IP NGN Security Framework

InternationalTelecommunicationUnion

IP NGN Security Framework

Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia

[email protected]

ITU-T Workshop on“New challenges for Telecommunication

Security Standardizations"

Geneva, 9(pm)-10 February 2009



Scott Borg, Dartmouth College, Institute for Security Technology Studies

Mischief of course, but mostly money – a miscreant economy has evolved to steal or extort money from attractive targets

Yesterday’s Threats

Geeks and adolescents

Operated alone or with asmall group of friends

Interested in demonstratingProwess, gaining notoriety

Targeted individual computersor applications

Little or no businessSophistication

Today’s Threats

Professional hackers

Operating in syndicates orcooperatives

Interested in extortion, espionage, or economic gain

Targeting businesses,governments, and networks

BotNets for Sale…

IP NGN SecurityA Paradigm Shift in Miscreant Economy



IP NGN Secure PlatformWhat is IP NGN Security?

A hierarchical model for framing security discussions with service providers

Security PrincipalsSecurity Principals

Describes the primary Security Principals that are affected by

security policies

VisibilityVisibility

ControlControl

Security ActionsSecurity Actions

Describes essential actions that enable Visibility and

Control

IdentifyIdentify

MonitorMonitor

CorrelateCorrelate

HardenHarden

IsolateIsolate

EnforceEnforce

Business RelevanceBusiness Relevance

Describes customer-specific business goals, and the threats

to goal attainment

Business Goals and Objectives


Threats to Goals and Objectives


Security PoliciesSecurity Policies

Describes the iterative development and monitoring of

security policies

Threat and Risk

Assessment

Threat and Risk

Assessment


Security Operations

Security Operations



Adherence to social and legal requirements for parental control, data retention, and service monitoring is mandated in many markets

Regulatory Requirements Adherence

Safeguard BrandPublic disclosure of security or privacy breaches can destroy carefully managed marketing campaigns and brand reputation

Protect Service RevenueBusiness disruptions due to security events can result in both immediate and long-term loss of revenue

Security helps meet all key business goals and objectives for service providers:

Meet Customer Expectations / Minimize ChurnCustomers expect safe, private, reliable services, and they’re willing to change operators to get them…

Business RelevanceBusiness Goals and Objectives



Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary.

An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G

2G 3.5G

Isolated Highly Networked

No IP IP End-to-End

Simple Devices

Sophisticated Devices

Proprietary Services

Open Services

Few Security Targets

Numerous Security Targets

Little Risk Much Risk

Business RelevanceThreats to Business Goals Leads to Risk Analysis



IP NGN Security requires the definition of security policies, but is agnostic to the methodologies needed to create them

Developing Security PoliciesRisk Assessment Methodologies

eTOM – enhanced Telecom Operators Map

ITIL – Information Technology Infrastructure Library



Regardless of the risk assessment methodology utilized, the core steps are the same:

These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service

Threat ModelsHow can the device, service, or system be attacked, disrupted, compromised, or exploited?

Risk Assessments

What impact would an attack have on my business? How important is the asset?

Policy Development

What entities, attributes, processes, or behaviors can be controlled to prevent or mitigate each attack?

Developing Security PoliciesMany Methodologies – One Goal



IP NGN Security PrinciplesVisibility and Control

Security Policies always define a need or means to increase Visibility or Control

Visibility:Identify subscribers, traffic, applications, protocols, behaviors…Monitor and record baselines patterns for comparisons to real-timeCollect and correlate data from every source to identify trends, macro eventsClassify to allow the application of controls

Control:Limit access and usage per subscriber, protocol, service, packet…Protect against known threats and exploitsAuthenticate management- and control-plane access / trafficIsolate subscribers, services, subnetsReact dynamically to anomalous events

No visibility means no control; no control means no security Geneva, 9(pm)-10 February 2009

8


IP NGN Security ActionsIncreasing Visibility and Control

IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control

Identify

Monitor

Correlate

Isolate

Enforce

Harden

These actions, properly taken, enhance service security, resiliency, and reliability – primary goals for subscribers and operators alike



IP NGN Security ActionsIdentify

Identifying and assigning trust-levels to subscribers, networks, devices, services, and traffic is a crucial first step to infrastructure security

Identify Monitor Correlate Isolate EnforceHarden

Principal Actions Relevant Technologies

Identify and authenticate subscribers and subscriber devices (where possible)

Associate security profiles with each subscriber and device

Associate network addresses and domain identifiers subscriber devices

Classify traffic, protocols, applications, and services at trust-boundaries

Inspect traffic headers and payloads to identify subscribers, protocols, services, and applications

Authentication, Authorization, and Accounting (AAA) Servers

Extensible Authentication Protocols Deep Packet Inspection Network-Base Application Recognition Service Control Engines / Application

Performance Assurance DNS / DHCP Servers Service / Subscriber Authenticators Service Gateways Signaling Gateways Session Border Controllers



IP NGN Security ActionsMonitor


Any device that touches a packet or delivers a service can provide data describing policy compliance, subscriber behavior, and network health


Gather performance- and security-relevant data inherent to routers and switches

Log transactional and performance data at access and service gateways

Link IP traffic with specific subscribers devices, and origins whenever possible

Deploy protocol-, traffic-, and service-inspection for reporting and detection

Develop behavior baselines for comparison to real-time measurements

Employ command / change accounting

Netflow SNMP / RMON / SysLog Network / Traffic Analysis Systems Intrusion Detection Systems Virus- / Message-Scanning Systems Deep Packet Inspection Packet Capturing Tools SPAN / RSPAN Authentication, Authorization, and

Accounting (AAA) Servers DHCP / DNS Servers



IP NGN Security ActionsCorrelate


Important macro trends and events can often go unrecognized until other numerous – seemingly unrelated – events are correlated


Assure time synchronization throughout network and service infrastructures

Collect and collate data from distributed, disparate monitoring services

Analyze and correlate data to identify trends and macro-level events

Security Information Management Systems (SIMS)

Netflow Analysis Systems Event Correlation Systems Behavioral Analysis Systems Anomaly Detection Systems



IP NGN Security ActionsHarden


Hardening is the application of tools and technologies to prevent known – or unknown – attacks from affecting network or service infrastructures


Deploy layered security measures – defense-in-depth

Authenticate control-, and management-plane traffic

Authenticate and limit management access to devices, servers, and services

Prevent Denial of Service (DoS) attacks – state attacks, resource exhaustion, protocol manipulation, buffer overflows...

Validate traffic sources to prevent spoofing

Access Control Lists Authentication, Authorization, and

Accounting (AAA) systems Reverse-Path Forwarding Checks Control-Plane Policing Role-based control interfaces Memory and CPU thresholds Intrusion Detection Systems High-Availability Architectures Load Balancing



IP NGN Security ActionsIsolate


Isolating is a critical design practice then helps prevent access to critical resources, protect data, and limit the scope of disruptive events


Limit and control access to (and visibility into) transport-, operations-, and service-delivery infrastructures

Prevent visibility and access between different services, customers…

Create network zones to isolate based on functionality – DNS, network management, service delivery, access…

Define strict boundaries between networks, operational layers, and services of different trust-levels

Encrypt sensitive traffic to prevent unauthorized access

Virtual Private Networks Virtual Routing and Forwarding Route Filtering Routing Protocol / Transport Boundaries Firewalls IPSec and SSL Encryption Out-of-Band Management Demarcation / Functional Separation

Zones Access Control Lists



IP NGN Security ActionsEnforce


Shaping the behavior of subscribers, traffic, and services, as well as the mitigation of detected security events are the primary goals of enforcement


Prevent the entry and propagation of known exploits – viruses, worms, SPAM

Identify and mitigate anomalous traffic, events, and behaviors

Detect and prevent address spoofing Limit subscribers and traffic to

authorized networks, services, and service-levels

Shape and police traffic the assure compliance with established service level agreements

Identify and quench unauthorized protocols, services, and applications

Firewalls Intrusion Prevention Systems Remotely Triggered Black Holes Service Control Engines Traffic Classifiers, Policers, and Shapers Virus and Message Filtering Systems Anomaly Guards / Traffic Filters Quarantine Systems Policy Enforcement Points (Routers,

Access Gateways, Session Border Controllers)



IP NGN SecurityImplementation and Operations

IP NGN Security defines the actions and technologies to be implemented and operated by an organization

The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence



IP NGN SecuritySummary

Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability.

Security PrincipalsSecurity Principals

Describes the primary Security Principals that are affected by

security policies

VisibilityVisibility

ControlControl

Security ActionsSecurity Actions

Describes essential actions that enable Visibility and Control

IdentifyIdentify

MonitorMonitor

CorrelateCorrelate

HardenHarden

IsolateIsolate

EnforceEnforce

Business RelevanceBusiness Relevance

Describes customer-specific business goals, and the threats to goal

attainment






Describes the iterative development and monitoring of security policies

Threat and Risk Assessment

Threat and Risk Assessment

Security Policies

Security Policies

Security Operations Security Operations


IP NGN Security Framework

Documents

Transcript of IP NGN Security Framework