ALU’s360°approach to new vulnerabilities and threats 1 All RightsReserved©Alcatel-Lucent 2007,...
Transcript of ALU’s360°approach to new vulnerabilities and threats 1 All RightsReserved©Alcatel-Lucent 2007,...
1
All Rights Reserved © Alcatel-Lucent 2007, 21190
ALU’s 360° approach to new vulnerabilities and threats
Alberto Lotti – Chief Marketing Officer & Chief Technology Officer
Alcatel-Lucent Italy
November, 2007
All Rights Reserved © Alcatel-Lucent 2007, 211902 | Alcatel-Lucent | November 2007
Company overview
2
All Rights Reserved © Alcatel-Lucent 2007, 211903 | Alcatel-Lucent | November 2007
• We are an innovation powerhouse
• We have increased our distributed Professional Services resources
• We provide strategic consultancy to carriers and key industry players, institutions, for End-to-End and Transformation projects
• We have extended our reach, with privileged access to ICT advanced markets such as North America
• We have an advanced portfolio for network evolution, with 4G mobile, GPON fiber access, security solutions
Alcatel-Lucent
Alcatel-Lucent, the company that will drive the global communications transformation in the 21st century. Created on November 30, 2006
All Rights Reserved © Alcatel-Lucent 2007, 211904 | Alcatel-Lucent | November 2007
� Trusted partner to the 30 largest service providers,
and governments and enterprises worldwide
� 500+ customers
� More than 100 years of carrier-grade experience
� A leading “end-to-end” communications solutions integrator
� A leader in major areas defining next generation networks
� More than 80,000 professionals worldwide
� Presence in more than 130 countries
� Global Network Operations Centers (GNOCs) and Centers of Excellence
� Engineering and technical service centers around the world
� Global leader in communication technology
� #1 in wireline
� #3 in mobility
� in the top three in applications and services
� Comprehensive R&D portfolio, leveraging Bell Labs excellence
We design and deliver the systems, services and software that drive next-generation communications networks
Alcatel-Lucent
Global Expertise and Assets
Track Record of Success
CARRIER
BUSINESS
GROUP
ENTERPRISE
BUSINESS
GROUP
SERVICES
BUSINESS
GROUP
Alcatel-Lucent: First True Global Communications Solutions Provider
About Alcatel-Lucent
3
All Rights Reserved © Alcatel-Lucent 2007, 211905 | Alcatel-Lucent | November 2007
Targeted analysis and modelling of business processes, service
vision, operational environment and network architecture
and security
End-to-End integration of operations and business support
systems, applications, network infrastructure and security
systems in the framework of customers’ optimization,
evolution or transformation projects
Single point of accountability for end-to-end project
governance and full implementation
Engineering, staging, installation, test and turn-up, and site
location and construction
Full implementation of network infrastructure, application
platforms and OSS/BSS systems
Consult,
Design,
Integrate
Deploy
Alternative service partnership models offering partial out-
tasking or total outsourcing of selected NOC and field
operations
Hosted and managed services enabling rapid launch
of new services such as VoIP without heavy upfront
investment
Operate
Maintain Full range of support options encompassing proactive
monitoring, preventive actions, on-site and remote
technical assistance and spare parts repair and
management
AlcatelAlcatelAlcatelAlcatel----Lucent Services: Lucent Services: Lucent Services: Lucent Services: global reach and regional global reach and regional global reach and regional global reach and regional focusfocusfocusfocus�Serve top 30 carriers in more than 130 countries � 18,000+ network professionals� Support Centers
– GNOCs– IP Transformation Centers– Technical Assistance Centers– Call Centers– R&D Centers
� Multivendor, multi-technology capabilities supporting more than 1,600 products from more than 290 vendorsEnd-to-end
capabilities
We customize a tailored solution, leveraging a broad portfolio of capabilities
Alcatel-Lucent Services: A Leading End-to-end Integrator ― A Trusted Partner
For Change
About Alcatel-Lucent
All Rights Reserved © Alcatel-Lucent 2007, 211906 | Alcatel-Lucent | November 2007
Changing environments and challenges
4
All Rights Reserved © Alcatel-Lucent 2007, 211907 | Alcatel-Lucent | November 2007
The Telco and IT meeting point is now
Telecom evolution and IT evolution are converging having a common target to
complex Service Delivery Environments. This is particularly true where companies
offers leverage on network capabilities
Lots of efforts been made to evolve TLC
environments into IT-
like environments
SOA facilitating and
speeding up TLC and
IT merge
Best practices and standards to be
controlled
OpenSource adoption
pervading IT and TLC
more and more
SOA and WS are the “Trait d’Union” of “ITzation” of TLC and vice versa.
Many standards born to comply to. Many standards inherited from TLC world
and IT world, whose applicability is getting tougher because of technologies
getting newer (e.g. SOX, HIPAA, ISOxxx, PCI, Compliance, ITU-T)
Many open source code is now the foundation for SDE in TELCO and IT
companies (e.g. Eclipse, Linux, Telephony, OSS, Contact Centers)
Our approach to Security
All Rights Reserved © Alcatel-Lucent 2007, 211908 | Alcatel-Lucent | November 2007
Alcatel-Lucent Services Has Proven Its Capability in this convergent world…
Supported service provider’s compliance readiness efforts for SAS 70 audits
required of their services by building and modifying security policies, practices, and procedures, as well as assisting with remediation activities. Benchmarked program against ISO 17799 and developed policies and procedures for security operations center.
Served as trusted advisor for service provider’s
corporate security
program development
Helped an insurance carrier reduce risks
Alcatel-Lucent advice European Commission
on security
Helped and secured
VoIP traffic in many
financial institutions
Addressed security risks by producing a detailed roadmap to align policies, procedures and management control systems. Reduced security
exposures and validated regulatory compliance. Centralized policy management across 27 areas.
ALU Bell Labs provided a comprehensive analysis of the factors influencing the availability of Europe's electronic communications infrastructure, including
its Internet and mobile networks.
Rebuilt of security strategy and procedures because of VOIP and VPN
technology introduction. Built a new protection layer with ALU solutions.
Rebuilt Incident Management procedures and monitoring
Our approach to Security
5
All Rights Reserved © Alcatel-Lucent 2007, 211909 | Alcatel-Lucent | November 2007
� Shared Watch, Warn and Incident Response Team to monitor cyber threats and respond to attacks
� Mutualization of security survey, advisories and alerts delivery, crisis management for customers wishing to join
the CERT worldwide community through a representative organization
� CERT-Industry Services Tertiaire (IST) was created based on a consortium of partners, with Alcatel (1999) as the
leading provider in charge of service delivery
� Alcatel-Lucent is a member of the society, and remains the lead for service delivery
� Other members include CNES (Centre National d’Etudes Spatiales, France Telecom Orange, and Sanofi-Aventis.
More information on www.cert-ist.com
� Operation cost reduction due to the mutualization effect
� Privileged security exchange area: Security managers can exchange information and experience through the
CERT-IST society
� Access to the Forum of Incident Response and Security Teams (FIRST) worldwide security community through
the CERT-IST society
… and in Computer Emergency Response Team (CERT)
About Alcatel-Lucent Services: Security case study
Unparalleled expertise for competency transfer to help other create CERT or Incident
Response Teams capability
All Rights Reserved © Alcatel-Lucent 2007, 2119010 | Alcatel-Lucent | November 2007
Approach
6
All Rights Reserved © Alcatel-Lucent 2007, 2119011 | Alcatel-Lucent | November 2007
Alcatel-Lucent 360°approach to security
Alcatel-Lucent approach to Security
Global Strategy
� Policy
� Legal
� Standardization
� Intrinsically secure
systems design
� End-to-end solutions
� Dedicated services and
Solutions for Service
Providers and
Enterprise
� Awareness
� Rule and Regulation
� Control
Company Products
All Rights Reserved © Alcatel-Lucent 2007, 2119012 | Alcatel-Lucent | November 2007
The products
The Security Products
Global Vision Embedded in all the Systems
Dedicated Solutions
� Fixed, Mobile,
Satellite converging
networks
� End-to-End Solutions
development
� Network provided
with Overview and
Management
� Proactive approach
to Cryptography,
Legal Intercept and
Data Retention
� Intrinsic security at
Equipments,
Networks and
System level
� Network Elements
Recognized and
Authenticated
before operation
� Inter-equipments
communications
verified and
validated
� Services
� Operation Centre
� Systems
7
All Rights Reserved © Alcatel-Lucent 2007, 2119013 | Alcatel-Lucent | November 2007
The dedicated solutions
The Dedicated Solutions
Security Consulting & Integration
Managed Security Systems
� Security Risk
Assessment
� Security Design And
Integration
� Business Continuity
& Disaster Recovery
(BCDR) planning
� Security strategy,
policy & compliance
� Threat Management
� Emergency Response
� Security Monitoring
and Supervision
� Recovery Actions
� Secure Access Network
Access Control
� DNS/DHCP IP Management
� Performance Management
� Laptop Guardian
� Antivirus and Quarantine
� Firewall
� Legal Interception In
Network and in Field
� Data Retention and
Retrieve
All Rights Reserved © Alcatel-Lucent 2007, 2119014 | Alcatel-Lucent | November 2007
The cornerstone: ITU/X805, ISO 18028.2
The Bell Labs Security Framework• ITU/X.805 Security Standard
• ISO 18028 Security Standard
The Bell Labs Security Framework• ITU/X.805 Security Standard
• ISO 18028 Security Standard
Infrastructure Services Applications
End User
Control / Signaling
Management
Layers
Planes
MODULE 1 MODULE 4 MODULE 7
MODULE 2 MODULE 5 MODULE 8
MODULE 3 MODULE 6 MODULE 9
Access Control
Authentication
Non-Repudiation
Data Confidentiality
Comms Security
Data Integrity Privacy
Availability (9 Modules X 8 Cells = 72 Security Cells)
The Bell Labs Security Framework
Building Security in the DNA of Complex SystemsBuilding Security in the DNA of Complex Systems
8
All Rights Reserved © Alcatel-Lucent 2007, 2119015 | Alcatel-Lucent | November 2007
Services One-Page Overviews
All Rights Reserved © Alcatel-Lucent 2007, 2119016 | Alcatel-Lucent | November 2007
Breadth Of Security Services
SECURITY RISK ASSESSMENT
Comprehensively assess
the organization and the
network to reveal security exposures and
weaknesses in policies
and practices, and
define mitigation options
SECURITY ARCHITECTURE AND
DESIGNDevelop security
architectures and
detailed design
documentation based on business drivers
Security Consulting and
Integration:Understand the risk and create a
solution to protect your
network
Business Continuity /
Disaster Recovery Services:Plan for and
enable secure ongoing
operations
SECURITY STRATEGY, POLICY & COMPLIANCE
Develop overall security
program and policies
tailored to the organization, and guide
implementation and
training; Perform
compliance readiness, remediation or
validation activities
THREAT MANAGEMENT
Threat prevention and
management through
vulnerability detection,
service risk management and recommended
corrective measures;
Incident response and
crisis management via CERT-IST
SECURITY POLICY AND ARCHITECTURE
INTEGRATIONImplement and test
security network
architecture solutions to
support business requirements and
security policies
IMPACT ANALYSIS
Recommend
recovery strategy
based on a cost-benefit analysis
considering
potential business
impacts and recovery
requirements
GAP ANALYSIS
Provide objective
evaluation of current
business continuity
operations against
best practices, and identify
improvements
PLAN DESIGN AND DEVELOPMENT
Develop a task-
oriented recovery
plan, communicate
key aspects to staff,
formalize knowledge transfer and lead
change management
PLAN TESTING
Develop a structured
continuous testing
plan to ensure
preparedness and
success, including specific testing goals
and analysis
activities
RISK ASSESSMENT
Identify the
vulnerabilities of
mission-critical systems, networks,
and information
assets and
processes, and create mitigation
approaches
PLAN MAINTENANCE
Establish a
framework within
which business continuity plans can
be reviewed on a
regular basis or in
response to major changes
About Alcatel-Lucent Services: our services portfolio for Security
Managed Security Services:
Outsource key elements of your security solution
MANAGED INTRUSION DETECTION AND PREVENTIONMonitor, analyze, and manage IDS
events, allowing for real-time
response and escalation of
unauthorized activities
MANAGED VPNMonitor and manage VPN
service, including health and
performance monitoring
MANAGED FIREWALLRemotely manage firewall
appliances, providing real-time
network security monitoring,
threat identification, reporting,
and policy implementation
SECURITY EVENT MONITORING (SEM)
Event monitoring and
correlation of security events
across network elements
9
All Rights Reserved © Alcatel-Lucent 2007, 2119017 | Alcatel-Lucent | November 2007
Product Overviews
All Rights Reserved © Alcatel-Lucent 2007, 2119018 | Alcatel-Lucent | November 2007
Security Solution: Technologies
Alcatel-Lucent’s Integrated Security Eco-System
CloudControl
VitalQIP
VitalAAA
Laptop Guardian
NAC
VitalNet
(SEM)
Vital ISA
(SRM)
LSMS
IDS/IPS/AV/AS urlfiltering
Rules-Based-Routing: Shunting Traffic by Protocol
At all Perimeter Sites
Separation by Zones, Functions or Applications
Separating Various Departments
Vulnerability Scanner
A-L 8950 ServiceRisk Management
CloudControlCloudControl
VitalQIP
VitalAAA
NAC
VitalNet
(SEM)
Vital ISA
(SEM)
Vital ISA
(SRM)
LSMS
IDS/IPS/AV/AS urlfiltering
Rules-Based-Routing: Shunting Traffic by Protocol
At all Perimeter Sites
Separation by Zones, Functions or Applications
Separating Various Departments
Vulnerability Scanner
A-L 8950 ServiceRisk Management
Ecosystem of products and solutions
Ecosystem of partners
10
All Rights Reserved © Alcatel-Lucent 2007, 2119019 | Alcatel-Lucent | November 2007
OmniAccess 3500 – NLG in Brief – The laptop guardian
Secure Corporate Enclave
� Configuration
� Data protection
� Patch management
� Policies
WiFi3G
WiMAX
Connected?
Firewall
� Trusted computer-within-a-computer
� Always-on – even when laptop is off
� Remote “kill” capability & mgmt
� Policy enforcement
� Local quarantine
� Secure all networking interfaces
� Off-hour back-ups and patching
� GPS
� Authentication
� Auto VPN
� Third party capabilities
Trust-basedLink
Worms / Viruses / Intrusion /
Disk Access / Data Tampering /
Content Theft / OS Integrity
All Rights Reserved © Alcatel-Lucent 2007, 2119020 | Alcatel-Lucent | November 2007
Solution Component Highlight: Brick® VPN Firewall Portfolio
Our approach to Security
Prevention & Verification
Centralized managementthrough the Alcatel-Lucent
Security Management
Server
Proven 8 year track record
Fully redundant: no single point of failure
Denial of Service protection
Plug and play: flexible deployment options
Virtually Invulnerable Secure operating systemdeveloped at Bell Labs
Fault Tolerant
Redundant
Bricks
Access
Platform
Internet
Routers
Telco
cloudRules-Based
Routing
802.1q
Tagged Trunk
Load sharing
URL
Blocking
Virus
Scanning
Intrusion
Detection
Brick® 50/150 VPN Firewall
Brick® 1200VPN Firewall
ExistingRouter
ExistingRouter
ExistingRouter
Brick® 700VPN Firewall
Alcatel-Lucent Security
Management Server
Active/ActiveManagement
Designed using the ITU-T/X.805 Framework
11
All Rights Reserved © Alcatel-Lucent 2007, 2119021 | Alcatel-Lucent | November 2007
Alcatel-Lucent Brick® VPN Firewall Portfolio
Created by the Founders of Firewall Technology
• Brainchild of the Alcatel-Lucent Bell Laboratories Research team to meet stringent security requirements for classified research network
• Development began in 1996, with first commercial products delivered to commercial market in 1998
Innovator in numerous areas of Firewall Technology
• Centralized Management
• Firewall Virtualization
• Generalized DoS Protections
• Bell Labs patented security algorithms
Globally deployed in numerous customer environments
• Extensive base of global service providers – for both internal network protection, as well as premises or network-based Security Managed Services
• Government agencies
• University/Campus environment
• Multi-site enterprises seeking high security with low ownership costs.
Our approach to Security
Alcatel-Lucent VPN Firewall Brick® awarded by "Network Computing“ in 2007 for hi
perfomance
All Rights Reserved © Alcatel-Lucent 2007, 2119022 | Alcatel-Lucent | November 2007
Solution Component Highlight: AccessGuardian
AccessGuardian is a comprehensive set of security features embedded in Alcatel-Lucent’s OmniSwitch IP Networking portfolio
Enable and enhance your security solution with an Alcatel-Lucent switch infrastructure
Our approach to Security
Authentication
Host Integrity
Role-based Access
QuarantineIntrusion Detection
End User Security
� Authentication
� Switches provide “auto-sensing authentication”
�Includes 802.1x, MAC authentication, Group mobility
� Host Integrity (NAC)
� Switches enhance various NAC enforcements methods (MNAP, etc.)
�802.1x flexibility enables deployment of NAC
�DHCP snooping and lockdown for DHCP-based NAC
� Role-based Access
� Wire-speed ACL and QOS policies aid in limiting user traffic to appropriate areas
� Monitoring
� sFlow-enabled switches provide visibility to network patterns and security threats
� Quarantine
� Quarantine Manager-enabled switches disable intruders at the network edge
CrystalSec End User Security
12
All Rights Reserved © Alcatel-Lucent 2007, 2119023 | Alcatel-Lucent | November 2007
Alcatel-Lucent Enterprise LAN Switches Provide Complete Edge to Core Solutions
� Campus core
� Data center
� High density distribution
High end modular core switches L3
� Availability, performance
� 10Gig, IPv4 and IPv6
� Advanced Routing and QOS
� PoE, Fiber
Multiservice modular switches L3
� Built for convergence
� 10/100, Gigabit and ATM
� PoE
� Wiring closet
� Highest availability
� ATM to Gig migration
Advanced stackables
� Virtual chassis
� 10/100 and 10/100/1000
� PoE, fiber
� 10/100 upgradeable to Gig
� Converged wiring closet
� Aggregation and data center
� Triple play Ethernet access and aggregation
Entry level fixed configuration
� Wire-speed L2+ services
� 10/100, 10/100 PoE
� Wiring closet
� Triple play Ethernet access
OmniVista Netw
ork Management
OmniSwitch980097009600
OmniSwitch7800 7700
OmniSwitch6850 / L 6800 / L6600
OmniStackLS 6200
All Rights Reserved © Alcatel-Lucent 2007, 2119024 | Alcatel-Lucent | November 2007
Solution Component Highlight: OmniVista 2770 Quarantine Manager
Quarantine Manager, a network management application providing network quarantine security. Improving and simplifying network protection through a unified network management and security platform
What we do:
� OmniVista NMS software application
� Converging network Management and
network Security
� Preventing Network access of non-
compliant users
� Ability to isolate non-compliant user
based on IPS/IDS intrusion
notification
� Avoiding Contamination to the rest of
the Network
� Isolating non-compliant user, either
at Edge, Core, Branch or wireless
� With Supervision & Management tools
for Network Manager
What we deliver:
• Open Solution
• Interfaces with any-third
party devices IDS/IPS
Syslog
• Supports Multi-vendor
networks with Alcatel at
edge or Aggregation
• One Touch solution to
deploy and operate
• Pre configured rules and
Containment actions
• Still totally flexible
• Either complete
automation or manual
operation .
Protect your Infrastructure, assets from Potential liability due to network intrusion through Network Quarantine automation
Intrusion detection
Security Policy and Network Automation
Security Compliance
Intrusion containment
Network Quarantine
Our approach to Security
13
All Rights Reserved © Alcatel-Lucent 2007, 2119025 | Alcatel-Lucent | November 2007
Fortinet Unified Threat Management
Fortinet offers an array of multi-threat security solutions that help businesses of all sizes meet their security challenges and
enable a safe and clean communications environment.
The Basics:
FortiGate systems integrate the industry's broadest suite of security protections -including firewall, VPN, antivirus, intrusion prevention (IPS), Web filtering, antispam, antispyware, and traffic shaping - that can be deployed individually or combined for a comprehensive unified threat management solution.
Our approach to Security
“…can detect and mitigate a broad range of network threats while reacting very quickly to new and emerging threats in the field. “
– CurrentAnalysis
All Rights Reserved © Alcatel-Lucent 2007, 2119026 | Alcatel-Lucent | November 2007
Solution Component Highlight: VitalAAA - Access Policy Management
High performance access policy management for WWAN, WLAN, Switched, Dial, DSL, VPN and other controlled network access applications
What we do:
� Provide AAA (Authentication,
Authorization & Accounting) services
for network access elements
• PDSN/GGSN
• NAS/RAS/BRAS
• VPN
• Access user information stored in local
databases and directories
� Track, manage and limit active sessions
� Provide a single, cohesive access policy
for the entire network from a single platform
� Save usage data to virtually any database or file format desired
� Interface with other AAA systems for roaming
What we deliver:
• A single management point
for managing access policies
for all network access media
• Compressive reporting,
logging and error, fault and
alarm managements
• Integration with existing HR
and customer care systems
• Excellent performance on
low-end hardware
• Complete training and
professional services
• Solid standards compliance
Get control of your access policy. Integrate all forms of access into one, versatile centralized AAA policy engine.
Secure Authentication
Powerful Accounting
Unequaled logging
Flexible Authorization
Access Control
Our approach to Security
Server Management Tool
Logging and Statistics
PolicyFlow Language
Standards Compliant RADIUS & DIAMETER Protocols
Intelligent Request Queue
Universal AAA Dictionary
PolicyFlow ProgramPolicyAssistant
• Wi-Fi
• WiMax
• etc
14
All Rights Reserved © Alcatel-Lucent 2007, 2119027 | Alcatel-Lucent | November 2007
Alcatel-Lucent VitalAAA has proven itself time and time again…
VitalAAA is now the global operating standard for the entire mobile and fixed line
operations of Spain’s largest telecommunications Operator. Used for everything
from securing the internal network to managing customer access to their state of
the art UMTS network, VitalAAA literally sets the standard.
The Global Standard for one of the largest
telecoms in Europe & Latin America
Integrates VPN, LAN
and Wireless LAN
access policy
Connects to existing
databases and
information systems
Prepared for the
future
By use of a common AAA policy engine, VitalAAA provides enterprise
operators with a single point of policy application. VitalAAA integrates
information about active sessions and user location to offer pinpoint
accuracy for your access security.
Integrating VitalAAA into your existing infrastructure is a snap. With support for
any SQL compliant database or LDAP directory schema VitalAAA allows you to
take advantage of your existing data systems including all your data
provisioning and management systems and practices.
The Alcatel-Lucent AAA team is actively involved in the international
standards bodies and is committed to keeping VitalAAA up-to-date with new
and emerging standards.
Our approach to Security
All Rights Reserved © Alcatel-Lucent 2007, 2119028 | Alcatel-Lucent | November 2007
VitalQIP® DHCP/DNS IP Address Management Software
Market Leading IP Address Management SoftwareEnhances Profitability and Productivity
The Basics:
• Configuring network nodes with IP address, mask, gateway, etc.
• Monitoring address usage to ensure efficient deployment
• Configuring DNS servers with each node’s name and IP address
What we deliver:
• A consistent, accurate IP name and address inventory
• High availability for clients/subscribers
• Ability to manage diverse DHCP/DNS infrastructure
• A scalable IP management architecture
• The ability to control operating expenses through automation
• High performance access for clients/subscribers
• Control system access through a secure infrastructure
• Support for new technology such as VoIP, ENUM, RFID, IPv6, etc.
Our approach to Security
“IPAM solutions greatly simplify not only the management and accuracy of network records, but they also simplify their provisioning as organizations grow, merge together,
and look to deploy these next-generation network applications.”The Burton Group
15
All Rights Reserved © Alcatel-Lucent 2007, 2119029 | Alcatel-Lucent | November 2007
Alcatel-Lucent VitalQIP Has Proven Its Capability…
Our approach to Security
Leading Market share in segment -- IDC,
Giga
Leading DHCP server performance --
Exodus Labs
Numerous recognition awards including:
� Network World Blue Ribbon
� Network Testing Labs World Class
Award
� Network World Clear Choice Award
� SC Magazine 2006 Awards Finalists
� Best Integrated Security Software
� Best Enterprise Security Solution
IPAM/DNS/DHCP is the single critical element in the IP network that must be "always on." -IDC
All Rights Reserved © Alcatel-Lucent 2007, 2119030 | Alcatel-Lucent | November 2007
Alcatel-Lucent 8950 SRM Application
Alcatel-Lucent 8950 SRM is a proactive, non-intrusive service risk management
system that reduces the overall costs of prioritizing vulnerability management
activities, thereby enabling organizations to reduce the costs associated with
avoidable security incidents.
What we do:
� Create a security object model (SOM) based
on data provided through integration with
OSS/NMS/ITMS systems
� Map vulnerabilities to the SOM as they
are published from the Alcatel-Lucent
Vulnerability Service
� Determine the risk those vulnerabilities
pose to specific assets and to the higher-level
services (like IPTV) that they support
� Prioritize based on the risk the vulnerabilities
present to the service delivery infrastructure
What we deliver:
� Prioritized list of business-
impacting vulnerabilities
� Simulation mode to
analyze planned changes
to infrastructure
� Detailed reporting to
support tactical,
operational and regulatory
compliance requirements
Our approach to [solution name]
Process Automation Is the Key to Efficiency
16
All Rights Reserved © Alcatel-Lucent 2007, 2119031 | Alcatel-Lucent | November 2007
Alcatel-Lucent 8950 Service Risk Management System
How It Works
� Builds a physical model — existing data
� Overlays business service relationships
� Analyzes against known vulnerabilities
� Aggregates vulnerabilities — prioritizes
Primary Uses
� Near-real-time vulnerability modeling and
mitigation
� What-if scenario modeling
Other Features
� Integrates with existing ticket systems
� Simulations — what-if scenarios
� Detailed ad hoc and pre-set reports
OSS/Inventory Interface
Asset Map
RiskReports
Risk Simulator
Security Object
Model
Security State
Engine
Vulnerability Interface
Northbound Interface
NSP
CSP
ASP
BSR (7750 SR)
Remote Network Access Aggregation IP Service Edge Service Networks
FTTx
xDSL
IT/Network Infrastructure
ISAM
BSA (7450 ESS)
NMS
ApplicationsInventory
Applications
Alcatel-Lucent
Vulnerability
Service
TicketingSystem
All Rights Reserved © Alcatel-Lucent 2007, 2119032 | Alcatel-Lucent | November 2007
Alcatel-Lucent ViSS (Video Surveillance System) Network Solution: compelling
and unique features
� Remote video surveillance
� 3G interworking
� Intelligent alarm system
� Configuration management
� Client interface
� GIS integration
� Forbidden zone alarm
� Statistics
� Behaviour analysis
� Pedestrian flow management
� Location based services
� Face recognition
17
All Rights Reserved © Alcatel-Lucent 2007, 2119033 | Alcatel-Lucent | November 2007
Alcatel-Lucent 8636 ViSS Network Solution
TV WallLarge-scale TV wall
Digital video
Matrix
Digital video
Matrix
City Class Surveillance Center (Class 3)
District/County class Surveillance Center
(Class 2)
Police Station/Accessing Point (Class1)
Front-end Surveillance Point
MAN
Radius
server
MAN
SMG Client
DVS Camera
DVS Camera
MAN
SMG
Client
MAN
SMG
Client
CSG SA
Level 1 Access node
SA
SA
EMSSMG
All Rights Reserved © Alcatel-Lucent 2007, 2119034 | Alcatel-Lucent | November 2007
Conclusions
18
All Rights Reserved © Alcatel-Lucent 2007, 2119035 | Alcatel-Lucent | November 2007
Assurance of secure systems
Secure architectures for evolving
communications and services
infrastructure
Partnerships and collaborations
that reduce your time to market
for implementing trusted
networks
Knowledge and insight into latest
alerts and impact on products for
growing occurrence of alerts
An integrated security portfolio
(eco-system) to protect the
network
Trusted Networks Gives You:
Secure By Design – System Defense
Security embedded in development lifecycle with
testing, audit and certification checks
Security Incident & Response
Providing rapid knowledge, education and
response to AL customers for vulnerabilities
Security Incident & Response
Providing rapid knowledge, education and
response to AL customers for vulnerabilities
Secure by Design – Networks and Services
Security as fundamental part of network
and service architectures (IPTV, UMA, IMS, LAN, PBX)
Security Collaborations and Partnerships
Working with greater security community
to deliver trusted networks and services
(VOIPSA, ATIS, 3GPP, CERT-IST)
Integrated Security Eco-System
An integrated security portfolio of products to
act within the threat exploitation window
Alcatel-Lucent Security Strategy
All Rights Reserved © Alcatel-Lucent 2007, 2119036 | Alcatel-Lucent | November 2007
� Leadership in key standards boards:
� National Security Telecommunications Advisory Committee
� FCC Network Reliability and Interoperability Council
� ANSI Homeland Security Panel
� Standards-setting through key authorship
� Published multiple Security texts
� Published in ISSA Journal, Network World, and Security Management magazine
� Highly-qualified staff with outstanding individual accomplishments – examples:
� CISSP and ISO 27001 certifications
� CIA, Defense Intelligence Agency, National Security Agency, US Special Operations Command
� Past Advisor to White House Offer of Cyber Security
� Inventors of widely-used algorithms, cryptographic systems and software including FreeLIP
� Founder and President of the Wireless Emergency Response Team
� Chair, FCC Network Reliability and Interoperability Council
� Master Recovery Planner credentials
Our People Have Network Expertise and Global Presence
The foundation of our capabilities is the strength and
experience of our skilled consultants
Why Alcatel-Lucent:
WORLD-CLASS PEOPLE AND EXPERIENCE
KNOWLEDGE ASSETS
PROVEN APPROACH AND METHODOLOGY
World-class security expertise
About Alcatel-Lucent Leadership and Expertise in Security
19
All Rights Reserved © Alcatel-Lucent 2007, 2119037 | Alcatel-Lucent | November 2007
Alcatel-Lucent’s Resources Are Pioneers In the Knowledge That Drives Security
Advancements
Why Alcatel-Lucent:
WORLD-CLASS PEOPLE AND EXPERIENCE
KNOWLEDGE ASSETS
PROVEN APPROACH AND METHODOLOGY
Patents and industry leadership:
� Hundreds of patents in security, cryptography, biometrics, firewalls, denial of service and virus detection
� ITU Standards Visionary (X.805)
� Major player in ITU-T SG 17 – Lead Study Group on Communication System Security
� CERT-IST, FIRST
� Bell Labs leadership in:
� Creation of new cryptography (SHAZAM for CDMA2000, PAK)
� Breaking of old cryptography (PKCS#1, DSA, SOBER, Clipper)
� Development of optical-rate encryption ciphers and NSA-certified encryptors
� Pioneering work in provable security
� Biometrics (voice authentication, with secured models)
� High-speed encryption hardware (e.g. for SANs)
� Integration of 802.11 and 3G AAA
� Watermarking
� Firewalls, firewall rule analysis, honeypots
� Fraud detection
� Viruses, Trojan horses, worms
� Secure multi-party computation, timed release of information, signature methods to cope with identity theft
� Shannon condition for unconditionally secure ciphers
About Alcatel-Lucent Leadership and Expertise in Security
All Rights Reserved © Alcatel-Lucent 2007, 2119038 | Alcatel-Lucent | November 2007
We Apply a Disciplined Methodology
� Consistent, proven approaches and models applied worldwide to enable highest business value
� Flexible deployment methodologies provide cost-effective results with minimal disruption to ongoing operations
� Defined methodology sets expectations and provides a framework for results and deliverables
� Tailored network assessment techniques to fit scope
Why Alcatel-Lucent:
WORLD-CLASS PEOPLE AND EXPERIENCE
KNOWLEDGE ASSETS
PROVEN APPROACH AND METHODOLOGY
� Proven methodologiesensure highest-quality solution delivery
� Project management processesincorporate knowledge-sharing systems and processes
About Alcatel-Lucent Leadership and Expertise in Security
Alcatel-Lucent Services