• Save
Bapinger Network Security
Upcoming SlideShare
Loading in...5
×
 

Bapinger Network Security

on

  • 1,044 views

Bapinger Network Security

Bapinger Network Security

Statistics

Views

Total Views
1,044
Views on SlideShare
960
Embed Views
84

Actions

Likes
1
Downloads
0
Comments
0

5 Embeds 84

http://telematikapedesaan.wordpress.com 61
http://djadja.wordpress.com 18
http://www.slideshare.net 2
http://pendidikpembebas.wordpress.com 2
http://telematikapembebas.wordpress.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Bapinger Network Security Bapinger Network Security Presentation Transcript

  • Bapinger Solution: Wireless Security 1 WIRELESS SECURITY LECTURE Djadja Sardjana djadja@bapinger.web.id 7-Dec-09
  • Bapinger Solution: Wireless Security 2 AGENDA : Introduction : Network Security Definition Virus, Worm, Trojan and Intrusion Attack Bapinger Wireless Security Solutions Conclusion 7-Dec-09
  • Bapinger Solution: Wireless Security 3 INTRODUCTION : NETWORK SECURITY DEFINITION VIRUS, WORM, TROJAN AND INTRUSION ATTACK Bapinger Solution, Djadja Achmad S 7-Dec-09
  • NETWORK SECURITY Bapinger Solution: Wireless Security 4 DEFINITION 1. The protection of networks and their services from unauthorized modification, destruction, or disclosure. Network security provides for assurance that a network performs its critical functions correctly and there are no harmful side effects. (US Army Information Assurance Security Officer (IASO) / http://ia.gordon.army.mil/iaso/default.htm) 2. Computer security is the effort to create a secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed. This involves specifying and implementing a security policy. The actions in question can be reduced to operations of access, modification and deletion. Computer security can be seen as a subfield of security engineering, which looks at broader security issues in addition to computer security. (Wikipedia / en.wikipedia.org/wiki/Network_security) 7-Dec-09
  • Bapinger Solution: Wireless Security 5 TELECOMMUNICATION NETWORK SECURITY Quote from Houlin Zhao, Director of the Telecom Standardization Bureau, ITU : “All businesses face pressure to increase revenue and reduce costs. And in the face of this pressure, security is often sidelined as non-essential. But investment in security is money in the bank. And investment in the making of security standards means that manufacturers and service providers can be sure that their needs and views are taken into account. “ (http://www.itu.int/ITU-T/lighthouse/articles/ecta- 2004.html) 7-Dec-09
  • VIRUS, WORM, TROJAN Bapinger Solution: Wireless Security 6 AND INTRUSION ATTACK What is a virus? A computer virus, according to Webster's Collegiate Dictionary, is "a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying data)". Two categories of viruses: - macro viruses - worms Computer viruses are never naturally occurring; they are always man-made. Once created and released, however, their spread is not directly under human control. (Indiana University Knowledge Base / http://kb.iu.edu/data/aehm.html ) 7-Dec-09
  • VIRUS, WORM, TROJAN Bapinger Solution: Wireless Security 7 AND INTRUSION ATTACK What is a Trojan horse? Named after the wooden horse the Greeks used to infiltrate Troy. According to some people, a virus is a particular case of a Trojan horse, namely one which is able to spread to other programs (i.e., it turns them into Trojans too). According to others, a virus that does not do any deliberate damage (other than merely replicating) is not a Trojan. Finally, despite the definitions, many people use the term "Trojan" to refer only to a non- replicating malicious program. (Indiana University Knowledge Base / http://kb.iu.edu/data/aehm.html ) 7-Dec-09
  • VIRUS, WORM, TROJAN Bapinger Solution: Wireless Security 8 AND INTRUSION ATTACK What is a Intrusion Attack? The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation. Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96) (Texas State Library Home Page / http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html ) 7-Dec-09
  • Bapinger Solution: Wireless Security 9 BAPINGER WIRELESS SECURITY SOLUTIONS PORTFOLIOS Bapinger Solution, Djadja Achmad S 7-Dec-09
  • Business Position 10 Practice Areas • Network Support • Planning & Design • GAMA • Managed Operations • Optimization • Install & Comm (Services Services Key • Operations • Network Integration Development • Seamless Mobility Elements & Maintenance • Program and Delivery Management • Network Management Platform) • Managed Security Management • Hosted Services Services • Content • Project and Outsource •Security Management Management Services • Training • IMS/non-IMS Revenue Based “Total Network Care” Applications Bapinger Solution: Wireless Security 7-Dec-09
  • Future Growth is in IP Based Services 11 Billions of Subscribers 1.8 1.6 IP Services: VoIP 1.4 IP Enabled PoC, Push-to-View 1.2 SMS & IM 1 Music Gaming 0.8 Presence Location Based Srvs 0.6 Multimedia Messaging 0.4 Circuit Only Video Streaming 0.2 Converged Voice Srvs 0 2002 2003 2004 2005 2006 2007 2008 Source: IMS Research Market is moving towards IP enabled service Bapinger Solution: Wireless Security 7-Dec-09
  • GROWTH IN DATA SERVICES Worldwide Wireless Operator Data Revenue ($M) 100.000 92.011 80.000 71.272 60.000 51.897 Total SMS Rich Data 34.117 MMS 40.000 20.311 20.000 12.978 0 Source: 2003 2004 2005 2006 2007 2008 MOT est. Introduce new applications and services consistently and securely while optimizing total cost of ownership, time-to-revenue and delivery of compelling new applications
  • OPERATOR FOCUS / CONCERNS 13 Planning & Strategy Enterprise customers recognize security as differentiator Focus Concerned about migration to open, IP-based network Impact of government regulations and requirements How do we improve security while controlling costs? Security into Operations How do I structure my security organization? Concerns Need to coordinate multiple organizations, no standards We need a security baseline to develop a plan We’re concerned about virus activity How to define and split security domains, what to protect? Potential vulnerabilities from the roaming environment Bapinger Solution: Wireless Security 7-Dec-09
  • SECURITY – ALREADY AFFECTING WIRELESS CARRIERS 14 Total 183 Million Reported Security Incidents Number of Internet Security Incidents Reported Attacks Are: 90 80 82.1 ($000's) ► Occurring More Frequently 70 ► Disruptive And Costly 60 52.7 50 ► Impacting Operators As Data Usage Grows 40 30 21.8 20 9.9 10 0.1 0. 0.4 0.8 1.3 2.3 2. 2. 2.1 3.7 0 3 4 6 Downtime Impact/Revenue Per Hour 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 ($000's) $3,000 Cost of Computer Crime & Security Losses $2,500 Total Losses Reported (1997-2002): $1.43B $2,000 450 $425 400 $378 $1,500 350 $1,000 300 $265 $500 250 200 $- $137 150 $124 Energy Telecom MFG Financial Info Insurance Retail $100 Tech 100 Source: Meta Group 50 0 1997 1998 1999 2000 2001 2002E Source: CSI/FBI Survey Bapinger Solution: Wireless Security 7-Dec-09
  • FASTER CYCLES: Time From Vulnerability To Attack 300 250 300 days from known vulnerability until widespread attack in 1999… 200 150 100 50 Now only 10 days!!! 0 1999 2000 2001 2002 2003 2004 Foundstone Data Vulnerability Management Capability is Baseline Requirement
  • OPERATOR’S DILEMMA 16 Significant Barriers to Improving Network Security Determining NW Security Requirements Operators Know The Importance Of Security… Cost of Products/tools Lack of Experienced staff Justify Cost/Benefit to Mgmt Importance of Improving Network Security Other projects Very Important Staff Training 75% Lack of Products/Tools Staff Turnover 0% 10% 20% 30% 40% 50% 60% Not So Somewhat Important Important 6% 19% …But Seeking Assistance On How To Address It Source: IDC, Lucent Network Security Survey Bapinger Solution: Wireless Security 7-Dec-09
  • Enabling Revenue 17 Comprehensive Security Program Provides Market Differentiation Bapinger Solution: Wireless Security 7-Dec-09
  • THE CHALLENGE – WIRELESS OPERATORS Rapidly Expanding Operations Subscriber Base; Coverage; Revenue-Generating Services Operations in Multiple Markets Multiple operations Varied policy and processes Management Realization Growing awareness of need Minimal understanding of security capability Lack comprehensive vulnerability data Suspected breeches, reactive approach Security Purchases/Effort Integration
  • THE CHALLENGE – WIRELESS OPERATORS Vulnerabilities & Issues Quantity Varies with Size of Network From 200 to over 1000 issues identified High + Medium Risk = 30% to 70% of issues Multiple Sources of Issues Policy – Few Policies, Low/No Framework or Policy Management Process – Security updates, monitoring of network Operations – Lack of metrics and vulnerability data or remediation programs Password Management – Easily cracked passwords, shared or no passwords Funding – Prioritization, requisite skills or resource investment But…. Operational Awareness of Need Small contingent usually working to improve Project based, slow evolution of management support, want ability to focus
  • THE CHALLENGE – WIRELESS OPERATORS Examples Charging Gateway Vulnerabilities High + Medium Risk = up to 53% of issues on these elements DNS Servers vulnerabilities High + Medium Risk = up to 32% of issues on these elements DNS Cache poisoning, flooding from mobile devices Firewall Vulnerabilities High + Medium Risk = up to 65% of issues on these elements GTP-aware capability available but not configured FTP Servers Known vulnerabilities with potential for DoS attacks; establish Superuser permissions; control FTP sites Lack of Defense-in-Depth Internal network with unrestricted protocol and service access Spoofed source address from GRX into network, Remove GTP tunnels Inject routing changes, Ability to leverage access across network Undocumented Network Elements Not documented = not managed. Unrestricted access, potential impact to availability
  • THE CHALLENGE – WIRELESS OPERATORS Examples Test Systems: Higher level of vulnerabilities But unrestricted access to production network Additional threat vector; Ability to bypass firewall protection Network Management Systems Access to broad range of network elements Comprehensive policy for access and management not evident Secure communication not addressed Policy – Passwords, Access controls Managing, changing, logging, distribution & storage procedures required Incomplete password management policy and/or not enforced Easily cracked passwords Access rights - Lack consistent procedure to update, review as roles/personnel change Policy – Audits Baseline vulnerability data unavailable, lack of remediation plan or process
  • Bapinger Solution: Wireless Security 22 BAPINGER NETWORK SECURITY LECTURE CONCLUSION Bapinger Solution, Djadja Achmad S 7-Dec-09
  • CONCLUSION : Bapinger Solution: Wireless Security 23 1. The successful operation of today’s communications networks demands that many disparate systems and applications can talk to each other. It’s no wonder there are a few loopholes that make vulnerability on the networks. 2. In recent years the most obvious threat to computer systems has come from viruses. These attacks can usually be traced to exploitation of one of a small number of security flaws. 3. Insider attacks are almost certainly more common and have the potential to be much more damaging. 4. A simple policy of ensuring that all systems are kept up to date with the latest security patches and users are aware of some simple security rules will thwart the majority of these attacks. 7-Dec-09
  • Bapinger Solution: Wireless Security 24 THANK YOU Bapinger Solution, Djadja Achmad S 7-Dec-09