All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise)...
-
date post
18-Dec-2015 -
Category
Documents
-
view
216 -
download
1
Transcript of All rights reserved © 2005, Alcatel Enhanced Security situational Awareness for (Enterprise)...
All rights reserved © 2005, Alcatel
Enhanced Security situational Awareness for (Enterprise) networks
Bertrand Marquet / François Cosquer Alcatel
Page 2
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Agenda
The security challenge
Situational awareness by Security Assurance measurement
How can security assurance be measured
Addressing complexity
Illustrations
Conclusion / questions
Page 3
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Security challenge
Deploying new technologies, businesses are faced with challenge of :Reducing possible associated risks With increasing productivity based on confidence in current
security functions deployed
Security Assurance = confidence / (residual) risks
Risks
Confidence in counter measures
Manage it in an acceptable range (ratio cost/loss)
Cost too high
Loss too high
Page 4
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Situational awareness by security assurance measurement
Assurance Measurement is characterized by : Effectiveness of the security countermeasure
versus Likelihood of a risk occurrence
Security Assurance = confidence / (residual) risks
Risks
Confidence in counter measures
Measurement
Cost too high
loss too high
Effectiveness
Likelihood
Page 5
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
How can assurance be measured ?
Mainly, using two systems, sometimes combined,
Intrusion Detection System Measure lack of effectiveness of security function Generate too much (security) noise
Vulnerability assessment / patch management Measure likelihood of an potential vector of risk based on
combination of several thousands identified vulnerabilities Scalability challenging
Main challenge is to address complexity Main challenge is to address complexity
Page 6
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Addressing complexity (1/2): Concepts
Ability to assure in operation = F (1/Complexity)
Reduce the complexity to measure the assurance
Reduce the complexity to measure the assurance
Selection of points of measurement of the assurance
Selection of points of measurement of the assurance
Page 7
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Addressing complexity (2/2): One implementation
Reduce selectively the complexity to measure the assurance Reduce selectively the complexity to measure the assurance
Phase 2 Deploy and Calibrate intelligent “probes” Phase 2 Deploy and Calibrate intelligent “probes”
Phase 2 Provide (near) real time associated indicators Phase 2 Provide (near) real time associated indicators
During operation (require light process)
Phase 1 Spot top 10(-20) “problems” in the topology Phase 1 Spot top 10(-20) “problems” in the topology
Before operation (compatible with heavy process)
All rights reserved © 2005, Alcatel
(Simplified) Illustration
Wireless / Mobile
Page 9
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Risk / Topology
basestation
fixed
nomadic
accesscontroller
NMS
billingsystem
IP Backbone
WiMAX
Internet
fixed
nomadicWiFi
Access Points
AAA server
mobile
SIP phone
accesscontroller
Fixed
Threat level High Medium
Low
Page 10
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Low level of security assurance
basestation
fixed
nomadic
accesscontroller
NMS
billingsystem
Gateway
IP Backbone
WiMAX
Internet
fixed
nomadicWiFi
Access Points
AAA server
mobile
SIP phone
accesscontroller
Fixed
Assurance Level High = A+B+C Medium = A +B
Low = A
A
A
A
Page 11
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Increased level of assurance + SOX
basestation
fixed
nomadic
accesscontroller
NMS
billingsystem
Gateway
IP Backbone
WiMAX
Internet
fixed
nomadicWiFi
Access Points
AAA server
mobile
SIP phone
accesscontroller
Fixed
Assurance Level High = A+B+C Medium = A +B
Low = ARegulation specific = R
B
A
A
A BB
B
R
Page 12
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Security assurance topology
B
A
A
A BB
R
B
A
A
A
Metric-Successful / failed auths
CalibrationStatistics
Metric
CalibrationMetric
Calibration
Low assurance Higher assurance
All rights reserved © 2005, Alcatel
Conclusion
Page 14
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Conclusion
Security assurance as, a confidence factor, needs to be measured when securing (enterprise) network Complexity of data and voice networks is a major obstacle to measure the security assurance We are working on complementary approaches to guaranty effective security in order to protect
Intellectual property (Confidentiality, Integrity) Continuity of business (Availability)But also, Justify security (investments) Provide proofs (Regulation/law compliance)
Alcatel has initiated and is involved in several research projects to address those topics
Funded Canadian Defense project Funded European Consortium
All rights reserved © 2005, Alcatel
Page 16
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Security
Reducing risks to an Enterprise Network
“Strategic, Technical” Protection of the intellectual property of the enterprise Business continuity
“Legal” Regulation and legal compliance
Page 17
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Countermeasures (1/2)
Giving countermeasures of potential threats to assets of the
enterprise
Incidentals Deliberate Internal/external
Necessary (mandatory) response for regulations compliance
SOX, GLBA HIPAA, More to come ….
Page 18
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Countermeasures (2/2)
Protection mechanisms deployed to guaranty fundamental properties:
Confidentiality, Integrity, Availability.
Of data flows through diverse and combined types of measures
Preventive, Detective, Reactive.
Page 19
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Losses vs. costs
Manage it in an acceptable
range Situational awareness
Security assurance
$
“ security level”
Riskcosts
Risk losses
Risk losses +
costs
Page 20
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Phase 1 “Security Reduced” topology
One solution is Topology overlay to spot most critical devices, based on vulnerabilities research So the reduced topology become the top 10-20 critical devices or functions Heavy process as a decision support not operation
Regulations explicitly describe point of measurement Traceability from requirements Assurance required on the identified security enforcing component
Page 21
All rights reserved © 2005, AlcatelToronto, May 19th, 2005
Phase 2:
Challenges: Define MetricsHeavy process results can be used
to validate metrics and calibrate measurement To limit false positive / retroaction
Visualization with simple indicatorsAssociation of security Assurance level
Increase/decrease the requested level of assurance– Change metrics of indicators– Increase/decrease the numbers of indicators