420 likes | 563 Views
Security dalam Telecommunication and Information Technology. 「 Working Group QoS and Security 」 Medan, 29 Juli 2011. Agenda. Schedule/ kegiatan Topik-topik p enting pada security dalam Telecommunication & IT 「 ICT 」. Kegiatan. Step awal :
E N D
Security dalam Telecommunication and Information Technology 「Working Group QoS and Security」 Medan, 29 Juli 2011.
Agenda • Schedule/kegiatan • Topik-topikpentingpada security dalam Telecommunication & IT「 ICT」
Kegiatan • Stepawal: • Melakukankajianterhadap ICT security – SG 17 ITU-T • Pemahamansecaraglobal ICT security danstandar-standar yang harusdiadopsi • Stepkedua: memilihtopik-topik ICT security yang sesuaidengankondisi NKRI • Stepketiga: break-down material per topikberikutisu-isupraktisdanQoS • Stepkeempat: mengidentifikasipermasalahansesuaidengankondisi yang ada
Topik-topikPentingpada Security dalam ICT[1] • Security requirements • Security architectures • Security management • The Directory, authentication, and IdM • Securing the network infrastructure • Some specific approaches to network security • Application security • Countering common network threats [1] source: SG Number 17 of ITU-T in the draft of security-related
Security Requirements • Pemahamanygjelassecaramenyeluruhmeliputi: • pemain-pemain yang terlibat di dalamnya; • aset-asetygperludilindungi; • bentukusaha-usahaygmengancamasettsb; • kerentananygberkenaandgnasettsb; • danresikosecarakeseluruhanthdkerentanandanancamanthdasettsb.
Threats, Risks, and Vulnerabilities • Perlindunganasetdari: • Customers/subscribers • Public community/authorities • Network operators/service providers • Asetygdilindungimeliputi: • Commdan computing services • Informasidan data, termasuk software • Personnel • Peralatandanfasilitas • Contohancamanmeliputi: • Unauthorized disclosure terhadapinformasi • Modifikasi data, peralatan, dansumberdayalainnya • Theft, removal/loss informasiatausumberdaya lain • Interruption atauDoS • Impersonation, atauberpura-purasbgpemegangotoritas
General Security Objectives for ICT Networks • Hanya authorized users ygbolehakses & menggunakan telecommunication network • Authorized users mampuakses & menjalankanaset • Telecomm netwmenjaminprivasi • Semua user hrs accountable • Utkmemastikan availability, telecomm netwhrsdilindungi… • Adanyakemungkinan & jaminan retrieve informasiyg secure • Jikaterjadi violation, dptditanganidenganjalanygbisaterkontrol • Jikaterjadipelanggaran, dptdikembalikanke security normal • Arch dr telecomm netwhrsfleksibel • Confidentiality • Data, system and program integrity • Accountability, termasuk di dlmnya: autentikasi, non-repudiation, akseskontrol • Availability
Other Requirements • Rationale for security standards: dgnmemperhatikan current cybersecurity techniques: • Cryptography: powerful tech: enkripsi data selamatransmisi & ketikadalam storage • Access control: restrict the ability of users to access, use, view, ataumodifikasiinformasi • System integrity: menjaminsistem & datanyatdkberubah • Audit, logging & monitoring: membantusysadminmengevaluasiterjaminnya security • Management: membantusysadminmemverifikasikeakuratannetw & setting • Personnel and physical security requirements
Security Architecture • Arch, dan model & framework ygterkait • sebuahstrukturdankonteksygberhubungandgnstandarteknik • dibangundalamsebuahpolaygkonsisten • Dalambentuk layered communications arch., • open system security arch. ITU-T X.800 in collaboration with ISO • Security arch. for systems providing end-to-end communications (ITU-T X.805) (netw. management, P2P communication, mobile web servers)
In Consideration: • The open systems security arch & related standards • Security services • Security arch for systems providing end-to-end communications • And some application-specific arch • P2P communications • Security arch for message security in mobile web services
Security Arch. ITU-T X.805 • 3 major concepts: security layers, planes, dan dimensions • Hierarchical approach
Arch Reference Model for P2P Network Intra-domain peer Inter-domain peer a service provider peer located in another network domain
Framework for Secure P2P Communications • Ancaman di P2P commmeliputi: • Eavesdropping, jamming, injection & modification, unauthorized access, repudiation, man-in-the-middle attacks, and Sybil attacks
Aspects of Security Management • Adalahtopikluasygmencakupbanyakaktivitasygberhubungandgn: • kontroldanperlindunganakseskesistemdan network, monitor kejadian, laporan, kebijakan, danaudit • Related-topics ygperludiperhatikan: • Information security management • Risk management • Incident handling
Information Security Management • Organization of information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition • Development and maintenance • Incident management • Business continuity management • Informasiharusdilindungi • Instalasidanpenggunaanfasilitas telecomm harusterkontrol • Semuaakseslayananhrster-authorized
The Directory, Authentication, and IdM • Merupakankumpulandariinformasi/file ygdptmembantudlmmemperolehinformasitertentu • ITU-T X.500: menyediakanlayanan directory utkmemfasilitasikomunikasi & pertukaraninformasiantar entity, people, terminal, list terdistribusi, dll. • Conventional: naming, name-to-address mapping danmembiarkan binding antaraobjekdanlokasinya • Directory memainkanperananpentingdalammendukung security services
In Consideration: • Protection of directory information • Directory protection, authentication of directory users, directory access control, privacy protection • Strong authentication: public key security mechanisms • Secret key and public key crypto, public key cert, public key infra • Authentication guidelines • Secure password based auth protocol with key exchange (SPAK), EAP • Identity management • Telebiometrics • Telebiometricauth, digital key & protection, security & safety, standards
Securing The Network Infrastructure • Data ygdigunakanutkmemonitordanmengontrol telecommunication network management traffic selaluditransmisikandlmjaringanygterpisahyghanyamembawanetw management traffic • Telecomm management network (TMN) ITU-T M.3010 • Untukmenyediakan security bagi end-to-end solution, security measures (access control, authentication) harusdiaplikasikankesetiaptipeaktivitas network dlminfrastruktur network, layanan, & aplikasi.
In Consideration: • The telecommunications management network • Network management arch • Securing the infrastructure elements of a network • Securing monitoring and control activities • Securing network based applications • Common security management services: • Securing alarm reporting function • Securing audit trail function • Access control for managed entities • CORBA based security services
Some Specific Approaches to Network Security • Pendekatanutkmelindungiberbagaitipejaringan. Misalpersyaratan security di NGN • Diikutidgn mobile comm networks ygmerupakantransisidari mobility based dalamsebuah single technology (CDMA or GSM) ke mobility lintas platform dgn IP. • Kemudian, security requirements utk home network dan TV kabeldievaluasi • Terakhir, tantangandlm security utk ubiquitous sensor network
In Consideration: • NGN security • Mobile communication security • Security for home networks • IPCablecom • Security for ubiquitous sensor networks
Security of Comm Across Multiple Networks • Network & service provider infrastructure, its assets, its resources, • its communication, and its services • NGN services & capabilities • End-user communication & information
Gateway Model of Mobile end-to-end Data Communication • ASP menyediakan services ke mobile users melalui application server • Security GW relays packets dari mobile terminal ke application server dan • transform mobile network-based comm protocol ke open netw-based proto
General Home Network Model for Security • Berbagaimacam media transmisidapatdigunakandalam network • Berbagaimacamtipe home network devices dgn level security yg • berbeda-beda
IPCablecom Component Reference Model • Trusted network elements biasanyaberada di sisi backbone network operator • Untrusted network di sisi cable modem & MTA
Potential Ubiquitous Sensor Network Applications • Sensor node compromise, eavesdropping, • Compromise or exposure of sensed data, • DoS attack, malicious use / misuse of network sensors
Application Security • Dengankesadaranbetapapentingnya security: • app developer saatinimenaruhperhatianbesarataskebutuhan security kedlmproduk-produknyadaripadamenambah security setelahaplikasidiproduksi • Sehinggaperludipertimbangkanttgkerentanan security dlm produk2 tsb, dst • perlurekomendasittg security dari ITU-T
In Consideration: • Voice over IP (VoIP) and multimedia • IPTV • Secure fax • Tag based services
H.323 System: Deployment Scenarios • Corporate comm: IP-PBX, IP-centrex, voice VPN, integrated voice & data system, WiFi phones, imple of call center, and mobility services • Professional comm: voice, vcon, voice/data/video collaboration, and distance learning • Resident env: audiovisula access, PC-to-phone, PC-to-PC calling
General Security Arch for IPTV • Content enc • Watermarking • Content tracing identification & information • Content labelling • Secure transcoding
Basic Model of B2C using Tag Based ID • Device user as the customer: identifier • ID tag as the customer: entrance check, passport, license • Customer as both ID tag and a device user
Countering Common Network Threats • Ancamanthdsistemkomputer & jaringansangatbanyak & bervariasi • Meskipunbanyakserangandimulaisecaralokal, saatiniserangansecaraluasdilakukanlewatcomm networks • Kenyataannyajumlah PC dan network devices ygterhubungke Internet dandioperasikandarirumahdantempatkerja • Spam, spyware, virus danbentukserangan lain disebardlmjumlahygbesar
In Consideration: • Countering spam • Email spam • IP multimedia spam • sms spam • Malicious code, spyware, and deceptive software • Notification and dissemination of software updates