Date post: | 29-May-2018 |
Category: |
Documents |
Upload: | djadja-sardjana |
View: | 213 times |
Download: | 0 times |
of 24
8/9/2019 Bapinger Network Security-07Dec09
1/24
WIRELESS SECURITY LECTURE
1Bapinger Solution: Wireless Security
Djadja Sardjana
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
2/24
AGENDA :
Introduction :
2Bapinger Solution: Wireless Security
Network Security Definition
Virus, Worm, Trojan andIntrusion Attack
Bapinger Wireless SecuritySolutions
Conclusion
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
3/24
INTRODUCTION : NETWORK SECURITY DEFINITION VIRUS, WORM, TROJAN AND INTRUSION ATTACK
3Bapinger Solution: Wireless Security
Bapinger Solution,
Djadja Achmad S
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
4/24
NETWORK SECURITY
DEFINITION
1. The protection of networks and their services from unauthorized
modification, destruction, or disclosure. Network security provides
4Bapinger Solution: Wireless Security
and there are no harmful side effects. (US Army Information
Assurance Security Officer (IASO) /
http://ia.gordon.army.mil/iaso/default.htm)
2. Computer security is the effort to create a secure computingplatform, designed so that agents (users or programs) can onlyperform actions that have been allowed. This involves specifyingand implementing a security policy. The actions in question can be
, .
Computer security can be seen as a subfield of securityengineering, which looks at broader security issues in addition tocomputer security.(Wikipedia / en.wikipedia.org/wiki/Network_security)
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
5/24
TELECOMMUNICATION
NETWORK SECURITY
Quote from Houlin Zhao, Director of the Telecom
5Bapinger Solution: Wireless Security
,
All businesses face pressure to increase revenue andreduce costs. And in the face of this pressure, security isoften sidelined as non-essential. But investment in
security is money in the bank. And investment in themaking of security standards means that manufacturersand service providers can be sure that their needs and
(http://www.itu.int/ITU-T/lighthouse/articles/ecta-2004.html)
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
6/24
VIRUS, WORM, TROJAN
AND INTRUSION ATTACK
What is a virus?
A computer virus, according to Webster's Collegiate Dictionary, is"
6Bapinger Solution: Wireless Security
innocuous program that produces copies of itself and inserts theminto other programs or files, and that usually performs a maliciousaction (such as destroying data)".
Two categories of viruses:
- macro viruses
- worms
Computer viruses are never naturally occurring; they are alwaysman-made. Once created and released, however, their spread isnot directly under human control.
(Indiana University Knowledge Base / http://kb.iu.edu/data/aehm.html )
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
7/24
VIRUS, WORM, TROJAN
AND INTRUSION ATTACK
What is a Trojan horse?
Named after the wooden horse the
7Bapinger Solution: Wireless Security
ree s use o n ra e roy. ccor ngto some people, a virus is a particularcase of a Trojan horse, namely one whichis able to spread to other programs (i.e.,it turns them into Trojans too). According
to others, a virus that does not do anydeliberate damage (other than merelyreplicating) is not a Trojan. Finally,despite the definitions, many people usethe term Trojan to refer only to a non-replicating malicious program.
(Indiana University Knowledge Base /http://kb.iu.edu/data/aehm.html )
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
8/24
VIRUS, WORM, TROJAN
AND INTRUSION ATTACK
What is a Intrusion Attack?
The willful or negligent unauthorizedactivity that affects the availability,
8Bapinger Solution: Wireless Security
confidentiality, or integrity of computerresources. Computer abuse includesfraud, embezzlement, theft, maliciousdamage, unauthorized use, denial ofservice, and misappropriation.
Operations to disrupt, deny, degrade,or destroy information resident incomputers and computer networks, or thecomputers an networ s t emse ves.(DODD S-3600.1 of 9 Dec 96)
(Texas State Library Home Page / http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html)
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
9/24
BAPINGER WIRELESSSECURITY SOLUTIONS
9Bapinger Solution: Wireless Security
PORTFOLIOS
Djadja Achmad S
7-Dec-09
8/9/2019 Bapinger Network Security-07Dec09
10/24
Business Position10
PracticeAreas
Key
Network Support Optimization Operations
Planning & Design Install & Comm Network Integration
GAMA(ServicesDevelopment
Managed OperationsServices
Seamless Mobilitya n enance
NetworkManagement
Security Training
rogram
Management
an e very
Platform) Hosted Services Content
Management IMS/non-IMS
Revenue Based
Applications
anagemen
Managed SecurityServices
Project and OutsourceManagement Services
Total Network Care
7-Dec-09Bapinger Solution: Wireless Security
8/9/2019 Bapinger Network Security-07Dec09
11/24
Future Growth is in IP Based Services
1.8
Billions ofSubscribers
11
IP Services: VoIP
PoC, Push-to-View
SMS & IM
Music
Gaming
Presence
Location Based Srvs
Multimedia Messaging
Video Streaming
0.4
0.60.8
1
1.2
1.4
.
IP Enabled
Circuit Only
Srvs
2002 2003 2004 2005 2006 2007 2008
Source: IMS Research
Market is moving towards IP enabled service
0
.
7-Dec-09Bapinger Solution: Wireless Security
8/9/2019 Bapinger Network Security-07Dec09
12/24
GROWTH IN DATA SERVICES
92.011
100.000
Worldwide WirelessOperator Data Revenue ($M)
12.978
20.311
34.117
51.897
71.272
20.000
40.000
60.000
80.000
Total
SMS
Rich Data
MMS
Introduce new applications and servicesconsistently and securely while optimizing
total cost of ownership, time-to-revenue
and delivery of compelling newapplications
0
2003 2004 2005 2006 2007 2008 Source:MOT est.
8/9/2019 Bapinger Network Security-07Dec09
13/24
OPERATOR FOCUS / CONCERNS
Planning & Strategy
Enterprise customers recognize security asdifferentiator
13
Security into Operations How do I structure m securit or anization?
Concerned about migration to open, IP-basednetwork Impact of government regulations and requirements How do we improve security while controlling costs?
ocu
Need to coordinate multiple organizations, no standards
We need a security baseline to develop a plan
Were concerned about virus activity
How to define and split security domains, what to protect?
Potential vulnerabilities from the roaming environment
oncern
7-Dec-09Bapinger Solution: Wireless Security
SECURITY ALREADY AFFECTING
8/9/2019 Bapinger Network Security-07Dec09
14/24
Number of Internet Security Incidents ReportedTotal 183 Million Reported Security Incidents
82.1
70
80
90
($000's)
Attacks Are: Occurring More Frequently
SECURITY ALREADY AFFECTING
WIRELESS CARRIERS14
Cost of Computer Crime & Security Losses
Total Losses Reported (1997-2002): $1.43B$425450
Downtime Impact/Revenue Per Hour
$2,000
$2,500
$3,000
($000's)
0.1 0.3
0.4 0.8 1.3 2.3 2.4
2.6
2.1 3.79.9
21.8
52.7
0
10
20
30
40
50
60
88 89 90 91 92 93 94 95 96 97 98 99 00 01 02
Disruptive And Costly
Impacting Operators As Data Usage Grows
Source: CSI/FBI Survey
0
50
1997 1998 1999 2000 2001 2002E
$100$137
$124
$265
$378
150
200
250
300350
400
100
$-
$500
$1,000
$1,500
Energy Telecom MFG Financial InfoTech
Insurance Retail
Source: Meta Group
7-Dec-09Bapinger Solution: Wireless Security
8/9/2019 Bapinger Network Security-07Dec09
15/24
300
FASTER CYCLES:Time From Vulnerability To Attack
100
150
200
250
until widespread attack in 1999
Now onl 10 da s!!!
0
1999 2000 2001 2002 2003 2004
Foundstone Data
Vulnerability Management Capability is Baseline Requirement
8/9/2019 Bapinger Network Security-07Dec09
16/24
OPERATORS DILEMMA
Operators Know TheImportance Of Security
Significant Barriers to Improving Network Security
Cost of Products/tools
Determining NW Security Requirements
16
Staff Turnover
Staff Training
Other projects
Lack of Experienced staff
Justify Cost/Benefit to Mgmt
Lack of Products/Tools
Importance of Improving
Network Security
Very Important75%
Source: IDC, Lucent Network Security Survey
But Seeking Assistance
On How To Address It
0% 10% 20% 30% 40% 50% 60%
Somewhat
Important
19%
Not So
Important
6%
7-Dec-09Bapinger Solution: Wireless Security
8/9/2019 Bapinger Network Security-07Dec09
17/24
Enabling Revenue17
Comprehensive Security Program
Provides Market Differentiation7-Dec-09Bapinger Solution: Wireless Security
THE CHALLENGE WIRELESS
8/9/2019 Bapinger Network Security-07Dec09
18/24
THE CHALLENGE WIRELESS
OPERATORS Rapidly Expanding Operations
Subscriber Base; Coverage; Revenue-Generating Services
Operations in Multiple Markets
Multiple operations
Varied policy and processes
Management Realization
Minimal understanding of security capability
Lack comprehensive vulnerability data
Suspected breeches, reactive approach
Security Purchases/Effort Integration
THE CHALLENGE WIRELESS
8/9/2019 Bapinger Network Security-07Dec09
19/24
THE CHALLENGE WIRELESS
OPERATORS Vulnerabilities & Issues
Quantity Varies with Size of Network
From 200 to over 1000 issues identified High + Medium Risk = 30% to 70% of issues
Multiple Sources of Issues
Policy Few Policies, Low/No Framework or PolicyManagement
Process Security updates, monitoring of network
Operations Lack of metrics and vulnerability data orremediation programs
asswor anagemen as y crac e passwor s, s are or no
passwords Funding Prioritization, requisite skills or resource investment
But.
Operational Awareness of Need
Small contingent usually working to improve Project based, slow evolution of management support, want
ability to focus
THE CHALLENGE WIRELESS
8/9/2019 Bapinger Network Security-07Dec09
20/24
THE CHALLENGE WIRELESS
OPERATORS
Examples
Charging Gateway Vulnerabilities
High + Medium Risk = up to 53% of issues on these elements DNS Servers vulnerabilities
High + Medium Risk = up to 32% of issues on these elements
DNS Cache poisoning, flooding from mobile devices
Firewall Vulnerabilities
High + Medium Risk = up to 65% of issues on these elements
GTP-aware capability available but not configured
FTP Servers
sites
Lack of Defense-in-Depth
Internal network with unrestricted protocol and service access
Spoofed source address from GRX into network, Remove GTP tunnels
Inject routing changes, Ability to leverage access across network
Undocumented Network Elements
Not documented = not managed. Unrestricted access, potential impact to availability
THE CHALLENGE WIRELESS
8/9/2019 Bapinger Network Security-07Dec09
21/24
THE CHALLENGE WIRELESS
OPERATORS Examples
Test Systems: Higher level of vulnerabilities
But unrestricted access to production network Additional threat vector; Ability to bypass firewall protection
Network Management Systems
Access to broad range of network elements
Comprehensive policy for access and management not evident
Secure communication not addressed
Policy Passwords, Access controls
Managing, c anging, ogging, istri ution & storage proce ures require
Incomplete password management policy and/or not enforced
Easily cracked passwords
Access rights - Lack consistent procedure to update, review as roles/personnel change
Policy Audits
Baseline vulnerability data unavailable, lack of remediation plan or process
8/9/2019 Bapinger Network Security-07Dec09
22/24
BAPINGER NETWORK SECURITYLECTURECONCLUSION
22Bapinger Solution: Wireless Security
Djadja Achmad S
7-Dec-09
23B i S l ti Wi l S it
8/9/2019 Bapinger Network Security-07Dec09
23/24
CONCLUSION :
1. The successful operation of todays communicationsnetworks demands that many disparate systems andapplications can talk to each other. Its no wonder there
23Bapinger Solution: Wireless Security
are a ew oop o es a ma e vu nera y on enetworks.2. In recent years the most obvious threat to computer
systems has come from viruses. These attacks can usuallybe traced to exploitation of one of a small number ofsecurity flaws.
3. Insider attacks are almost certainly more common andhave the potential to be much more damaging.
.
date with the latest security patches and users are awareof some simple security rules will thwart the majority ofthese attacks.
7-Dec-09
24B i S l ti Wi l S it
8/9/2019 Bapinger Network Security-07Dec09
24/24
24Bapinger Solution: Wireless Security
THANK YOU
Bapinger Solution,
Djadja Achmad S
7-Dec-09