340 likes | 429 Views
Hot Topics for Sales Business Partners. Security in a Converged World A Better IT Security Approach. Carlos Solari Vice President, Security Solutions, Bell Labs December 13, 2006. Not Theory – Real Threats with Consequences. A Worm Attack. The story – an infected laptop Consequences.
E N D
Hot Topics for Sales Business Partners Security in a Converged WorldA Better IT Security Approach Carlos Solari Vice President, Security Solutions, Bell Labs December 13, 2006
Not Theory – Real Threats with Consequences A Worm Attack • The story – an infected laptop • Consequences A DDOS Attack • The story – web presence • Consequences A Hacker Attack – What If… • The story – a remote access connection to IP addressable mobility stations that are part of a NGN without a rigorous security design • Consequences – cells out – brand confidence undermined - regulatory
In the IP Data Networks: More vulnerabilities, faster exploitation, faster propagation 2003 2004 2005 Threats Propagating Faster 2005 - 90% of the hosts within 10-minutes. Hours Vulnerabilities Exploited Faster Minutes Avg. exploit in 2005 5.8 days. Months Seconds Weeks Days 2002 2003 2001 2004 2005 The Threat … Continues Unabated Increasing vulnerabilities and exploits 418New viruses and worms each week 72 New vulnerabilities detected per week 50% Month-to-month increase in peer to peer exploits Sources: CERT/CC, Symantec, NVD, OSVD
Point Products for Point Roles Reacting to infinite possible sources Ex: polymorphism Un-manageable and no single sit-awareness Blacklists AV/AS, url blocking Increasing network Complexity Lack of Universal Standard Increasing vulnerability, example: firewall opening VOIP session calls No inherent security applied to network components Weak Links Prevalent That addresses security in a comprehensive way Threat-Expl Window Smaller Threat can occur faster than we can detect and respond The Challenge – Securing the Network Current Industry Approach…
Conclusion… …Current Approach Insufficient to the Challenge • Increasing financial losses • Brand confidence at risk • Infrastructures at risk DDOS On the Rise
Convergence: More Urgent Than Ever… IP-based Networks • The Upside… • Fewer Layers / Less Cost • Large Supply of Components • Enhanced Integration Potential • Improved Bandwidth Management / QoS • Capture Meta-Data to Use in Marketing Circuit-based Voice VoIP 3G/4G CDMA / GSM 2G VDSL2 or GPON based IP ATM based DSL RF-based Video IP-Video HOWEVER …There is a Downside • With Integration comes Higher Probabilities of “Contamination” • Interconnected to the high-threat environment of the Internet • DDOS – Malware – Hackers – Privacy Theft – Data Compromise • IP addressable components potentially accessible from anywhere
Convergence Stresses the Security Further Example: The Firewall Needs to Adapt: • Data: ports open for specific protocols • Voice: ports open for each call session – thousands • Manage the complexity of VOIP calls without impacting perimeter security
Security in the network must be designed in – not bolted on later A New Model for Security The Bell Labs Security Framework – instantiated in X.805 and ISO-18028 provides the basis for designing security into the network In combination with other standards – a comprehensive, in depth security framework for the network and the organization Also needed – an integrated security eco-system performing the functions of Prevention, Detection, and Response Integrated and automated for speed in detection and speed in response to operate within the “threat exploitation window”
Layers Infrastructure Services Applications End User Control / Signaling Planes MODULE 1 MODULE 4 MODULE 7 Management MODULE 2 MODULE 5 MODULE 8 MODULE 3 MODULE 6 MODULE 9 Access Control Non-Repudiation Comms Security Availability Data Confidentiality Privacy Authentication Data Integrity (9 Modules X 8 Cells = 72 Security Cells) The Bell Labs Security Framework • ITU/X.805 Security Standard • ISO 18028 Security Standard The Bell Labs Security Framework Building Security in the DNA of Complex Systems
Synergy In Standards: ISO/IEC and ITU-T The combination of ITU-T X.805 / ISO/IEC 18028-2 and ISO 27000 address business, and technical risks associated with information and network security ISO/IEC 27001:27005 ITU-T X.805/ ISO,IEC 18028-2 • Standards for implementing, maintaining and improving an Information Security Management System to manage risk within the context of an organization’s overall business environment. • Provides standards for detailed technical design, architecture, requirements, and test plans for the end-to-end network security solutions or individual products ISMS = Information Security Management Systems
Ready for Audit In Two Months Current View Example: Security Audits in Complex Systems
The Bell Labs Security Framework It applies… • Real Security Assessments – not a paper tiger • Common Criteria – specification and standardization • Security in the Product Development Process • The foundation for building • secure products, that build • secure systems, that build • secure infrastructures • A common security language for every level of granularity
What Our Customers Expect Top Security Priorities - Carriers • Secure products – security in design, hardening, testing • Secure architectures – threat assessment, knowledge of attack trends, mitigation techniques • Protection from their own users as first/last mile bandwidth increases • Become more aware of traffic operating through network • Identity management • Application level security • Lower capex and opex of security Top Security Priorities - Enterprise • Protection from malware (infected laptops, mobile, sync-up devices) • Demonstrate stronger security on sensitive traffic to satisfy regulatory compliance (financial data, identity, health data, etc…) • Content level protection and control • Protection from attacks on convergence technologies (voice and video over IP in Enterprise) • Lower capex and opex of security
Alcatel-Lucent Security Strategy… Secure By Design – System Defense Security embedded in development lifecycle with testing, audit and certification checks Trusted Networks Gives You: • Assurance of secure systems • Secure architectures for evolving communications and services infrastructure • Partnerships and collaborations that reduce your time to market for implementing trusted networks • Knowledge and insight into latest alerts and impact on products for growing occurrence of alerts • An integrated security portfolio (eco-system) to protect the network Secure by Design – Networks and Services Security as fundamental part of networkand service architectures (IPTV,UMA, IMS, LAN) Security Collaborations and Partnerships Working with greater security community to deliver trusted networks and services (VOIPSA, ATIS, 3GPP, CERT-IST) Security Incident & Response Providing rapid knowledge, education andresponse to Alcatel customers for vulnerabilities Integrated Security Eco-System An integrated security portfolio of products to act within the threat exploitation window
Security - Designed into the Architecture Management Plane Control/Signaling Plane User Plane Application access dynamically updated Security policies dynamically updated Level of access granted based on network & endpoint state-of-health Security Resource Management Security Event Management Security events Security events Data about endpoint state-of-health Mutual authentication Mutual authentication Security associations Endpoints Network Applications
Intrusion Prevention Re-Apply Good Configurations Intrusion Detection Black-White Lists Port Blocking Vulnerability Scanning Url Filtering Authentication AV/AS Signature DB SRM SEM Zones COMPLIANCE Firewalls Image Compliance Password Controls IP Management Departments VLans Access Control PERFORMANCE Directory Policy Network Monitoring and Performance Identity Manager SENSORS …and What We Also Need is… An Integrated Security Eco-System
CloudControl (SEM) Vital ISA The Integrated Security Eco-System – At Work Third Party Best-of-Breed Security Products Rules-Based-Routing: Shunting Traffic by Protocol IDS/IPS/AV/AS url filtering VitalAAA Separating Various Departments Evros (SRM) LSMS At all Perimeter Sites NAC VitalQIP Separation by Zones, Functions or Applications VitalNet Vulnerability Scanner * Items in development
Convergence Changes the Firewall Requirements The Lucent VPN Firewall – Ready to secure NGN • Carrier grade – reliable and secure • VoIP Ready: “dynamic pinholing” • Policy Based Routing – Distributed UTM • Centralized Management and Provisioning • Application layer filtering - DPI • Scales: Any size network • Stealthy & Secure (Layer 2, no CERTS) • Throughout the fabric of the architecture Enterprise to Carrier The Lucent Security Resource Manager (LSMS)
Undesirable traffic DDoS Attackers, SPAM, Phishing… Mitigating Threats Before They Impact Enterprise Enterprise Customers and partners Service Providers SSH IDS/IPS Web Servers • Service Providers • Best positioned to stop malicious traffic, but… • Can’t identify customer’s traffic as good vs. bad • Enterprises • Invest Millions to protect their networks, but… • Large attacks still saturate Internet access pipes and bring down e-commerce sites… Enterprise and Service Providers can’t solve the problem by themselves
Filter Detect In Out CloudControl™ solution Customers and partners Undesirable traffic SSH IDS/IPS Web Servers DDoS Attackers, SPAM, Phishing… CloudControl™ enables Enterprise and Service Provider networks to work as one to dynamically block trash traffic
Simple, Efficient, Secure Access 3G WiFi VPN Policies IT Applications 3G Modem Processor Memory Battery Operating System LAN Laptop Security: The Evros Solution 24x7 IT Remote Management 2 1 Evros Enterprise Gateway Evros Agent Always accessible endpoints Remote Management 24x7 Visibility & Control via 3G Transparent secure connection via trusted platform
Trust-based Link • Trusted Appliance • Always-on • Remote “Kill” Capability • Policy Enforcement • Control All Networking Options • Off-hour Back-ups The Evros Solution – Connected for Security • Configuration • Data Protection • Disablement • Policies Secure Corporate Enclave Connected? Connected? WiFi 3G LAN WiMax Worms / Viruses Intrusion / Disk Access Data Tampering Content Theft / Liability OS Integrity
Viewing Descriptions Correlation Asset Analyze and Suppress Thresholder Rate, Value, Time Filter, Pattern Match, Message Map Local to Global Name Mapping, Grouping Vital ISA: Security Event Management (SEM) Alarms Customer & Mission Data Topology Data Request Additional Data, Take Action Network IDS Host IDS Firewalls AAA OS logs Routers Vulnerability Scanners Anti-Virus
Security Consulting Services CISSP Certified Consultants • Trusted advisor – vendor neutral security services • Helping enterprises and service providers address complexity and risk involved in securing their business and infrastructures • Full lifecycle of security consulting & implementation capabilities • Global presence and key industry partnerships • Internationally recognized certifications • Certified assessor for Visa and MasterCard • ISO 18028 and 27000 -based methodologies
DDOS Worms Intrusions Root Kits Day Zero Vulnerability Leading Research in Areas of Security Threat Mitigation Technologies • Integration of SEM and SRM to detect early and respond within the threat exploitation window • Security for Mobility Mitigating DOS attacks in mobility • Identity Management Federated Identity Management • WORM early detection Pattern matching, anomaly detection • Polymorphism Resolve day zero problem • Deep Packet Inspection At wire speed to detect threats early in the exploitation window – and respond at buildup • Trusted Computing Using device health-awareness concepts to adjust access and correct for unauthorized change
Summary: Mitigating the Risk by.. …reducing vulnerability Lesson 1 – Security Must be Pervasive (architected) No amount of security products can overcome the “lack of security” of the thousands of devices in the network that operate in key roles Lesson 2 – Must Have Integrated Sit-Awareness To respond in the threat exploitation window we must first have centralized situational awareness – if your help desk is it – it is too late Lesson 3 – Must Have Integrated Response • To respond in the threat-exploitation-window we must have • Centralized and integrated operational control over the security resources (firewalls, url filters, etc.) • And automated escalation rules linking the detection to the response
Convergence to IP brings many advantages – but will also increase the overall risk if we don’t apply a more effective security model. The Bottom Line of Security The old approach to security will not lower the risk – increased spending may not be effective…no matter how good we get at patching. The Bell Labs Security Framework is a blueprint to achieve more effective security designed into the network We also need an Integrated Security Eco-System to achieve speed in detection and response. We call this Integrated Security Event Management (SEM) and Security Resource Management (SRM)
Additional Resources: Bell Labs Network Security Framework - Brochure VPN Firewall Portfolio At-A-Glance - DataSheet VPN Firewall Portfolio – Brochure Lucent VPN Firewall Security in 802.11x Wireless Networks – WhitePaper Lucent VPN Firewall Brick – DataSheets Security Solutions Selling Brief These and more marketing tools can be found on the BP Center of Alcatel-Lucent.com; Go to http://www.alcatel-lucent.com, log-in to “MyAccess” top right corner, “Access to former Lucent systems”, Sales Business Partner Solutions, Data, VPN and Security area
Course Assessment Feedback Past Events
Course Assessment Instructions • 1. Go to https://training.lucent.com/ • 2. If you are not already logged in, you'll see request to "Please Login Here“ • 3. Enter your User Name, Password and click on Submit to login • 4. For this session, enter the course number BPHT121306 in the Catalog Search area; • then click on Search Full Catalog • 5. In the Search Results, click on the Register link (to the far right) • 6. A screen will appear with a Link to the Assessment (in the upper left-hand corner) • 7. Click on the Link to Launch the Assessment To receive training credit for having participated in today's Hot Topics event, you will need to take a brief quiz. To access the quiz, follow these directions: NOTE: If you try to access the course assessment from this site the day of the HOT TOPICS event and receive a "Course Not Found" message, please try back again later that day, or the next business day; it may not have posted to the site yet.
Feedback • Your feedback is valuable in helping us to assess this Hot Topics event and improve the program … • Please take a minute to fill out the Feedback Form; thank you!
Past Event Replays • After logging in, scroll to the bottom of the page and • click the My Documents “View All” link • Then open the Hot Topics for Business Partners folder and click on Past Events to navigate to the event of your choice. • Missed a HOT TOPICS for Sales Business Partners Training Event? Log in to the Business Partner Center and listen to a multimedia replay at your convenience! • BP Center available at: • www.alcatel-lucent.com – MyAccess – Access to Former Lucent systemslink