the need for trust in communications networks carlos solari bell labs, security solutions may 2007
TRANSCRIPT
The Need ForTrust in Communications
Networks
Carlos Solari
Bell Labs, Security Solutions
May 2007
2 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
TopicsWe Are Not Winning the Security Challenge
Convergence – All Media IP – Will Bring New Challenges
Rethink the Approach: Design - Build Trusted Communications Networks
An Opportunity: Design In Now or Retrofit Later
3 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Lots of Data Telling Us…The Current Approach is Not Working:
Faster, Stealthier Exploits
Mths
Dys
Wks
2003 2004 2005
Avg. exploit in 2005 5.8 days.
Sources: CERT/CC, Symantec, NVD, OSVD
DDOS on the Rise
SPAM: 8 in 10 emails
4 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
The Challenge: Difficult, Multi-Dimensional, and In Flux
Point Prod’s
Point Roles
Security un-manageable and no single situation awareness
Weak Links
Prevalent
Inconsistent security applied to network components – un-trusted pieces make…Lack of
Universal Standard
That addresses security in a comprehensive way – so very difficult to integrate security
Data Control & Integrity
Data exchange requires better security controls
Sophisticated Cyber
Crime
From phishing and spyware to DDOS and Network Penetration Attacks
Reacting to infinite possible sources Ex: polymorphism
Blacklist Defenses IneffectiveIncreasing Network
Complexity
Increasing Network
Complexity
Increased vulnerabilityEx: firewall VOIP sessions
Exploitation
Window Zero-Day
Threat occur faster than we can detect and respond before it impacts business
Data Flooding
SPAM – SPIT – SPASMS tough to separate wanted info
Data Leakage
More personal data is online – uncertain protection
5 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Convergence – Many Benefits, Many Risks
•Consume RF b/w
•Battery drain
•Identity theft
•“SPIT”
•Scams
•Deperimiterization
•Data theft
•Scams
•Compromised system
integrity
Intersection of threats…beyond the reach of the law…
•Content theft
•Compromised privacy
•Scams
6 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
We Have a Window of Opportunity
Design Trusted Communications Networks
Now
7 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
It Will Take A Multi-Disciplined Approach
Network
&
Data
IntegratedSecurity
Eco-System
Defenses
Design
End-to-End
Security
System
(Standards)
Hardening
Imbed
IntegrityAttestatio
n
8 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Design-Build Secure Systems & Services
ISO 2700X and X.805/ISO 18028 Standards-based approach Security as a systematic, rigorous
process Applied to all network elements -
system In the Product Development Lifecycle
System
(Standards)
Hardening
ISO 2700X Provides the “what”
X.805 & ISO 18028-2…provides the “how” details
9 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Trust Can Be Required…
“My company can only do business with ISO 2700X certified businesses…”
“Are you certified?”
10 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
System Hardening – Standards Based
Bell labs Security Framework – Instantiated in ITU/T X.805, ISO 18028
Infrastructure Services Applications
End User
Control / Signaling
Management
Layers
Planes
MODULE 1 MODULE 4 MODULE 7
MODULE 2 MODULE 5 MODULE 8
MODULE 3 MODULE 6 MODULE 9
Access Control
Authentication
Non-Repudiation
Data Confidentiality
Comms Security
Data Integrity Privacy
Availability
Th
e X
.80
5 S
ecu
rity S
tan
dard
Th
e X
.80
5 S
ecu
rity
Sta
nd
ard
11 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
ISO/IEC 27001 enhanced by ITU-T X.805 / ISO 18028-2
Security Policy
Organizing Information Security
Human Resources Security
Asset Mgmt
Physical &Environment Security
Access Control
Communications & Ops Mgmt
Information Systems Acquisition,Development & Maintenance
Information Security Incident Management
Business Continuity Management
Compliance
ISO/IEC 27001:2005 Controls
Specify acceptable use policy for equipment.Sub-controls: Access control, Authentication, Non-repudiation
Restrict access to privileged information / applications to ensure service continuity.Sub-Controls: Authentication, Access Control, Non-repudiation
Harden network element or system before deployment.Sub-Controls: Access control, Availability
Maintain security of stored information.
Sub-Controls: Access control, Confidentiality, Integrity, Availability, Non-repudiation
12 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Employee Database
Enterprise Data Center
Module 6: Management Plane of Services LayerDesktop and Laptop Support
Help Desk
Module 9: Management Plane of Infrastructure Layer
Network Operations• File System Maint.• System Updates• Patch Mgmt., etc.
Corporate IT
Employee Information is accessed for:• Network Service Management• Network Infrastructure Management
Bell Labs Security Framework Dimensions Provide ISO/IEC 27001 Control A.10.9.2 ISMS Implementation and Operation Details
ISO/IEC 27001 Controls and X.805 Applied to the Real-World
Data Integrity -Use IPSec AH
Communications Security -Use VPNs
Data Confidentiality - Use IPsec ESP
Data Integrity -Protect files w/ checksums
Data Confidentiality -Encrypt files
Access Control - Use file system ACLs
13 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Opportunity…Deliver Secure Systems & Services
ISO 2700X and X.805/ISO 18028 Security as a systematic, rigorous
process Applied to all network elements From device to system, to
infrastructure Standards-based
System
(Standards)
Hardening
Imbed
IntegrityAttestatio
n
Integrity Attestation Apply integrity metrics
Measure at point of Creation, Delivery and in Operation
Access policy based on “integrity score”
Perform in “real-time’
14 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
The Issue of “Integrity Drift”
TimeTime
Co
nfid
en
ceC
on
fide
nce
IT system confidence degrades from boot timeIT system confidence degrades from boot time
100%
Applications are installedApplications are installedPatches are appliedPatches are applied
Change and routine maintenanceChange and routine maintenanceReformatting and rebuilding from scratchReformatting and rebuilding from scratch
The big unknown…when will it fail, what is the cause, what was
lost?
(by permission from SignaCert)
15 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
What if We Could Measure the Integrity…Report it, and Act on It?
TimeTime
Co
nfid
en
ceC
on
fide
nce
Confidence is constantly maintainedConfidence is constantly maintained
100%
System and Device-level System and Device-level Confidence and Trust Measured Confidence and Trust Measured
and Enforcedand Enforced
Restoring to a known and trusted Restoring to a known and trusted state is easystate is easy
(by permission from SignaCert)
16 | Engineering Society | May 2006 All Rights Reserved © Alcatel-Lucent 2006, #####
Summary We actually have the know-how to improve the state of
security
It is needed more than ever – especially as systems get more complex and we have greater dependency on these systems
By applying the ISO 2700X with X.805/ISO-18028 standards and Integrity Measurements, we can:
Baseline the state of security
Have a consistent way to measure it
Consistent application
Completeness
Repeatable
Scales to size and complexity of present and future networks