IP NGN Security Framework ITU-T Workshop on “New challenges for Telecommunication
advertisement
ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009 IP NGN Security Framework Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia mkader@cisco.com Geneva, 9(pm)-10 February 2009 International Telecommunication Union IP NGN Security A Paradigm Shift in Miscreant Economy Mischief of course, but mostly money – a miscreant economy has evolved to steal or extort money from attractive targets Yesterday’s Threats Today’s Threats Geeks and adolescents Professional hackers Operated alone or with a small group of friends Operating in syndicates or cooperatives Interested in demonstrating Prowess, gaining notoriety Interested in extortion, espionage, or economic gain Targeted individual computers or applications Targeting businesses, governments, and networks Little or no business Sophistication BotNets for Sale… Scott Borg, Dartmouth College, Institute for Security Technology Studies Geneva, 9(pm)-10 February 2009 International Telecommunication Union 2 IP NGN Secure Platform What is IP NGN Security? A hierarchical model for framing security discussions with service providers Business Relevance Security Policies Security Operations Business Goals and Objectives Security Principals Security Actions Identify Visibility Monitor Correlate Threat and Risk Assessment Threats to Goals and Objectives Describes customer-specific business goals, and the threats to goal attainment Security Policies Describes the iterative development and monitoring of security policies Geneva, 9(pm)-10 February 2009 Harden Control Isolate Enforce Describes the primary Security Principals that are affected by security policies Describes essential actions that enable Visibility and Control International Telecommunication Union 3 Business Relevance Business Goals and Objectives Security helps meet all key business goals and objectives for service providers: Protect Service Revenue Business disruptions due to security events can result in both immediate and long-term loss of revenue Meet Customer Expectations / Minimize Churn Customers expect safe, private, reliable services, and they’re willing to change operators to get them… Safeguard Brand Public disclosure of security or privacy breaches can destroy carefully managed marketing campaigns and brand reputation Regulatory Requirements Adherence Adherence to social and legal requirements for parental control, data retention, and service monitoring is mandated in many markets Geneva, 9(pm)-10 February 2009 International Telecommunication Union 4 Business Relevance Threats to Business Goals Leads to Risk Analysis Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary. An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G 2G Isolated 3.5G Highly Networked No IP IP End-to-End Simple Devices Sophisticated Devices Proprietary Services Open Services Few Security Targets Numerous Security Targets Little Risk Much Risk Geneva, 9(pm)-10 February 2009 International Telecommunication Union 5 Developing Security Policies Risk Assessment Methodologies IP NGN Security requires the definition of security policies, but is agnostic to the methodologies needed to create them eTOM – enhanced Telecom Operators Map ITIL – Information Technology Infrastructure Library Geneva, 9(pm)-10 February 2009 International Telecommunication Union 6 Developing Security Policies Many Methodologies – One Goal Regardless of the risk assessment methodology utilized, the core steps are the same: How can the device, service, or system be Threat Models attacked, disrupted, compromised, or exploited? Risk Assessments What impact would an attack have on my business? How important is the asset? Policy Development What entities, attributes, processes, or behaviors can be controlled to prevent or mitigate each attack? These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service Geneva, 9(pm)-10 February 2009 International Telecommunication Union 7 IP NGN Security Principles Visibility and Control Security Policies always define a need or means to increase Visibility or Control Visibility: Identify subscribers, traffic, applications, protocols, behaviors… Monitor and record baselines patterns for comparisons to real-time Collect and correlate data from every source to identify trends, macro events Classify to allow the application of controls Control: Limit access and usage per subscriber, protocol, service, packet… Protect against known threats and exploits Authenticate management- and control-plane access / traffic Isolate subscribers, services, subnets React dynamically to anomalous events No visibility means no control; no control means no security Geneva, 9(pm)-10 February 2009 International Telecommunication Union 8 IP NGN Security Actions Increasing Visibility and Control IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control Identify Monitor Correlate Harden Isolate Enforce These actions, properly taken, enhance service security, resiliency, and International reliability – primary goals for subscribers and operators alike Telecommunication Geneva, 9(pm)-10 February 2009 Union 9 IP NGN Security Actions Identify Identifying and assigning trust-levels to subscribers, networks, devices, services, and traffic is a crucial first step to infrastructure security Principal Actions Relevant Technologies Identify and authenticate subscribers and subscriber devices (where possible) Associate security profiles with each subscriber and device Associate network addresses and domain identifiers subscriber devices Classify traffic, protocols, applications, and services at trust-boundaries Inspect traffic headers and payloads to identify subscribers, protocols, services, and applications Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Authentication, Authorization, and Accounting (AAA) Servers Extensible Authentication Protocols Deep Packet Inspection Network-Base Application Recognition Service Control Engines / Application Performance Assurance DNS / DHCP Servers Service / Subscriber Authenticators Service Gateways Signaling Gateways Session Border Controllers Harden Isolate Enforce International Telecommunication 10 Union IP NGN Security Actions Monitor Any device that touches a packet or delivers a service can provide data describing policy compliance, subscriber behavior, and network health Principal Actions Relevant Technologies Gather performance- and securityrelevant data inherent to routers and switches Log transactional and performance data at access and service gateways Link IP traffic with specific subscribers devices, and origins whenever possible Deploy protocol-, traffic-, and serviceinspection for reporting and detection Develop behavior baselines for comparison to real-time measurements Employ command / change accounting Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Netflow SNMP / RMON / SysLog Network / Traffic Analysis Systems Intrusion Detection Systems Virus- / Message-Scanning Systems Deep Packet Inspection Packet Capturing Tools SPAN / RSPAN Authentication, Authorization, and Accounting (AAA) Servers DHCP / DNS Servers Harden Isolate Enforce International Telecommunication 11 Union IP NGN Security Actions Correlate Important macro trends and events can often go unrecognized until other numerous – seemingly unrelated – events are correlated Principal Actions Relevant Technologies Assure time synchronization throughout network and service infrastructures Collect and collate data from distributed, disparate monitoring services Analyze and correlate data to identify trends and macro-level events Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Security Information Management Systems (SIMS) Netflow Analysis Systems Event Correlation Systems Behavioral Analysis Systems Anomaly Detection Systems Harden Isolate Enforce International Telecommunication 12 Union IP NGN Security Actions Harden Hardening is the application of tools and technologies to prevent known – or unknown – attacks from affecting network or service infrastructures Principal Actions Relevant Technologies Deploy layered security measures – defense-in-depth Authenticate control-, and managementplane traffic Authenticate and limit management access to devices, servers, and services Prevent Denial of Service (DoS) attacks – state attacks, resource exhaustion, protocol manipulation, buffer overflows... Validate traffic sources to prevent spoofing Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Access Control Lists Authentication, Authorization, and Accounting (AAA) systems Reverse-Path Forwarding Checks Control-Plane Policing Role-based control interfaces Memory and CPU thresholds Intrusion Detection Systems High-Availability Architectures Load Balancing Harden Isolate Enforce International Telecommunication 13 Union IP NGN Security Actions Isolate Isolating is a critical design practice then helps prevent access to critical resources, protect data, and limit the scope of disruptive events Principal Actions Relevant Technologies Limit and control access to (and visibility into) transport-, operations-, and service-delivery infrastructures Prevent visibility and access between different services, customers… Create network zones to isolate based on functionality – DNS, network management, service delivery, access… Define strict boundaries between networks, operational layers, and services of different trust-levels Encrypt sensitive traffic to prevent unauthorized access Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Virtual Private Networks Virtual Routing and Forwarding Route Filtering Routing Protocol / Transport Boundaries Firewalls IPSec and SSL Encryption Out-of-Band Management Demarcation / Functional Separation Zones Access Control Lists Harden Isolate Enforce International Telecommunication 14 Union IP NGN Security Actions Enforce Shaping the behavior of subscribers, traffic, and services, as well as the mitigation of detected security events are the primary goals of enforcement Principal Actions Relevant Technologies Prevent the entry and propagation of known exploits – viruses, worms, SPAM Identify and mitigate anomalous traffic, events, and behaviors Detect and prevent address spoofing Limit subscribers and traffic to authorized networks, services, and service-levels Shape and police traffic the assure compliance with established service level agreements Identify and quench unauthorized protocols, services, and applications Identify Monitor Geneva, 9(pm)-10 February 2009 Correlate Firewalls Intrusion Prevention Systems Remotely Triggered Black Holes Service Control Engines Traffic Classifiers, Policers, and Shapers Virus and Message Filtering Systems Anomaly Guards / Traffic Filters Quarantine Systems Policy Enforcement Points (Routers, Access Gateways, Session Border Controllers) Harden Isolate Enforce International Telecommunication 15 Union IP NGN Security Implementation and Operations IP NGN Security defines the actions and technologies to be implemented and operated by an organization The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence Geneva, 9(pm)-10 February 2009 International Telecommunication 16 Union IP NGN Security Summary Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability. Security Policies Business Relevance Security Principals Security Actions Identify Security Operations Business Goals and Objectives Visibility Monitor Correlate Threat and Risk Assessment Control Threats to Goals and Objectives Describes customer-specific business goals, and the threats to goal attainment Harden Security Policies Describes the iterative development and monitoring of security policies Geneva, 9(pm)-10 February 2009 Isolate Enforce Describes the primary Security Principals that are affected by security policies Describes essential actions that enable Visibility and Control International Telecommunication 17 Union