Add to collection(s) Add to saved
  1. Business

The role of ISP - VDC in promoting a culture of cybersecurity

advertisement 
The role of ISP - VDC in
promoting a culture of cybersecurity
Presented by:
Mr. Nguyen Chi Cong
Information Security Department - VDC
Contents
VDC Company Profile
VDC and Information Security
The role of VDC in promoting a culture of cybersecurity
VDC Company Profile
Introduction
Vietnam Datacommunication Company
A member of VNPT Group
Largest Internet Exchange Provider
(IXP)
SI and application solution provider
50%+ Internet market share
Unique service in 64/64 provinces
Best Internet Services Provider since
2001 (award by PC World Vietnam
Magazine)
Partner with almost famous national &
international corporations
A leading company
59,3% market share of Internet services
• 400K ADSL subscribers (50%+ market share)
• 450K Dial-up subscribers (50% market share)
• 3M VNN newsletter subscribers
16K iCafe nationalwide under VDC licensing
90% market share of data communication
87.2% international Internet bandwidth
• 5Gbps International links
Source: Business Department 5/2007
VDC positioning
Ministry of Post and Telematics (MPT)
Facility based operators
VNPT group
Viettel
Saigon Postel
(Army)
(joint-stock)
VP Telecom Hanoi Telecom Co.
(under Power Co.)
(under HANEL)
Mobile operators
MobiFone
GSM 2.5G
VinaPhone
GSM 2.5G
Viettel Mobile
GSM 2.5G
Sphone
CDMA 2000 1X
Hanoi Telecom Co.
CDMA 3G
Internet Exchange Providers
VDC
FPT
Communications
Viettel Internet
SaigonNet
SPT
Hanoi Telecom Co.
Online Service, content Providers (About 12)
VDC
FPT
Communications
SaigonNet
SPT
NetNam
…
Where we are ?
VDC1- Hanoi
The largest
Internet Exchange
Provider
VDC3 - Da Nang
VDC2 - Ho Chi Minh
Facts & figures
10 Mbps
Taiwan
Hà Nội
665 Mbps
International Gateway :
620 Mbps
5 Gbps
8 Mbps
Domestic backbone :
3x 2,5
Gbps
400 Mbps
2,5Gbps
Hong
kong
620 Mbps
China
Malaysia
USA
Đà Nẵng
1240 Mbps
TP HCM
Japan
155 Mps
Singapore
Korea
International links
NTTCom
Chunghwa
Telecom
Dacom
KORNET
Malaysia
Telecom
ChinaNet
Intelsat
PCCW
FUSION
SingTel
KDDI
T-systems
SPT
VDC
FPT
STM4
STM1
Vietel
xDS3
ETC
E1 and below
VNN Network
64 POPs in Vietnam with dedicated and dial in access,
almost with broadband Internet access
VDC Service provision
App. –
Customer
focused
Game, Video, Music,
Finance, B2C, B2B, G2B
Email, WWW, DNS,
Netnews, FTP, Colocation, Hosting,
Master Content
Data voice
VoIP
Netfax
Managed
IT
Billing,
Accounting,
CRM,
CSS,
Payment,
Post Solution,
Security
Frame Relay,
VNN/Internet,
VPN/VNN
Managed
network
Network
based
Components
Services
IT & Digital content
VDC Service provision
VNN/Internet Service
• Direct VNN/Internet Service
• Dial-up Access VNN/Internet
• Broadband Internet Service
• Wifi@VNN Service
• VPN/VNN Service
• VoIP 1717
• Fone VNN
Web Services
• Web Hosting Services
• Telehosting, Telehousing and IDC Service
• Online Advertisement
• Web Server ID
• E-learning Services
Datacommunication Services
• Data Transfer Services VietPac
• Frame Relay Service
VDC Service provision
E-Commerce
• VDC Super Market
• E-shop
Email Service
• Mail Offline
• Mail Plus
• Web Mail
IT Services
• Consultant for solution
Frame Relay,
• Solution DesignVNN/Internet,
VPN/VNN
• Software Development
• Integration and Deployment
• Training and Support
• Security Services
Focused business
Network
services
Basic
services
Email
Frame Relay, WWW
DNS
VNN/Internet,
Netnews
VPN/VNN
FTP
Security
IDC
(Internet
Data
Center)
Digital
content
Game
For ISPFOCUSED
Video
For
Subcribers
Music
For
FortuneCustomers
telling
Finance
Ecommerce
!
Colocation
Hosting
B2C
B2B
G2B
IT &
Integrated
services
Billing
Accounting
CRM
CSS
Payment
A winning team
La bo r Sk il l st r u c t u r e
Percentage
80.00%
•1000+ employees
•80% university degree
•3% Post-Graduated
•Young and skillful staffs
• with Microsoft, Oracle,
Cisco, Nortel certificates
70.00%
60.00%
50.00%
40.00%
30.00%
20.00%
10.00%
0.00%
Level of education
Post Graduated
University degree
Colleage Degree
Intermediate level
Vocational training
Secondary level
VDC Partners
TRANSIT
Partner
CUSTOMERS
SOLUTION
Partner
VDC and
Information Security
Challenges
Protection against attacks
• Secret Information
• Customer Information
• Accounts, Bill
• Business & Technical secret
• Keeping trust information
• Bill, network configuration
• Others business data
• Availability of system
• VDC always has to ensure
Damages
Direct losses to economy
• Bill lost, Bill value changed
• Services Interrupted
•…
Indirect losses to economy
• Lose prestige
• Brand name
•…
Risks
VDC is attractive target
• Bigest ISP in Viet Nam
• Possibility of making benefit
• Cause of scandal
Issues
Attackers
Professional crime
• Seeking for economical benefit
• Other benefit
Non-professional crime
• Almost is pupils, students, …
• Curiousness, discovery
• Self-assertion
• Immediate benefit
Protection Methods
Management methods
• Bulding up security staff
• In cooperation with appropriate authorities
• Policies, rules, processes
• Prevent from stealing 1260 account
Technical methods
• Design Secure System
• Authentication
• Access control
• Multi-layer protection (Physical Access, Network Protect, App
Protect, …)
• Supporting tools (Firewall, IPS, Web Filtering, …)
• Backup
• Carrying out by experts
• Monitoring, supervising and maintaining frequently (Firewall’s
warning, IPS, Logfile, network monitoring devices, other unexpected
problems)
Protection Methods
VDC’s Firewalls
• Using multi-layer firewalls for protecting VNN network layers
• Firewall technologies:
• Cisco PIX Firewall for Internet gateways
• Cisco Firewall Service Modules on Catalyst 6500 for Data
Centers
• Checkpoint Firewall for backend segments
Integrated Security Strategy:
Protecting VDC Networks
• Data Protection
BUILD
SECURE
Networks
w
with
ith security
security fully
fully
integrated
throughout
integrated throughout
the
the infrastructure
infrastructure
“cloud”
“cloud” to
to strengthen
strengthen
the
SP’s
ability
the SP’s ability to
to
deliver
all
network
deliver all network
services
services efficiently
efficiently and
and
safely
safely
ƒ
ƒ
•
•
•
•
•
•
•
•
•
Clean Pipes
NetFlow
Filtering of packets and routes
Rate limiting and other QoS enforcement
techniques
Classification and reclassification of traffic
Redirection of traffic
Traffic transit policies
Intrusion detection and protection
Analysis, profiling and monitoring of traffic
•Secure Connectivity
• Encryption
• Authentication
• System Protection
• Image and configuration archiving
• Selective management and
configuration views
• Stack protection
• Thresholding
• Image verification
• Password access
• Control plane policing
• CPU/Memory Thresholding
• Routing Protocol validation
• Trust & Identity
• Address, source and route validation
• Secure address allocation
• Reporting & Remediation
Integrated Security Strategy:
Protecting VDC Networks
BUILD
SECURE
Networks
w
with
ith security
security fully
fully
integrated
integrated throughout
throughout
the
the infrastructure
infrastructure
“cloud”
“cloud” to
to strengthen
strengthen
the
SP’s
ability
the SP’s ability to
to
deliver
all
network
deliver all network
services
services efficiently
efficiently and
and
safely
safely
ƒ
ƒ
Benefits:
• Network Reliability – Securing network infrastructure for
stable network operations
• Network Efficiency – Removing improper traffic from flow
to provide greater capacity and availability to legitimate traffic
• Cost Savings – Ability to quickly respond to evolving
security threats will minimize network disruption costs
• Service Assurance – Increasing provider’s ability to meet
SLA requirements
• Customer Trust – Through network reliability and service
assurance, service providers can earn customer loyalty and
decrease churn
VDC Infrastructure
Security framework
Endpt / CPE
ACCESS/AGGREGATION
CPE(s)
Broadband,
Wireless (3G,
802.11),
Ethernet, FTTH,
Leased Line,
ATM, FrameRelay
PE(s)
DATA/SVC
Center
CORE
L2 Agg.
P
PE
Peering:
• Policing
• Core Security
• Control Plane
ISP /
Alt. Carrier
P
P
P
P
CPE:
• Firewall
• IDS
• IPSEC
• Control Plane
Security
• Forwarding Plane
Security
• Re-DHCP—
subscriber
• Diversion
P
PEERING
Access and aggregation:
• Basic infrastructure
security role
• Control Plane Security
• Data Plane Security
• Firewall
• IDS
• IPSEC
• DHCP—subscriber (dial)
• Diversion (quarantine, clean
pipes)
• SSL
• Trust and Identity
P
P
Data/Service
Center
Service Center:
• Remediation (quarantine)
• Intrusion Detection/Prevention
• Anomaly detection
(Netflow+Arbor Peakflow DOS)
• Scrubbing
• Firewall
• Security Monitoring
Core:
• Data Plane
• Mgmt/Access
Plane
• Control Plane
• Core Security
Three VDC Security Directions
• Infrastructure Security
Up to now, security on edge devices has focused on protection from
reconnaissance, access, DDoS, etc.
9 Infrastructure security is a mandatory requirement for service “survival”
9 Security should be pervasive and consistent throughout every device integral to every port, every interface, every medium, every switch,
every router, every protocol, every service……..
• Clean Pipes
Service Providers introducing infrastructure protection services
9 SPs provide “scrubbed” traffic to users
• Managed Security Services (network and customer premise)
Increases in service outsourcing (VPNs, firewalling, IDS, content hosting)
drive security services into PE Devices
9 MPLS VPNs driving other virtualised services
9 Residential/SMB markets require network-based content and
functionality
VDC Network Security Features
Infrastructure
Security
Clean Pipes (DoS
Scrubbing)
Security
Services
Netflow
QoS
ACLs
uRPF
Lawful Intercept
Routing
High Availability
Authentication
Content Networking
Network Admission
Control
Dynamic Attack
Mitigation
IDS/FW
NBAR
MANDATORY
OPTIONAL + CUSTOMER CHOICES
Virtual Services
• VPN
• Firewalling
• IDS/ IPS
• Antivirus
• Web Filtering
Customers’ feedback
•
Various services meeting requirements from subscribers
•
Stable, reliable QoS
•
Subscribers’ information secured
The role of VDC in
promoting a culture of
cybersecurity
Activities
• ISP’s responsibilities
• Providing best services for customers
• Supporting 24/7
• PR activities
9 “Provding Internet for Remote areas” Project
9 “Providing Internet for Schools” Project
9 “Vietnamese Talents” Contest
9 Many others sponsoring activities
9…
• Reponsibilities for appropriate authorities
• Implementing Government’s assignment
• Supporting (internet connection, investigation, …)
• In cooperation with VNCERT
Thank you !
Related documents
Company Description Haselden Construction, LLC is a full service
Company Description Haselden Construction, LLC is a full service
Premise Control Unit
Premise Control Unit
code Technical specifications with sw DL 3155AL2RM BASE
code Technical specifications with sw DL 3155AL2RM BASE
EcoBreeze Humidity Transducer Install and
EcoBreeze Humidity Transducer Install and
150530_acted_rna_report_simgoan
150530_acted_rna_report_simgoan
Applicant`s Signature: ______ Date
Applicant`s Signature: ______ Date
Data Sheet - Flomotion Systems
Data Sheet - Flomotion Systems
technical specifications 24vdc/1 amp power supply vp-1024
technical specifications 24vdc/1 amp power supply vp-1024
Read their relief and assessment report
Read their relief and assessment report
E1 Line Termination Unit
E1 Line Termination Unit
Download
advertisement