising your network?

Transcription:

Evolving Optical Transport Network Security May 15, 2012 Prepared by: John Kimmins Executive Director 732-699-6188 jkimmins@appcomsci.com Copyright 2012 All Rights reserved 1

Outline Overview of Optical Communications and Transport Networks Evolving Transport Network Technology Potential Security Issues Security Risk Management 2

Drivers for Optical Communications Exploding bandwidth demands Annual growth of 50% or more to support services such as 3G and 4G wireless (backhaul) Streaming video Cloud services On-line gaming Capacity of optical systems is hundreds of times greater than that of electrical or radio-wave systems Need for agility, scalability and sustainability to meet rising customer expectations Shift from relatively static TDM-based services to rapidly changing IP/Ethernet-based services 3

Optical Communications Stack Options Transported Traffic (voice, video, data) FDDI Ethernet SONET Fibre Channel Ethernet SONET Fibre Channel Ethernet SONET OTN Fibre Channel Inside Plant WDM (typically DWDM) Optical Fiber Optical Fiber Cable Outside Plant 4

Illustrative Physical Network View Core/Long-Haul (undersea and terrestrial) Distribution/Metro Access/ Last mile 5

Evolving Transport Network Technology - 1 Automatically Switched Optical Network (ASON) is an emerging control plane technology that Automates discovery and provisioning of network resources and connections Allows for customer control over optical network connections Permits dynamic policy-driven network control Transport network changes are initiated by a customer or management system Signaling controls the creation and removal of connections Customer connects to the transport plane through a physical interface and communicates with the control plane via a User Network Interface (UNI) 6

Evolving Transport Network Technology - 2 Automated provisioning allows for Dynamic bandwidth allocation based on demand Quick end-to-end connection setup and teardown Efficient rerouting and resource usage Reduced labor costs associated with manual tasks and customer/service provider interactions Time-efficient response to changing customer needs ASON also supports Connection protection and restoration Address and wavelength assignment Traffic engineering Many Quality of Service (QoS) levels Multiple types of traffic (though it may be optimized for IP) 7

ASON Architecture Interfaces Service demarcation points are where call control is provided Inter-domain interfaces are service demarcation points 8

ASON Network Interfaces UNI UNI-C UNI-N NE Provider A NE E-NNI NE Provider B UNI UNI-N NE UNI-C User-Network Interface (UNI) Separates the concerns of the user and provider Enables client-driven end-to-end service activation External Network-Network Interface (E-NNI) enables End-to-end service activation Multi-carrier and vendor inter-working Independence of survivability schemes for each domain Internal Network-Network Interface (I-NNI) supports Intra-domain connection establishment Explicit connection operations on individual switches I-NNI Domain 1 E-NNI E-NNI Domain 2 UNI and E-NNI are supported by a family of ITU-T and OIF signaling protocols I-NNI is considered proprietary 9

Growth of the Security Threats High Sophistication Low back doors disabling audits self-replicating code password guessing Sophistication Of Available Tools/Attacks Growing packet spoofing burglaries sniffers sweepers exploiting known vulnerabilities password cracking hijacking sessions stealth / advanced scanning techniques denial of service automated probes/scans graphic user interface network mgmt. diagnostics 1980 1985 1990 1995 2000 Supply Chain Stuxnet? Counterfeits cross site scripting Botnets Mobile Malware RSA Compromise Advanced Persistent Threat distributed attack tools www attacks 2012+ 10

Emerging Risks & Impacts Increases the exposure of the core optical transport network With new user interface, unauthorized bandwidth requests may enable denial-of-service attacks New routing protocols may not be sufficiently protected and create network instability Network forensics may be more difficult in a dynamic environment Connections may be temporarily set up to support potential attacks and then disappear Gateway products will be emerging to mediate network access Testing of security features will be required to determine protection level 11

Security Risk Management Roadmap Assess Security Address risk Platforms, applications, NEs & interfaces Process flows Security architecture Security management Procurement Process Controls Vulnerability Mitigation Processes Security design Operations testing & turn-up New Services Rollout Controls process Vulnerability assessment Procedures Training Service testing & turn-up Threat & Vulnerability Monitoring Patch management Periodic Vulnerability assessments Training Current Network Infrastructure New Customer Services New Network Technology Insertion Evolving Network Infrastructure 12

Powerhouse Research. Practical Solutions. 13