IP NGN security provides a framework for securing next generation networks through a hierarchical model. It describes key security principles of visibility, control and business relevance. The framework involves iteratively developing security policies through threat and risk assessment. It then outlines six fundamental security actions - identify, monitor, correlate, harden, isolate, and enforce - which apply policies to increase visibility and control through relevant technologies and improve security, resiliency and reliability for subscribers and operators.
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
IP NGN Security Framework
1. IP NGN Security Framework Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia [email_address] ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009 Geneva, 9(pm)-10 February 2009
2.
3. IP NGN Secure Platform What is IP NGN Security? A hierarchical model for framing security discussions with service providers Geneva, 9(pm)-10 February 2009 Security Principals Describes the primary Security Principals that are affected by security policies Visibility Control Security Actions Describes essential actions that enable Visibility and Control Identify Monitor Correlate Harden Isolate Enforce Business Relevance Describes customer-specific business goals , and the threats to goal attainment Business Goals and Objectives Threats to Goals and Objectives Security Policies Describes the iterative development and monitoring of security policies Threat and Risk Assessment Security Policies Security Operations
4.
5. Migration to 3.5G or IP networks brings changes threat landscape hence a Risk Analysis is necessary. An example for Mobile: Illustrate the effects of the evolution from 2G to 3.5G Business Relevance Threats to Business Goals Leads to Risk Analysis Geneva, 9(pm)-10 February 2009 2G 3.5G Isolated Highly Networked No IP IP End-to-End Simple Devices Sophisticated Devices Proprietary Services Open Services Few Security Targets Numerous Security Targets Little Risk Much Risk
6. IP NGN Security requires the definition of security policies, but is agnostic to the methodologies needed to create them Developing Security Policies Risk Assessment Methodologies eTOM – enhanced Telecom Operators Map ITIL – Information Technology Infrastructure Library Geneva, 9(pm)-10 February 2009
7. Regardless of the risk assessment methodology utilized, the core steps are the same: These steps result in the creation of security policies and guidelines that define the acceptable and secure use of each device, system, and service Developing Security Policies Many Methodologies – One Goal Geneva, 9(pm)-10 February 2009 Threat Models How can the device, service, or system be attacked, disrupted, compromised, or exploited? Risk Assessments What impact would an attack have on my business? How important is the asset? Policy Development What entities, attributes, processes, or behaviors can be controlled to prevent or mitigate each attack?
8.
9. IP NGN Security Actions Increasing Visibility and Control IP NGN Security defines six fundamental actions that apply defined policies, improving Visibility and Control These actions, properly taken, enhance service security, resiliency, and reliability – primary goals for subscribers and operators alike Geneva, 9(pm)-10 February 2009 Identify Monitor Correlate Isolate Enforce Harden
10.
11.
12.
13.
14.
15.
16. IP NGN Security Implementation and Operations IP NGN Security defines the actions and technologies to be implemented and operated by an organization The security of any given IP service depends greatly upon the network architecture, implementation, and organizational competence Geneva, 9(pm)-10 February 2009
17. IP NGN Security Summary Define a security model to reach operational excellence based on security policies and process gaining enhanced visibility, control and high availability. Geneva, 9(pm)-10 February 2009 Security Principals Describes the primary Security Principals that are affected by security policies Visibility Control Security Actions Describes essential actions that enable Visibility and Control Identify Monitor Correlate Harden Isolate Enforce Business Relevance Describes customer-specific business goals , and the threats to goal attainment Business Goals and Objectives Threats to Goals and Objectives Security Policies Describes the iterative development and monitoring of security policies Threat and Risk Assessment Security Policies Security Operations
Notas do Editor
Cable messaging could (conceivably) address their need to deliver wireless and quad-play ; Wireline messaging the need for a secure foundation over which to deliver managed security services …
Service Providers often have well-developed security management frameworks in place IP NGN Security relies on integration with these frameworks for Sec-Ops and Policy Development
Provides the foundation for proactive security services Allows the identification of end-node security posture, and the business context (roles, responsibilities, and capabilities) within which that node should be used Provides the basis for service differentiation (all services) Identification of malware Allows the implementation of white-lists for outbound services Implementation of traffic / security policies
Real-time macro and micro visibility into service and ip flows, network health Provides early trend warnings versus baselines to feed to mitigation processes Can provide input for archives / data retention / baselining / network modeling Provides input into capacity planning / SLA-reporting services Tight control over the revenue stream / operations
Adds context and intelligence to meta (raw) data collected during monitoring processes Allows the creation of behavioral baselines Abstraction of events to alarm instances
Maintains an appropriate security posture in real time versus a threat environment Creating a reliable infrastructure upon which to deliver services Provides dynamic protection against both known and Day-Zero threats
Limits collateral damage Prevents accidental data leakage / acquisition