Digital Identity is Under Attack: FIDO Paris Seminar.pptx
TR-069 Device Management Solution Cloud Version
1. Friendly TR-069 Device Management
Solution Cloud Version
January 2016
Start
The IoT & Device Management Company
Smart Home
Open Platform
Internet of Things/M2M
Management
Device Management
for Fixed & Mobile
2. Friendly Technologies Mission
www.friendly-tech.com
2
Friendly Technologies is a leading provider of carrier-class device management
software for IoT/M2M, Smart Home and Triple Play services. Our best-of-breed
approach enables service providers to avoid device dependency and manage
multiple types of devices on a single platform.
Friendly’s platform enables customers to automatically connect and provision
new devices, monitor QoE, configure and update firmware remotely, and
streamline their support services, while its server and cloud-based solutions
offer analytical insights to service providers.
4. Friendly Technologies at a Glance
www.friendly-tech.com
4
Software solution developer, serving Carrier and xSP market since 1997
The most installed Unified Device Management solution in the world
Focused on Device Management since 2006
Strong global network of local channels, distributors and system
integrators acting as local partners
Member of Broadband Forum and Open Mobile Alliance
Offices in Israel, USA, Colombia and Ukraine
5. Friendly Technologies at a Glance
Friendly Technologies is a winner of
Frost & Sullivan’s 2015 Best Practices Award
for the Best Customer Value in
Unified Device & Smart Home Management
6. Friendly Technologies Line of Products
www.friendly-tech.com
6
Device Management
TR-069, OMA-DM & SNMP device
management to streamline the support of Data,
VoIP and IPTV services.
Smart Home Management
Open platform for full Smart Home
management.The solution includes
management server and white label Smart
Home mobile app for increased ARPU.
Internet ofThings
Friendly's Internet ofThings/M2M product line
is a white-label device management platform
for Utilities, Health Care, Industrial M2M,
Transportation & Smart City verticals. Friendly
offers both management server and embedded
clients.
4G LTE & WiMAX Device Management
TR-069 and OMA-DM device management to
accelerate the deployment and support of
fixed and mobile devices for the LTE world.
QoE Monitoring
Advanced QoE monitoring and analysis of
Data,VoIP & IPTV services from the
subscriber’s end.
OMA-DM Mobile Device Management
OMA-DM based mobile device management
targeted to xSPs and enterprise for managing
and supporting mobile devices including
BYOD.The solution includes also an OMA-DM
client for the BYOD market.
7. The Solution
www.friendly-tech.com
7
Multi-Tenant Hosted / Cloud ACS solution
Robust and scalable at all modules and features level
Modularity and easy per -tenant adaptations and management
Separation of management / monitoring and provisioning tasks
Separation and easy adaptation of tenant Northbound API towards back office
applications
9. Friendly Technologies Architecture
www.friendly-tech.com
9
ISP/Tenant A ISP/Tenant BRG/IAD / Routers
/STB/IP Phones/ Smart
Phones/ Femto / MiFi /
USB Dongle / M2M/
Android Devices
RG/IAD / Routers
/STB/IP Phones/ Smart
Phones/ Femto / MiFi /
USB Dongle / M2M/
Android Devices
Each tenant has a full-featured portfolio with a total separation
10. Association Methods
www.friendly-tech.com
10
Association via Device ACS username
Association via Domain suffix towards
“location” user info field at ACS
Database can be performedVIA API
calls
Secured isolation between Domains
Multi-level operator’s rights within
each tenant
Device-to-tenant & Device-to-operator
11. Individual User Adaption of Views
www.friendly-tech.com
11
In Call Center Portal
Per-tenant &
per- username
and level display
settings
Adaptation of
information element
box location,
contents and
technical depth
12. Individual Tenant & User Level
www.friendly-tech.com
12
Activity and Log Action Reports
13. ACS Security Aspects
www.friendly-tech.com
13
The Broadband Forum designed theTR-069 security model to provide a high
degree of security in the interactions that use it.
The CPE WAN Management Protocol is designed to prevent tampering with the
transactions that take place between a CPE and ACS, provide confidentiality for
these transactions, and allow various levels of authentication.
The protocol includes additional security mechanisms associated with the
optional Signed Voucher mechanism and the Signed Package Format, described
in Annex C and Annex E, respectively.
General
14. Security Highlights of ACS Transactions
www.friendly-tech.com
14
WAN- Internet
or ISP VPN domain
HTTP/
HTTPSHTTP
TR-069 Device TR-069 Device
ACS Server
SSL Offload Device
(recommended)
If the ACS URL has been
specified as an HTTPS URL,
the CPE MUST establish
connections to the ACS using
SSL/TLS
Support for CPE authentication
using client-side certificate is
OPTIONAL for both the CPE
and ACS. Such client-side
certificate MUST be signed by
an appropriate chain
The “host” portion of the ACS
URL is used by the CPE for
validating the certificate from
the ACS when using certificate-
based authentication
https://acs.friendly-
tech.com:8080/ftacs-digest/ACS
https://acs.friendly-
tech.com:8080/ftacs-basic/ACS
https://acs.friendly-
tech.com:8080/ftacs-digest/ACS
15. ACS to Southbound and Northbound Security
www.friendly-tech.com
15
WAN- Internet
or ISP VPN domain
TR-069 Device
HTTP/HTTPS security +
specific URL domain +
SSL/TLS options and
additional certificate
security options
Secured firewalled
(application and ports
ACL) and user
privileged activity lists
OSS/BSS/CRM
and web servers
Admins/CSR
users
Authentication of
ACS devices +
ACS server side
certificate
options/white-
black list filters
ACS Server
WAN corporate firewall-
specific domain/protocol/
port protection
External
storage
devices
16. Friendly’s Extensive Security Measures
www.friendly-tech.com
16
Friendly has introduced the following additional security enhancements to cover the
main vulnerabilities stated bellow.These are explained in more detail in “Friendly’s
TR69 security aspects” document.
SECURITY ZONES
ACS WS authentication
NBIWS obscured
DB connection details encrypted
Users Management
PathTraversalVulnerability
Cross Site Scripting Vulnerability
Unprotected Management Interface
Vulnerability
Insecure HTTP MethodsVulnerability
Insufficient Anti-Automation Vulnerability
Information Leak Vulnerability
17. Why Us?
www.friendly-tech.com
17
Software solution developer, serving Carrier and xSP market since 1997
The most installed Unified Device Management Solution in the world
Carrier-class, scalable solution to manage millions of devices
Feature-rich solution to support Any Device on Any Network over Any
Protocol
Unique “Smart Layer”Technology - automated integration and management
of any types of devices without a need for manual intervention.
Fastest and easiest installation and deployment –minimum professional
services required
We Are Friendly! Friendly to deploy, integrate, use (Friendly GUI) and receive
professional support from
Our Call Center Portal is known to be the #1 solution in the world for dramatic
reduction of operational costs ( up to 70%).
19. ThankYou forYourTime!
Start
The IoT & Device Management Company
Smart Home
Open Platform
Internet of Things/M2M
Management
Device Management
for Fixed & Mobile
Notas do Editor
READ PLEASE!
Before you open this template be sure that you have installed these fonts:
OpenSans-Light.ttf, OpenSans-Semibold.ttf and OpenSans-Extrabold.ttf from: http://www.fontsquirrel.com/fonts/open-sans
All fonts are free for use in commercial projects!
If you have any problems with this presentation, please contact with me from this page: http://graphicriver.net/user/Bandidos?ref=bandidos
In this slide there is a background placeholder. Click to the small icon on the center of the slide and choose an image from computer. When add an image, you must sent it to back with Right Click on Image -> Send to Back -> Send to Back.