bell labs network security model

GSA Federal Technology ServiceSmarter Solutions

Bell Labs Network Security Model

Andrew R. McGee

Distinguished Member of Technical Staff

Lucent Technologies Bell Labs

April 2, 2003

Track 5.4 -- Emerging Network Security Technology: A Lucent Bell Labs Prospective


GSA/FTS Network Services Conference 2003GSA/FTS Network Services Conference 2003Managing the Future: Mastering the MazeManaging the Future: Mastering the Maze

Topics

Building the Network Security Model:

• Security Threats.

• Security Layers.

• Security Planes.

• Security Dimensions.

Applying the Network Security Model to Network Security Assessments:

• Network, Host and Service Discovery.

• Data Fusion - Putting it All Together.

• Producing Meaningful Results.



Types of Network Security Threats1

1C. Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, NJ, 1997.

Interruption (An Attack on Availability):– Network Becomes Unavailable or Unusable– Examples:

• Malicious Destruction of a Network Element• Erasure of a Software Program or Data File• Cutting of a Communication Facility

Interception (An Attack on Confidentiality):– An Unauthorized Access to an Asset– Examples:

• Unauthorized Data Capture (Data Sniffing)• Discovery of Unprotected WLAN Access Points

Modification (An Attack on Integrity):– An Unauthorized Tampering with an Asset– Examples:

• Changing Network Configuration Information• Changing Data as it is Being Transmitted Across the Network

Fabrication (An Attack on Authenticity):– Unauthorized Creation, Modification, or Deletion of Objects on a

Network– Examples:

• Unauthorized Access to the Network• Insertion of Spurious Messages on the Network• Addition of Records to a Database

X



Infrastructure Security

Applications Security

Services Security

THREATS

VULNERABILITIES

ATTACKS

Interruption

Fabrication

Interception

Modification



Services Security

THREATS

VULNERABILITIES

ATTACKS

Interruption

Fabrication

Interception

Modification

Infrastructure Security Layer:• Fundamental Building Blocks of Networks,

Services, and Applications.• Individual Network Elements and the

Interconnecting Communications Facilities• Examples:

– Individual Routers, Switches, Servers– Point-to-Point WAN Links– Ethernet Links

Applications Security Layer:• Network-Based Applications Accessed by End-Users• Includes:

– Fundamental Applications (e.g., Web Browsing)– Basic Applications (e.g., Directory Assistance

and Email)– High-End Applications (e.g., E-Commerce)

Services Security Layer:• Services Provided to Customers or End-Users• Range from Basic Transport to High-End, Value-

Added Services.• Examples:

– Carrier Facilities (DS-1, DS-3, etc.)– Frame Relay, ATM, IP Connectivity– VoIP, QoS, IM, Location Services– 800-Services

Vulnerabilities Can ExistIn Each Layer

Security Layers



Security Layers Apply to Every Protocol Layer

Example - Applying Security Layers to ATM Networks (Layer 2): Infrastructure Security Layer:

– Individual ATM Switches– Point-to-Point Communication Links

Between Switches (e.g., DS-3 links, OC-48 links, etc.)

Services Security Layer:– ATM Services Classes: CBR, VBR-RT,

VBR-nRT, ABR, UBR Applications Security Layer:

– ATM-Based Video Conferencing Application

Example - Applying Security Layers to IP Networks (Layer 3): Infrastructure Security Layer:

– Wireline NEs: Individual Routers, Servers– Wireless NEs: PDSN, SGSN, GGSN.– Communication Links Between NEs -

Note: Could be ATM PVCs Services Security Layer:

– Basic IP Transport– IP Support Services (e.g., AAA, DNS, DHCP)– Value-Added Services: (e.g., VPN, VoIP,

QoS) Applications Security Layer:

– Basic Applications (e.g., ftp, Web Access)– Fundamental Applications (e.g., Email)– High-End Applications (e.g., E-Commerce,

Training)





Services Security

End User Security

Control/Signaling Security

Management Security

THREATS

VULNERABILITIES

ATTACKS

Security Layers

Interruption

Fabrication

Interception

Modification

Security Planes



Services Security

End User Security


Management Security

THREATS

VULNERABILITIES

ATTACKS

Security Layers

Interruption

Fabrication

Interception

Modification

Security Planes

Security Planes

Control/Signaling Security Plane:• Enables the Efficient Delivery of Information,

Services, and Applications Across the Network• Machine-to-Machine Communications to

Determine How to Best Route or Switch Traffic Across the Network

• May Be In-Band or Out-of-Band

Management Security Plane:• Concerned with OAM&P of Network Elements,

Transmission Facilities, Operations/Business Systems

• Concerned with Management and Provisioning of Network Services and Applications

• Supports the FCAPS Functions• May Be In-Band or Out-of-Band

End-User Security Plane:• How Customers Access and Use the Network• Represents End-User Data At Rest and In Motion• End-Users May Use the Network For:

– Basic Connectivity/Transport– Value-Added Services (VPN, VoIP, etc.)– Access to Network-Based Applications (e.g.,

Email).

Vulnerabilities Can ExistIn Each Layer and Plane



Example: Applying Security Planes to Network Activities/Protocols

End User Security Plane: Activities

• End-User Data Transfer• End-User – Application Interactions

Protocols

• HTTP, RTP, POP, IMAP• TCP, UDP, FTP• IPSec, TLS

Control/Signaling Security Plane: Activities

• Update of Routing/Switching Tables• Service Initiation, Control, and Teardown• Application Control

Protocols

• BGP, OSPF, IS-IS, RIP, PIM• SIP, RSVP, H.323, SS7.• IKE, ICMP• PKI, DNS, DHCP, SMTP

Management Security Plane:

• Operations• Administration• Management• Provisioning

Activities Protocols• SNMP• Telnet• FTP• HTTP



Access Management

Authentication

Non-repudiation

Data Confidentiality

Communication Security

Integrity

Availability

Privacy

• Limit and Control Access to Network Elements, Services, and Applications.

• Techniques Include: ACL, Firewall, IDS, Password, Security Token, RBAC.

• Prevent the Denial of an Activity on the Network or Transmission Through a Network.

• Techniques Include: System Logs, Digital Signatures, Asymmetrical Encryption.

• Ensure Information Only Flows from the Source to the Destination.

• Techniques Include: VPN, MPLS, L2TP, Source Path Routing.

• Ensure network elements, services and application are available to legitimate users.

• Techniques Include: Reliable network design, IDS, network redundancy, and disaster recovery.

• Ensure Proof of Identity of the Claimed Entity (Person, Device, Application).

• Techniques Include: Shared Secret, PKI, Digital Signature, Digital Certificate.

• Ensure the Confidentiality of Data to Prevent Unauthorized Viewing.

• Techniques Include: Encryption.

• Ensure that Data is Received as Sent or Retrieved as Stored.

• Techniques Include: MD5, Digital Signature, Anti-Virus Software.

• Ensure that confidential information of end user, network element, and network architecture is not disclosed to unauthorized entity.

• Techniques Include: Encryption, Service Level agreement, etc.

Security Dimensions Address the Breadth of Network Vulnerabilities



Applicable To:• Wireless, Wireline and Optical

Networks• Voice, Data, and Converged Networks• Any Layer of the Protocol Stack• Management, Administrative and Data

Center Networks• SP Infrastructure Networks• Enterprise Networks

Acc

es

s M

an

age

me

nt



Services Security

End User Security


Management Security

THREATS

VULNERABILITIES

8 Security Dimensions

ATTACKS

Dat

a C

on

fid

en

tia

lity

Co

mm

un

ica

tio

n S

ec

uri

ty

Inte

gri

ty

Ava

ila

bili

ty

Pri

va

cy

Au

the

nti

ca

tio

n

No

n-

rep

ud

iati

on

Security Layers

Security Planes

Acc

es

s M

an

age

me

nt



Services Security

End User Security


Management Security

THREATS

VULNERABILITIES


ATTACKS

Dat

a C

on

fid

en

tia

lity

Co

mm

un

ica

tio

n S

ec

uri

ty

Inte

gri

ty

Ava

ila

bili

ty

Pri

va

cy Interruption

Fabrication

Interception

Modification

Interruption

Fabrication

Interception

Modification

Au

the

nti

ca

tio

n

No

n-

rep

ud

iati

on

Security Layers

Security Planes

Bell Labs Network Security Model

Vulnerabilities Can ExistIn Each Layer, Plane,Dimension

Supported by Government Agencies & Standards Bodies: NSIE NSTAC NRIC DHS

ITU-T SG17 Industry

Canada



Infrastructure Layer

Services LayerApplications

Layer

Management Plane

Module One Module Four Module Seven

Control/Signaling Plane

Module Two Module Five Module Eight

User PlaneModule Three Module Six Module Nine

Access Management

Authentication

Non-repudiation

Data Confidentiality

Communication Security

Integrity

Availability

Privacy

The Eight Security Dimensions Are Applied to Each Security Perspective

Methodical & Modular Approach to Network Security Analysis(The Bell Labs Network Security Model in Tabular Form)

Execute– Top Row for Analysis of Management

Network– Middle Column for Analysis of

Network Services– Intersection of Each Layer and Plane

for analysis of Security Perspective



Applying the Bell Labs Network Security Model to Security Programs

Maintenance

Implementation

SecurityProgram

Policies &Procedures

Technology

Definition & Planning

Ac

cess

Man

age

me

nt


Application Security

Service Security

End User Plane

Control Plane

Management Plane

THREATS

VULNERABILITIES


ATTACKSDa

ta C

on

fiden

tia

lity

Co

mm

un

ica

tion

Sec

uri

ty

Inte

gri

ty

Av

aila

bili

ty

Pri

vac

y

Interruption

Fabrication

Interception

Modification

Au

then

tica

tio

n

No

n-r

epu

dia

tio

n

Security Layers

Can Apply to Every Aspect of a Network Security Program• Definition & Planning: Helps define comprehensive Security Policies, Incident Response &

Recovery Plans and Technology Architectures by taking Security Dimensions, Layers and Planes into account

• Implementation: Forms basis of an assessment that examines how the Security Dimensions, Layers and Planes are addressed as Policies and Procedures are rolled out and technology is deployed

• Maintenance: Assists in managing the Security Policies & Procedures, Incident Response & Recovery Plans and Technology Architectures by ensuring modifications to the Security Program address Security Dimensions, Layers and Planes



BL Network Security Model in Action:Network Survivability Assessment Service

Analysis Phase

Data collection Phase

Recommendation Phase

Implementation/operation

HealthCheck

Health Check Iteration

AssessmentModule

RecommendationModule

InternalTest Module1

QuestionnaireModule

Customer Input

Module

Implementation/OperationModule

Bell Labs Network Security Model Network Survivability Assessment

ExternalTest Module2

Analysis Phase

Data collection Phase

Recommendation Phase

Implementation/operation

HealthCheck

Health Check Iteration

AssessmentModule

RecommendationModule

InternalTest Module1

QuestionnaireModule

Customer Input

Module

Implementation/OperationModule

Bell Labs Network Security Model Network Survivability Assessment

ExternalTest Module2



Conclusion

Bell Labs Network Security Model• Provides Comprehensive, End-to-End View of Network Security.• Applies to Any Networking Technology:

– Wireless, Wireline and Optical Networks.– Voice, Data and Converged Networks.

• Applies to Any Layer of the Protocol Stack.• Applies to Any Portion of a Network:

– Management, Administrative and Data Center Networks.– Infrastructure Networks.– Enterprise Networks.

• Widely Accepted by Government Agencies and Standards Bodies:– National Security Information Exchange (NSIE).– National Security Telecommunications Advisory Committee (NSTAC).– National Reliability and Interoperability Council (NRIC).– U.S. Department of Homeland Security (DHS).– Industry Canada.– ITU-T.

Comprehensive Network Security Assessments Based on BL Network Security Model• Tools and Techniques are used to Assess Security Layers, Planes, Dimensions.• Results are Provided in Terms of Network and Business Impact.

bell labs network security model

Documents