1 / 42

Security dalam Telecommunication and Information Technology

Security dalam Telecommunication and Information Technology. 「 Working Group QoS and Security 」 Medan, 29 Juli 2011. Agenda. Schedule/ kegiatan Topik-topik p enting pada security dalam Telecommunication & IT 「 ICT 」. Kegiatan. Step awal :

beau
Download Presentation

Security dalam Telecommunication and Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security dalam Telecommunication and Information Technology 「Working Group QoS and Security」 Medan, 29 Juli 2011.

  2. Agenda • Schedule/kegiatan • Topik-topikpentingpada security dalam Telecommunication & IT「 ICT」

  3. Kegiatan • Stepawal: • Melakukankajianterhadap ICT security – SG 17 ITU-T • Pemahamansecaraglobal ICT security danstandar-standar yang harusdiadopsi • Stepkedua: memilihtopik-topik ICT security yang sesuaidengankondisi NKRI • Stepketiga: break-down material per topikberikutisu-isupraktisdanQoS • Stepkeempat: mengidentifikasipermasalahansesuaidengankondisi yang ada

  4. Topik-topikPentingpada Security dalam ICT[1] • Security requirements • Security architectures • Security management • The Directory, authentication, and IdM • Securing the network infrastructure • Some specific approaches to network security • Application security • Countering common network threats [1] source: SG Number 17 of ITU-T in the draft of security-related

  5. Security Requirements • Pemahamanygjelassecaramenyeluruhmeliputi: • pemain-pemain yang terlibat di dalamnya; • aset-asetygperludilindungi; • bentukusaha-usahaygmengancamasettsb; • kerentananygberkenaandgnasettsb; • danresikosecarakeseluruhanthdkerentanandanancamanthdasettsb.

  6. Threats, Risks, and Vulnerabilities • Perlindunganasetdari: • Customers/subscribers • Public community/authorities • Network operators/service providers • Asetygdilindungimeliputi: • Commdan computing services • Informasidan data, termasuk software • Personnel • Peralatandanfasilitas • Contohancamanmeliputi: • Unauthorized disclosure terhadapinformasi • Modifikasi data, peralatan, dansumberdayalainnya • Theft, removal/loss informasiatausumberdaya lain • Interruption atauDoS • Impersonation, atauberpura-purasbgpemegangotoritas

  7. General Security Objectives for ICT Networks • Hanya authorized users ygbolehakses & menggunakan telecommunication network • Authorized users mampuakses & menjalankanaset • Telecomm netwmenjaminprivasi • Semua user hrs accountable • Utkmemastikan availability, telecomm netwhrsdilindungi… • Adanyakemungkinan & jaminan retrieve informasiyg secure • Jikaterjadi violation, dptditanganidenganjalanygbisaterkontrol • Jikaterjadipelanggaran, dptdikembalikanke security normal • Arch dr telecomm netwhrsfleksibel • Confidentiality • Data, system and program integrity • Accountability, termasuk di dlmnya: autentikasi, non-repudiation, akseskontrol • Availability

  8. Other Requirements • Rationale for security standards: dgnmemperhatikan current cybersecurity techniques: • Cryptography: powerful tech: enkripsi data selamatransmisi & ketikadalam storage • Access control: restrict the ability of users to access, use, view, ataumodifikasiinformasi • System integrity: menjaminsistem & datanyatdkberubah • Audit, logging & monitoring: membantusysadminmengevaluasiterjaminnya security • Management: membantusysadminmemverifikasikeakuratannetw & setting • Personnel and physical security requirements

  9. Security Architecture • Arch, dan model & framework ygterkait • sebuahstrukturdankonteksygberhubungandgnstandarteknik • dibangundalamsebuahpolaygkonsisten • Dalambentuk layered communications arch., • open system security arch. ITU-T X.800 in collaboration with ISO • Security arch. for systems providing end-to-end communications (ITU-T X.805) (netw. management, P2P communication, mobile web servers)

  10. In Consideration: • The open systems security arch & related standards • Security services • Security arch for systems providing end-to-end communications • And some application-specific arch • P2P communications • Security arch for message security in mobile web services

  11. Security Arch. ITU-T X.805 • 3 major concepts: security layers, planes, dan dimensions • Hierarchical approach

  12. P2P Service Architecture

  13. Arch Reference Model for P2P Network Intra-domain peer Inter-domain peer a service provider peer located in another network domain

  14. Framework for Secure P2P Communications • Ancaman di P2P commmeliputi: • Eavesdropping, jamming, injection & modification, unauthorized access, repudiation, man-in-the-middle attacks, and Sybil attacks

  15. Security Arch for Mobile Web Services

  16. Aspects of Security Management • Adalahtopikluasygmencakupbanyakaktivitasygberhubungandgn: • kontroldanperlindunganakseskesistemdan network, monitor kejadian, laporan, kebijakan, danaudit • Related-topics ygperludiperhatikan: • Information security management • Risk management • Incident handling

  17. Information Security Management • Organization of information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition • Development and maintenance • Incident management • Business continuity management • Informasiharusdilindungi • Instalasidanpenggunaanfasilitas telecomm harusterkontrol • Semuaakseslayananhrster-authorized

  18. Risk Management Process

  19. The Directory, Authentication, and IdM • Merupakankumpulandariinformasi/file ygdptmembantudlmmemperolehinformasitertentu • ITU-T X.500: menyediakanlayanan directory utkmemfasilitasikomunikasi & pertukaraninformasiantar entity, people, terminal, list terdistribusi, dll. • Conventional: naming, name-to-address mapping danmembiarkan binding antaraobjekdanlokasinya • Directory memainkanperananpentingdalammendukung security services

  20. In Consideration: • Protection of directory information • Directory protection, authentication of directory users, directory access control, privacy protection • Strong authentication: public key security mechanisms • Secret key and public key crypto, public key cert, public key infra • Authentication guidelines • Secure password based auth protocol with key exchange (SPAK), EAP • Identity management • Telebiometrics • Telebiometricauth, digital key & protection, security & safety, standards

  21. Securing The Network Infrastructure • Data ygdigunakanutkmemonitordanmengontrol telecommunication network management traffic selaluditransmisikandlmjaringanygterpisahyghanyamembawanetw management traffic • Telecomm management network (TMN) ITU-T M.3010 • Untukmenyediakan security bagi end-to-end solution, security measures (access control, authentication) harusdiaplikasikankesetiaptipeaktivitas network dlminfrastruktur network, layanan, & aplikasi.

  22. In Consideration: • The telecommunications management network • Network management arch • Securing the infrastructure elements of a network • Securing monitoring and control activities • Securing network based applications • Common security management services: • Securing alarm reporting function • Securing audit trail function • Access control for managed entities • CORBA based security services

  23. Some Specific Approaches to Network Security • Pendekatanutkmelindungiberbagaitipejaringan. Misalpersyaratan security di NGN • Diikutidgn mobile comm networks ygmerupakantransisidari mobility based dalamsebuah single technology (CDMA or GSM) ke mobility lintas platform dgn IP. • Kemudian, security requirements utk home network dan TV kabeldievaluasi • Terakhir, tantangandlm security utk ubiquitous sensor network

  24. In Consideration: • NGN security • Mobile communication security • Security for home networks • IPCablecom • Security for ubiquitous sensor networks

  25. Security of Comm Across Multiple Networks • Network & service provider infrastructure, its assets, its resources, • its communication, and its services • NGN services & capabilities • End-user communication & information

  26. Gateway Model of Mobile end-to-end Data Communication • ASP menyediakan services ke mobile users melalui application server • Security GW relays packets dari mobile terminal ke application server dan • transform mobile network-based comm protocol ke open netw-based proto

  27. Threats in The Mobile end-to-end Communication

  28. Security Function Required for Each Entity

  29. General Home Network Model for Security • Berbagaimacam media transmisidapatdigunakandalam network • Berbagaimacamtipe home network devices dgn level security yg • berbeda-beda

  30. Device Authentication Model for The Secure Home Netw

  31. IPCablecom Component Reference Model • Trusted network elements biasanyaberada di sisi backbone network operator • Untrusted network di sisi cable modem & MTA

  32. Potential Ubiquitous Sensor Network Applications • Sensor node compromise, eavesdropping, • Compromise or exposure of sensed data, • DoS attack, malicious use / misuse of network sensors

  33. Application Security • Dengankesadaranbetapapentingnya security: • app developer saatinimenaruhperhatianbesarataskebutuhan security kedlmproduk-produknyadaripadamenambah security setelahaplikasidiproduksi • Sehinggaperludipertimbangkanttgkerentanan security dlm produk2 tsb, dst • perlurekomendasittg security dari ITU-T

  34. In Consideration: • Voice over IP (VoIP) and multimedia • IPTV • Secure fax • Tag based services

  35. H.323 System: Deployment Scenarios • Corporate comm: IP-PBX, IP-centrex, voice VPN, integrated voice & data system, WiFi phones, imple of call center, and mobility services • Professional comm: voice, vcon, voice/data/video collaboration, and distance learning • Resident env: audiovisula access, PC-to-phone, PC-to-PC calling

  36. Security Threats in Multimedia Communication

  37. General Security Arch for IPTV • Content enc • Watermarking • Content tracing identification & information • Content labelling • Secure transcoding

  38. Basic Model of B2C using Tag Based ID • Device user as the customer: identifier • ID tag as the customer: entrance check, passport, license • Customer as both ID tag and a device user

  39. Countering Common Network Threats • Ancamanthdsistemkomputer & jaringansangatbanyak & bervariasi • Meskipunbanyakserangandimulaisecaralokal, saatiniserangansecaraluasdilakukanlewatcomm networks • Kenyataannyajumlah PC dan network devices ygterhubungke Internet dandioperasikandarirumahdantempatkerja • Spam, spyware, virus danbentukserangan lain disebardlmjumlahygbesar

  40. In Consideration: • Countering spam • Email spam • IP multimedia spam • sms spam • Malicious code, spyware, and deceptive software • Notification and dissemination of software updates

  41. General Model for Countering Spam

  42. General Structure of Email Anti-Spam Processing

More Related