Building a chain of trust from the device to the cloud
- Strong trust establishment between virtual functions
- Virtualized network slicing security from the core to the mobile edge
- Device level isolation and security segmentation
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
The FortiGate 1500D series delivers high-performance next-generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybrid data center core, and across internal segments. The FortiGate 1500D Firewall is a compact, Network Security Appliance ideal for use as both a Next-Generation Firewall and High-Performance Data Center Firewall at the Enterprise Edge. It delivers up to 80 Gbps firewall throughput and ultra-low latency as well as 11 Gbps next-generation threat protection and control over more than 3000 discrete applications
The document discusses holistic nuclear security as an international challenge and provides an overview of Thales' expertise in this area. It summarizes Thales' work in supporting the UK's nuclear power fleet through systems like DPCS and APMS. It also describes Thales' deployable communications capability for emergency response situations. The document emphasizes that security threats must be addressed through an integrated, holistic approach across physical, cyber, personnel and operational domains. It outlines benefits of such an approach such as improved efficiency, safety and resilience.
Isf 2015 continuous diagnostics monitoring may 2015abhi75
Northrop Grumman presented on applying continuous monitoring and cyber best practices to the Texas Cybersecurity Framework. They discussed features of a proposed dynamic cyber dashboard for Texas that would provide interactive visual analytics on security controls, vulnerabilities, threats and compliance. The dashboard would use advanced analytics, predictive modeling and a quality of protection metric to continuously measure cyber risk.
Broadband Wireless Access (BWA) has been serving enterprises and operators for years, to the great satisfaction of its users. However, the new IP-based standard developed by the IEEE 802.16 is likely to accelerate adoption of the technology. It will expand the scope of usage thanks to: the possibility of operating in licensed and unlicensed frequency bands,
unique performance under Non-Line-of-Sight (NLOS) conditions, Quality of Service (QoS) awareness, extension to nomadicity, and more. In parallel, the WiMAX forum, backed by industry leaders, will encourage the widespread adoption of broadband wireless access by establishing a brand for the technology and pushing interoperability between products.
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
Secure Your Azure Cloud Deployments with VNS3 Overlay Networks
Cohesive Networks CEO Patrick Kerpan and CTO Chris Swan present VNS3 overlay networking to help Microsoft Azure customers and partners better secure cloud deployments in this webinar from Microsoft Azure.
Learn how adding an overlay network to your Microsoft Azure cloud environment can boost security and connectivity. As your cloud environment grows with your business, your network becomes more important and complex.
An overlay network, a software-only network over the top of existing Azure cloud resources, can add controls for enhanced encryption, monitoring, interoperability, and connectivity.
You can create and manage your overlay network using VNS3 from Cohesive Networks. VNS3 is a customizable, layer 4 - 7 virtual networking device you can control to better manage and secure your Azure networks. Connect regions into one logical network, connect directly to customers or partners using secure IPsec tunnels, and ensure encryption for your network components to meeting industry regulations like HIPAA, PCI, or FIPS.
VNS3 even lets you connect your Azure subnets into other cloud providers’ availability zones for truly hybrird cloud flexibility. Join Cohesive Networks CEO and CTO for an in-depth look at overlay networks in Azure, along with real-life demos of our most popular use cases.
Webinos provides an open source platform for running applications across multiple devices. It uses open standards like HTML5, JavaScript, and JSON-RPC. The Webinos architecture supports a personal zone concept using a Personal Zone Hub (PZH) and Personal Zone Proxies (PZP) that allow devices and services to be discovered and shared securely between a user's devices using permissioning and PKI. The Webinos private cloud connects all a user's devices and services through open standards to form a secure virtual network. Example applications described include file sharing, emergency notifications, music sharing, and IOT applications.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
The FortiGate 1500D series delivers high-performance next-generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybrid data center core, and across internal segments. The FortiGate 1500D Firewall is a compact, Network Security Appliance ideal for use as both a Next-Generation Firewall and High-Performance Data Center Firewall at the Enterprise Edge. It delivers up to 80 Gbps firewall throughput and ultra-low latency as well as 11 Gbps next-generation threat protection and control over more than 3000 discrete applications
The document discusses holistic nuclear security as an international challenge and provides an overview of Thales' expertise in this area. It summarizes Thales' work in supporting the UK's nuclear power fleet through systems like DPCS and APMS. It also describes Thales' deployable communications capability for emergency response situations. The document emphasizes that security threats must be addressed through an integrated, holistic approach across physical, cyber, personnel and operational domains. It outlines benefits of such an approach such as improved efficiency, safety and resilience.
Isf 2015 continuous diagnostics monitoring may 2015abhi75
Northrop Grumman presented on applying continuous monitoring and cyber best practices to the Texas Cybersecurity Framework. They discussed features of a proposed dynamic cyber dashboard for Texas that would provide interactive visual analytics on security controls, vulnerabilities, threats and compliance. The dashboard would use advanced analytics, predictive modeling and a quality of protection metric to continuously measure cyber risk.
Broadband Wireless Access (BWA) has been serving enterprises and operators for years, to the great satisfaction of its users. However, the new IP-based standard developed by the IEEE 802.16 is likely to accelerate adoption of the technology. It will expand the scope of usage thanks to: the possibility of operating in licensed and unlicensed frequency bands,
unique performance under Non-Line-of-Sight (NLOS) conditions, Quality of Service (QoS) awareness, extension to nomadicity, and more. In parallel, the WiMAX forum, backed by industry leaders, will encourage the widespread adoption of broadband wireless access by establishing a brand for the technology and pushing interoperability between products.
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
Secure Your Azure Cloud Deployments with VNS3 Overlay Networks
Cohesive Networks CEO Patrick Kerpan and CTO Chris Swan present VNS3 overlay networking to help Microsoft Azure customers and partners better secure cloud deployments in this webinar from Microsoft Azure.
Learn how adding an overlay network to your Microsoft Azure cloud environment can boost security and connectivity. As your cloud environment grows with your business, your network becomes more important and complex.
An overlay network, a software-only network over the top of existing Azure cloud resources, can add controls for enhanced encryption, monitoring, interoperability, and connectivity.
You can create and manage your overlay network using VNS3 from Cohesive Networks. VNS3 is a customizable, layer 4 - 7 virtual networking device you can control to better manage and secure your Azure networks. Connect regions into one logical network, connect directly to customers or partners using secure IPsec tunnels, and ensure encryption for your network components to meeting industry regulations like HIPAA, PCI, or FIPS.
VNS3 even lets you connect your Azure subnets into other cloud providers’ availability zones for truly hybrird cloud flexibility. Join Cohesive Networks CEO and CTO for an in-depth look at overlay networks in Azure, along with real-life demos of our most popular use cases.
Webinos provides an open source platform for running applications across multiple devices. It uses open standards like HTML5, JavaScript, and JSON-RPC. The Webinos architecture supports a personal zone concept using a Personal Zone Hub (PZH) and Personal Zone Proxies (PZP) that allow devices and services to be discovered and shared securely between a user's devices using permissioning and PKI. The Webinos private cloud connects all a user's devices and services through open standards to form a secure virtual network. Example applications described include file sharing, emergency notifications, music sharing, and IOT applications.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Steve Shawcross is a digital security and cyber security consultant with over 20 years of experience in information technology. He has numerous cyber security certifications and specializes in areas like firewall administration, vulnerability assessments, and industrial control systems security. His experience includes consulting roles providing cyber security services and support to companies across various industries.
The Vyatta 3500 Series appliances combine Vyatta open networking software with high-performance hardware to deliver industry-leading performance for enterprise and service provider networks requiring 10-20Gbps routing and security. The Vyatta 3500 series supports routing, security, firewall, VPN, and intrusion protection features. The appliances are compact 2U devices that offer redundancy and high reliability, and support up to 20 1GbE or 8 10GbE ports. The Vyatta 3510 model provides 2Gbps throughput while the 3520 provides 3Gbps throughput and additional memory and ports.
5G Cybersecurity Bootcamp - 3GPP Version - Tonex TrainingBryan Len
This 4-day training course provides an in-depth overview of 5G technology, architecture, protocols, and cybersecurity. It includes both lectures and practical exercises. Attendees will learn about 5G concepts, use cases, network architecture, security features and procedures, threats and attacks, as well as the evolution of 5G security compared to 4G. The agenda covers topics such as 5G system surveys, RAN and core network architecture, identifiers, operational procedures, security architecture, and key management among other things.
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
The document describes the Check Point 5900 Next Generation Security Gateway. Key points:
- It is a 1U appliance that provides comprehensive network security protection including firewall, IPS, antivirus, SSL inspection, and SandBlast zero-day threat prevention.
- It has flexible I/O with two expansion slots that can add additional 1GbE, 10GbE, or 40GbE network ports.
- Models are available with the Next Generation Threat Prevention (NGTP) package or the SandBlast (NGTX) package that adds zero-day protection capabilities.
This document provides information about a blockchain hackathon being organized by Luxoft, including:
- The hackathon will focus on applying blockchain to newer industries like education, healthcare, and smart mobility.
- It will include challenges in each of these areas and provide development networks for Ethereum and Hyperledger Fabric for participants to build solutions.
- Support materials include skeleton applications, network configurations, and a support channel for participants to get help during the hackathon.
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
The document is a datasheet for the Check Point 5100 Next Generation Security Gateway. It provides high-level information about the product's benefits, features, and specifications. The 5100 gateway delivers comprehensive threat prevention against advanced cyber attacks through solutions like SandBlast threat emulation and extraction. It offers high performance and flexibility via modular expandability. The datasheet describes the product's security capabilities, ordering information, and technical specifications.
Why trade performance for flexibility when you can program your network with new protocols and capabilities at wire speed?
In this workshop learn how ASICs are made, why flexible silicon is critical to the future of networking and what you can do with Cisco’s next-generation UADP 2.0.
Resources:
Watch the related TechWiseTV episode: http://bit.ly/2fiqH1f
Watch the TechWiseTV: New Era in Networking playlist: http://bit.ly/2jpoRjB
Hillstone Networks provides intelligent firewall solutions that use behavioral intelligence to detect threats. They have over 10,000 customers globally across various industries. Their intelligent firewalls can detect both known and unknown threats through abnormal behavior detection in minutes rather than months. This allows them to find modern attacks that evade traditional signature-based defenses. They offer solutions for both enterprises and data centers to provide perimeter security as well as internal micro-segmentation of virtual machines in private and public clouds.
This document discusses cybersecurity for industrial networks. It introduces Westermo, which provides hardware and software for industrial communications. It outlines the current security threats facing industrial networks, including state-sponsored hacking and disgruntled employees. It then discusses best practices for building a secure network, including perimeter protection, network segmentation, disabling unused ports, port authentication, and network-to-network protection using VPNs. Finally, it describes Westermo's cybersecurity features and tools like WeConfig that help harden devices and networks.
The SL1SL3MixMode feature of NXP’s MIFARE Plus EV2 IC allows to configure the IC to accept Crypto-1 as well as AES authentication on card or on sector-per-sector basis. With this, only security relevant applications can be upgraded to SL3, to enable new use cases such as for example Over-the-Air top-ups with an NFC-enabled mobile phone.
This document provides a guide for configuring and deploying Arista's Macro Segmentation Service (MSS) solution. It describes MSS capabilities like dynamically steering traffic to firewalls based on security policies. The document also outlines example use cases, prerequisites, and step-by-step instructions for configuring MSS on Arista switches and CloudVision Exchange to insert firewalls and isolate traffic between tenants, zones, and workloads.
Dmitry Kurbatov is the CTO of Positive Technologies, a cybersecurity company. He began his career as a network engineer in 2007 before switching to security in 2009. In his presentation, he discusses security issues for 5G and IoT networks. He notes that the virtualized and programmable nature of 5G introduces new vulnerabilities, and that legacy threats to previous cellular standards still apply. Additionally, the massive number of connected IoT devices poses new threats like large-scale botnets. He concludes by providing guidelines for 5G security, including implementing policies separately for each network slice and securing new interfaces from the start.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
The document discusses new Cisco technologies for automating and analyzing corporate networks, including Cisco DNA Center. DNA Center provides a single interface for automating and analyzing the entire lifecycle of network design, provisioning, policy management, and assurance. It integrates with Cisco Identity Services Engine (ISE) to automate access policies and control. DNA Center also leverages streaming telemetry, network data, and machine learning to provide real-time visibility, root cause analysis, and client health monitoring across the network.
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
This document discusses securing IoT devices using the mbed ecosystem. It notes that IoT security is an important issue as vulnerabilities have been found in deployed systems. The mbed OS provides security for IoT devices through mbed TLS for secure communications, mbed uVisor for device security through isolation, and lifecycle management features. It argues that a platform OS like mbed OS is needed to address the complex security demands of IoT. The document outlines the security features and benefits provided by mbed TLS, mbed uVisor, and how they integrate with mbed OS to deliver comprehensive security for IoT products.
The SonicWALL NSA E8500 appliance provides application intelligence and control, powerful intrusion prevention, and deep packet inspection of encrypted traffic. It can analyze over 1,100 applications and inspect hundreds of thousands of connections simultaneously across all ports. As a gateway or inline solution, it adds visibility and security to networks while keeping existing infrastructure intact. Regular updates ensure dynamic security against the latest threats.
The Secure Dynamic Messaging (SDM) feature allows to program NXP’s MIFARE DESFire EV3 IC in a way to store NDEF messages as defined in the NFC Forum Tag Type 4 specification. A unique IC individual NDEF message is generated on each tap, whereas a backend server evaluates the data that was generated by the IC.
Presentation from Digital Transformation World May 15th 2018 covering:
Understanding the reality of data breaches today
Virtualization security challenges for the CSP 5G network
Key capabilities to create trustworthy 5G virtualized networks
Usage of secure enclaves to create a fabric of trust within the network
How to protect VNFs and enterprise applications, leveraging Intel SGX technology
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
Steve Shawcross is a digital security and cyber security consultant with over 20 years of experience in information technology. He has numerous cyber security certifications and specializes in areas like firewall administration, vulnerability assessments, and industrial control systems security. His experience includes consulting roles providing cyber security services and support to companies across various industries.
The Vyatta 3500 Series appliances combine Vyatta open networking software with high-performance hardware to deliver industry-leading performance for enterprise and service provider networks requiring 10-20Gbps routing and security. The Vyatta 3500 series supports routing, security, firewall, VPN, and intrusion protection features. The appliances are compact 2U devices that offer redundancy and high reliability, and support up to 20 1GbE or 8 10GbE ports. The Vyatta 3510 model provides 2Gbps throughput while the 3520 provides 3Gbps throughput and additional memory and ports.
5G Cybersecurity Bootcamp - 3GPP Version - Tonex TrainingBryan Len
This 4-day training course provides an in-depth overview of 5G technology, architecture, protocols, and cybersecurity. It includes both lectures and practical exercises. Attendees will learn about 5G concepts, use cases, network architecture, security features and procedures, threats and attacks, as well as the evolution of 5G security compared to 4G. The agenda covers topics such as 5G system surveys, RAN and core network architecture, identifiers, operational procedures, security architecture, and key management among other things.
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISEAlexander Kravchenko
The document describes the Check Point 5900 Next Generation Security Gateway. Key points:
- It is a 1U appliance that provides comprehensive network security protection including firewall, IPS, antivirus, SSL inspection, and SandBlast zero-day threat prevention.
- It has flexible I/O with two expansion slots that can add additional 1GbE, 10GbE, or 40GbE network ports.
- Models are available with the Next Generation Threat Prevention (NGTP) package or the SandBlast (NGTX) package that adds zero-day protection capabilities.
This document provides information about a blockchain hackathon being organized by Luxoft, including:
- The hackathon will focus on applying blockchain to newer industries like education, healthcare, and smart mobility.
- It will include challenges in each of these areas and provide development networks for Ethereum and Hyperledger Fabric for participants to build solutions.
- Support materials include skeleton applications, network configurations, and a support channel for participants to get help during the hackathon.
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...Alexander Kravchenko
The document is a datasheet for the Check Point 5100 Next Generation Security Gateway. It provides high-level information about the product's benefits, features, and specifications. The 5100 gateway delivers comprehensive threat prevention against advanced cyber attacks through solutions like SandBlast threat emulation and extraction. It offers high performance and flexibility via modular expandability. The datasheet describes the product's security capabilities, ordering information, and technical specifications.
Why trade performance for flexibility when you can program your network with new protocols and capabilities at wire speed?
In this workshop learn how ASICs are made, why flexible silicon is critical to the future of networking and what you can do with Cisco’s next-generation UADP 2.0.
Resources:
Watch the related TechWiseTV episode: http://bit.ly/2fiqH1f
Watch the TechWiseTV: New Era in Networking playlist: http://bit.ly/2jpoRjB
Hillstone Networks provides intelligent firewall solutions that use behavioral intelligence to detect threats. They have over 10,000 customers globally across various industries. Their intelligent firewalls can detect both known and unknown threats through abnormal behavior detection in minutes rather than months. This allows them to find modern attacks that evade traditional signature-based defenses. They offer solutions for both enterprises and data centers to provide perimeter security as well as internal micro-segmentation of virtual machines in private and public clouds.
This document discusses cybersecurity for industrial networks. It introduces Westermo, which provides hardware and software for industrial communications. It outlines the current security threats facing industrial networks, including state-sponsored hacking and disgruntled employees. It then discusses best practices for building a secure network, including perimeter protection, network segmentation, disabling unused ports, port authentication, and network-to-network protection using VPNs. Finally, it describes Westermo's cybersecurity features and tools like WeConfig that help harden devices and networks.
The SL1SL3MixMode feature of NXP’s MIFARE Plus EV2 IC allows to configure the IC to accept Crypto-1 as well as AES authentication on card or on sector-per-sector basis. With this, only security relevant applications can be upgraded to SL3, to enable new use cases such as for example Over-the-Air top-ups with an NFC-enabled mobile phone.
This document provides a guide for configuring and deploying Arista's Macro Segmentation Service (MSS) solution. It describes MSS capabilities like dynamically steering traffic to firewalls based on security policies. The document also outlines example use cases, prerequisites, and step-by-step instructions for configuring MSS on Arista switches and CloudVision Exchange to insert firewalls and isolate traffic between tenants, zones, and workloads.
Dmitry Kurbatov is the CTO of Positive Technologies, a cybersecurity company. He began his career as a network engineer in 2007 before switching to security in 2009. In his presentation, he discusses security issues for 5G and IoT networks. He notes that the virtualized and programmable nature of 5G introduces new vulnerabilities, and that legacy threats to previous cellular standards still apply. Additionally, the massive number of connected IoT devices poses new threats like large-scale botnets. He concludes by providing guidelines for 5G security, including implementing policies separately for each network slice and securing new interfaces from the start.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
The document discusses new Cisco technologies for automating and analyzing corporate networks, including Cisco DNA Center. DNA Center provides a single interface for automating and analyzing the entire lifecycle of network design, provisioning, policy management, and assurance. It integrates with Cisco Identity Services Engine (ISE) to automate access policies and control. DNA Center also leverages streaming telemetry, network data, and machine learning to provide real-time visibility, root cause analysis, and client health monitoring across the network.
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
This document discusses securing IoT devices using the mbed ecosystem. It notes that IoT security is an important issue as vulnerabilities have been found in deployed systems. The mbed OS provides security for IoT devices through mbed TLS for secure communications, mbed uVisor for device security through isolation, and lifecycle management features. It argues that a platform OS like mbed OS is needed to address the complex security demands of IoT. The document outlines the security features and benefits provided by mbed TLS, mbed uVisor, and how they integrate with mbed OS to deliver comprehensive security for IoT products.
The SonicWALL NSA E8500 appliance provides application intelligence and control, powerful intrusion prevention, and deep packet inspection of encrypted traffic. It can analyze over 1,100 applications and inspect hundreds of thousands of connections simultaneously across all ports. As a gateway or inline solution, it adds visibility and security to networks while keeping existing infrastructure intact. Regular updates ensure dynamic security against the latest threats.
The Secure Dynamic Messaging (SDM) feature allows to program NXP’s MIFARE DESFire EV3 IC in a way to store NDEF messages as defined in the NFC Forum Tag Type 4 specification. A unique IC individual NDEF message is generated on each tap, whereas a backend server evaluates the data that was generated by the IC.
Presentation from Digital Transformation World May 15th 2018 covering:
Understanding the reality of data breaches today
Virtualization security challenges for the CSP 5G network
Key capabilities to create trustworthy 5G virtualized networks
Usage of secure enclaves to create a fabric of trust within the network
How to protect VNFs and enterprise applications, leveraging Intel SGX technology
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
Nokia's network slicing automation vision involves hierarchical closed-loop management across domains using a unified data model. This includes end-to-end service orchestration, assurance, and slice-specific network functions and data layers managed by domain controllers and an NFV orchestrator. AI/ML is used across various layers for tasks like capacity planning, inventory, and experience assurance.
This document provides a summary of a presentation on automation and orchestration for 5G and NFV. The presentation covers Cisco's vision for 5G automation using ETSI MANO frameworks. It demonstrates NFV Manager and Service Design Manager apps for automating NFV lifecycle management and network service design. The presentation also discusses use cases for 5G end-to-end orchestration and cross-domain automation architectures.
1) The document discusses network function virtualization (NFV) and how it relates to OpenStack. NFV aims to virtualize network functions through standard servers and storage to reduce costs and improve flexibility. (2) ETSI has defined NFV reference architectures, use cases, and an NFV management and orchestration framework. (3) The document outlines ongoing work by ETSI on NFV specifications and interoperability testing to advance the NFV ecosystem.
Digital transformation is reshaping the business landscape faster than any time in history. Organizations that adopt a digital strategy will leapfrog the competition, while those that do not will risk becoming irrelevant within five years. One important step in becoming a digital enterprise is becoming an agile organization—that is, having the ability to take advantage of market opportunities faster than the competition. This shift has become a top initiative for IT and business leaders. Pepe will discuss how to build an agile IT infrastructure to be ready for it.
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
This document provides information about Positive Technologies, a leading cybersecurity company focused on telecom security. Some key points:
- Positive Technologies has 19 years of experience in enterprise cybersecurity R&D and 9 years focused on telecom security. It has two R&D centers in Europe.
- The company performs over 60 security assessments per year for telecom operators and was the first vendor focused on end-to-end cybersecurity for mobile operators.
- Positive Technologies has a global presence with offices in 10 countries and has performed projects in 41 countries.
- As a pioneer in signaling security research, the company has published numerous reports on vulnerabilities in 2G-5G networks and standards over the past
What you should pay attention to cisco aironet access point while purchasingIT Tech
The document discusses Cisco Aironet access point options for different deployment environments. It describes the key features and management paradigms of Cisco's unified and autonomous access point models. It also summarizes the capabilities of different Cisco access point series for offices, challenging indoor environments, and outdoor deployments. Customers can choose between lightweight and autonomous access points that provide options for centralized or distributed management.
Dedicated VNF Management - Why it's performance critical for PCRFAmdocs
Sue Koch shares her presentation from NFV World Congress, as she explains why it is performance-critical to have dedicated VNF management for PCRF. #NFVWorldCongress
The document discusses the drivers for software-defined networking (SDN) and network function virtualization (NFV) deployment from a service provider's perspective. It covers key enablers like OpenStack and the ETSI NFV architectural framework. Several use cases are presented, including virtual managed services and a virtual carrier WiFi core. Challenges of SDN/NFV deployment are also examined. Essential skills for next-generation network engineers are identified, such as Python, XML/JSON, container virtualization, and Linux skills.
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVPLUMgrid
This document discusses how OpenStack, SDN, and NFV can revolutionize the IT and telecom industries. It describes how these technologies can help carriers transition to a cloud-based business model with always-on, affordable, reliable services and a diverse customer base. It then provides details on how OpenStack, SDN, and NFV components like the NFVi, VIM, SDN layers for compute, network and storage, extended MANO, and VNF ecosystems can provide production-ready NFV solutions for carriers with benefits like increased agility, reliability, cost-effectiveness, flexibility and security. Finally, it discusses two customer case studies on how SDN can improve vCPE and CaaS solutions.
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
Combined technologies create a virtualized security gateway with real-time processing even for small packets associated with IP voice applications.
The future of wireless is ultra-broadband packet throughput, with 4G/LTE speeds hitting 25 Mbps to 50 Mbps¹ and 5G technologies targeting even faster speeds. But the IP mobile networks that are serving up this throughput have new security risks for MNOs that can negatively impact their infrastructure, operations, customer services, and data.
Utilizing security gateways (SeGW) in every base station and small cell is the proven way to secure the network against hackers. But legacy gateways don’t offer the performance or flexibility to scale for cost-effective deployment at a macrocell or at a small cell. Casa Systems worked with Intel and Intel® Network Builders ecosystem members Advantech and Wind River to build a complete virtual SeGW system with the performance and flexibility for these edge locations—even for demanding IP voice applications that transmit floods of small packets that typically have overwhelmed legacy gateways.
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)SDNRG ITB
The document discusses Cisco's innovations in software-defined networking (SDN) and network functions virtualization (NFV). It provides an overview of Cisco's strategy, which involves various models of programmability including classic SDN with OpenFlow, network virtualization with overlays, and hybrid approaches. The document also discusses Cisco's NFV reference architecture and innovations like the Virtualized Mobility Supervisor (vMS) and virtualized branch solutions.
A detailed look at 5G security by experts from wenovator, Dr. Anand R. Prasad & Hans Christian Rudolph.
This webinar covers:
(1) 5G security
(2) Private networks security and
(3) Open vRAN security
To learn more about wenovator, visit their website: https://www.wenovator.com/
All our #3G4G5G slides and videos are available at:
Videos: https://www.youtube.com/3G4G5G
Slides: https://www.slideshare.net/3G4GLtd
Security Page: https://www.3g4g.co.uk/Security/
5G Page: https://www.3g4g.co.uk/5G/
Security Blog Posts: https://blog.3g4g.co.uk/search/label/Security
Free Training Videos: https://www.3g4g.co.uk/Training/
The document summarizes Cisco's Next-Generation Firewall (NGFW) product line. It discusses the Cisco Firepower NGFW's ability to [1] prevent breaches automatically through threat research and protections, [2] provide deep visibility to detect and stop threats fast with advanced security features, and [3] automate network and security operations to save time and work smarter. Tables are provided listing performance specifications and capabilities of Cisco's physical and virtual NGFW appliances.
5G aims to enable new services through high bandwidth, low latency connectivity. However, some claimed 5G requirements like 100% coverage and five 9's reliability are not actually specified by standards bodies. Realizing 5G's full capabilities will require deploying new cellular infrastructure and upgrading backhaul networks. While 5G introduces innovations in areas like network slicing and mobile edge computing, integrating with web and application communities will depend on 3GPP defining interfaces and networks being upgraded, which can take significant time.
Chris Swan's CloudExpo Europe presentation "The networking declaration of ind...Cohesive Networks
Chris Swan's CloudExpo Europe presentation originally given 26 Feb in the Software Defined Data Centre and Networks Theatre.
The networking declaration of independence – how overlay networking gives you control of your networks
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Building a chain of trust from the device to the cloud in 5G
1. Paul Bradley – Head of 5G Strategy
13th of June 2017
Building a chain of trust
from the device to the cloud
2. Trust is vital – and it’s what we provide…
…enabling our clients to deliver a vast range of trusted
digital services for billions of individuals and things.
2 5G WORLD 2017 - PUBLIC
3. 5G comes with new security challenges
5G WORLD 2017 - PUBLIC3
ENHANCED MOBILE
BROADBAND
CRITICAL COMMUNICATIONS
AND V2X
NETWORK
OPERATIONS
BUILD FROM SECURITY
SOLUTIONS FROM 3G/4G
NEW SEGMENT-SPECIFIC
SECURITY NEEDS
• Begin with principles of authentication,
integrity, confidentiality and privacy
from 3G/4G
• Adapt for NFV and Multi-Access Edge
Computing
• Security Architecture should be
adapted to the needs of each slice
MASSIVE IoTIoT
4. Gemalto’s role in Network Security & Software Licensing
5G WORLD 2017 - PUBLIC4
Gemalto secures the device and enhances
security of the virtualized network whilst
guaranteeing licensing management
OUR SOLUTIONS
User authentication
and trusted identities
Data encryption
and key management
Cloud and virtualization security
Software Monetization
5. Network Security Should Rely on Certified Elements
such as Hardware Security Modules
5G WORLD 2017 - PUBLIC5
CERTIFICATIONS
INTRUSION DETECTION
SWITCHES ON LID
TAMPER RESISTANT FAN
MOUNTS
TAMPER RESISTANT I/O MOUNTS
SERIALIZED TAMPER EVIDENT
STICKERS
INTERNAL BAFFLES
TO PREVENT PROBING
TAMPER RESISTANT SCREWS
CRYPTO HYPERVISOR
HARDWARE SECURITY MODULE
DYNAMIC CRYPTO RESOURCE
11. Key Issues in Virtualization Security
5G WORLD 2017 - PUBLIC6
NFV M&O
VNF
VNF 1 VNF 2 VNF 3
EMS 2 EMS 3EMS 1
OSS / BSS
VNF
MANAGERS
SERVICE, VNF
& INFRASTRUCTURE
DESCRIPTION
VIRTUAL
COMPUTE
VIRTUAL
STORAGE
VIRTUAL
NETWORK
VIRTUALISATION LAYER
COMPUTING
HARDWARE
STORAGE
HARDWARE
NETWORK
HARDWARE
HARDWARE RESOURCES
NFV1
ORCHESTRATOR
VITUALISED
INFRASTRUCTURE
MANAGER
VNF integrity verification
during on boarding of VNF3
Low Latency Interconnect
with Multi-Access Edge4
Secured/measured boot & security
enclaves for sensitive VNFs5
Physical and logical protection
of Security Assets on motherboard6
6
Network slice isolation1
Virtualization security2
12. Key Issues in Virtualization Security
5G WORLD 2017 - PUBLIC6
NFV M&O
VNF
VNF 1 VNF 2 VNF 3
EMS 2 EMS 3EMS 1
OSS / BSS
VNF
MANAGERS
SERVICE, VNF
& INFRASTRUCTURE
DESCRIPTION
VIRTUAL
COMPUTE
VIRTUAL
STORAGE
VIRTUAL
NETWORK
VIRTUALISATION LAYER
COMPUTING
HARDWARE
STORAGE
HARDWARE
NETWORK
HARDWARE
HARDWARE RESOURCES
NFV1
ORCHESTRATOR
VITUALISED
INFRASTRUCTURE
MANAGER
VNF integrity verification
during on boarding of VNF3
Low Latency Interconnect
with Multi-Access Edge4
Secured/measured boot & security
enclaves for sensitive VNFs5
Physical and logical protection
of Security Assets on motherboard6
Discovery mechanism of Security
Hardware & characteristics
(Openstack EPA)
7
7
Network slice isolation1
Virtualization security2
13. Key Issues in Virtualization Security
5G WORLD 2017 - PUBLIC6
NFV M&O
VNF
VNF 1 VNF 2 VNF 3
EMS 2 EMS 3EMS 1
OSS / BSS
VNF
MANAGERS
SERVICE, VNF
& INFRASTRUCTURE
DESCRIPTION
VIRTUAL
COMPUTE
VIRTUAL
STORAGE
VIRTUAL
NETWORK
VIRTUALISATION LAYER
COMPUTING
HARDWARE
STORAGE
HARDWARE
NETWORK
HARDWARE
HARDWARE RESOURCES
NFV1
ORCHESTRATOR
VITUALISED
INFRASTRUCTURE
MANAGER
VNF integrity verification
during on boarding of VNF3
Low Latency Interconnect
with Multi-Access Edge4
Secured/measured boot & security
enclaves for sensitive VNFs5
Physical and logical protection
of Security Assets on motherboard6
Discovery mechanism of Security
Hardware & characteristics
(Openstack EPA)
7
Run-time VNF
Integrity verification8
8
Network slice isolation1
Virtualization security2
14. Key Issues in Virtualization Security
5G WORLD 2017 - PUBLIC6
NFV M&O
VNF
VNF 1 VNF 2 VNF 3
EMS 2 EMS 3EMS 1
OSS / BSS
VNF
MANAGERS
SERVICE, VNF
& INFRASTRUCTURE
DESCRIPTION
VIRTUAL
COMPUTE
VIRTUAL
STORAGE
VIRTUAL
NETWORK
VIRTUALISATION LAYER
COMPUTING
HARDWARE
STORAGE
HARDWARE
NETWORK
HARDWARE
HARDWARE RESOURCES
NFV1
ORCHESTRATOR
VITUALISED
INFRASTRUCTURE
MANAGER
VNF integrity verification
during on boarding of VNF3
Low Latency Interconnect
with Multi-Access Edge4
Secured/measured boot & security
enclaves for sensitive VNFs5
Physical and logical protection
of Security Assets on motherboard6
Discovery mechanism of Security
Hardware & characteristics
(Openstack EPA)
7
Run-time VNF
Integrity verification8
Migration of VNF
using security features9
9
Network slice isolation1
Virtualization security2
15. Key Issues in Virtualization Security
5G WORLD 2017 - PUBLIC6
NFV M&O
VNF
VNF 1 VNF 2 VNF 3
EMS 2 EMS 3EMS 1
OSS / BSS
VNF
MANAGERS
SERVICE, VNF
& INFRASTRUCTURE
DESCRIPTION
VIRTUAL
COMPUTE
VIRTUAL
STORAGE
VIRTUAL
NETWORK
VIRTUALISATION LAYER
COMPUTING
HARDWARE
STORAGE
HARDWARE
NETWORK
HARDWARE
HARDWARE RESOURCES
NFV1
ORCHESTRATOR
VITUALISED
INFRASTRUCTURE
MANAGER
VNF integrity verification
during on boarding of VNF3
Low Latency Interconnect
with Multi-Access Edge4
Secured/measured boot & security
enclaves for sensitive VNFs5
Physical and logical protection
of Security Assets on motherboard6
Discovery mechanism of Security
Hardware & characteristics
(Openstack EPA)
7
Run-time VNF
Integrity verification8
Migration of VNF
using security features9
Network slice isolation1
Virtualization security2
16. l
MOBILE
CORESERVICE
PROVIDER
Mobile security chain: key architectural elements
5G WORLD 2017 - PUBLIC7
Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs
Conforms to SLA
Applications are running and data analysis take place at core and the edge
VNF1, VNF2…
MOBILE
EDGE
MOBILE
EDGE
SERVICE
PROVIDER
MOBILE
EDGE
VNFa, VNFb…
5G
SERVICE
PROVIDER
Network slice isolation1
17. l
MOBILE
CORESERVICE
PROVIDER
Mobile security chain: key architectural elements
5G WORLD 2017 - PUBLIC7
Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs
Conforms to SLA
Applications are running and data analysis take place at core and the edge
VNF1, VNF2…
MOBILE
EDGE
MOBILE
EDGE
SERVICE
PROVIDER
MOBILE
EDGE
VNFa, VNFb…
Slice 15G
SERVICE
PROVIDER
Network slice isolation1
18. l
MOBILE
CORESERVICE
PROVIDER
Mobile security chain: key architectural elements
5G WORLD 2017 - PUBLIC7
Network providing seamless IP connectivity suited to my reliability, availability, mobility and security needs
Conforms to SLA
Applications are running and data analysis take place at core and the edge
VNF1, VNF2…
MOBILE
EDGE
MOBILE
EDGE
SERVICE
PROVIDER
MOBILE
EDGE
VNFa, VNFb…
Slice 1
Slice 2
5G
SERVICE
PROVIDER
Network slice isolation1
19. Strong Trust Establishment between Virtual Functions
5G WORLD 2017 - PUBLIC8
NFV MANAGEMENT &
ORCHESTRATOR (MANO)
HARDWARE
SECURITY MODULE
MULTI-ACCESS EDGES
HARDWARE
SECURITY MODULE
CORE
Trigger Mutual Authentication between the MANO and resources
Trigger Mutual Authentication between all virtualised elements on the same slice which interact
Verify integrity of each function vs what was installed by the MANO vs image stored in VNF Manager
1
2
3
Virtualization security, VNF integrity
verification during on boarding of VNF32
20. Strong Trust Establishment between Virtual Functions
5G WORLD 2017 - PUBLIC9
NFV MANAGEMENT &
ORCHESTRATOR (MANO)
HARDWARE
SECURITY MODULE
MULTI-ACCESS EDGES
HARDWARE
SECURITY MODULE
CORE
Implement integrity and confidentiality protection so that instructions and data
cannot be compromised/modified
4
Virtualization security, VNF integrity
verification during on boarding of VNF32
21. Is the connection from the Core
to the Multi-Access Edge Secure?
5G WORLD 2017 - PUBLIC10
https://youtu.be/cdoCeKOLij4
Low Latency Interconnect
with Multi-Access Edge4
22. With 5G slicing…
isolate the communications between functions
5G WORLD 2017 - PUBLIC11
Provide confidentiality and
integrity protection for all
data and virtual functions
Provide confidentiality and
integrity protection for all
data and virtual functions
HIGH SPEED
ENCRYPTION
MOBILE EDGES CORE
HSE HSE
Low Latency Interconnect
with Multi-Access Edge4
23. Protection of Applications & VNFs
5G WORLD 2017 - PUBLIC12
NFV INFRASTRUCTURE
A Hypervisor provides some level of isolation
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
Secured/measured boot & security
enclaves for sensitive VNFs5
24. Protection of Applications & VNFs
5G WORLD 2017 - PUBLIC12
NFV INFRASTRUCTURE
A Hypervisor provides some level of isolation
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Malicious code could be implemented to hack through the walls
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
Secured/measured boot & security
enclaves for sensitive VNFs5
25. Protection of Applications & VNFs
5G WORLD 2017 - PUBLIC12
NFV INFRASTRUCTURE
A Hypervisor provides some level of isolation
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Malicious code could be implemented to hack through the walls
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs
Secured/measured boot & security
enclaves for sensitive VNFs5
26. Protection of Applications & VNFs
5G WORLD 2017 - PUBLIC12
NFV INFRASTRUCTURE
A Hypervisor provides some level of isolation
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Malicious code could be implemented to hack through the walls
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs
HSM
A HSM tethered to the Enclave could increase the security level of the system
for operations such as Key Generation or Mutual Auth. between functions
Secured/measured boot & security
enclaves for sensitive VNFs5
27. Protection of Applications & VNFs
5G WORLD 2017 - PUBLIC12
NFV INFRASTRUCTURE
A Hypervisor provides some level of isolation
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Malicious code could be implemented to hack through the walls
HARDWARE RESOURCES (CPU, STORAGE, NETWORK)
HYPERVISOR
NFV INFRASTRUCTURE
Secure enclaves (“HMEE”) in the CPU increase isolation between the VNFs
HSM
A HSM tethered to the Enclave could increase the security level of the system
for operations such as Key Generation or Mutual Auth. between functions
A Virtual HSM can be tethered to real HSMs allowing for elasticity and scalability
HSM
VIRTUAL
HSM
Secured/measured boot & security
enclaves for sensitive VNFs5
28. Software Licensing Management
5G WORLD 2017 - PUBLIC13
How to forge sustainable business relationships between multiple stakeholders
in a complex 5G environment
APPLICATION PROVIDERS
On-premise and cloud
B2B applications
NETWORK VENDORS
Virtual Network Function
scalable licensing
The importance of security, protection, licensing, usage and entitlement
management solutions is critical in helping the industry monetize their software
and driving disruptive business models
CLOUD PROVIDERS
Cloud services
and applications
29. Data Protection / Confidentiality
Privacy / Anonymity
Denial of Service Protection
Anti-Clone mechanism
FOR THE ABOVE, WE NEED TO DETERMINE THE FOLLOWING REQUIREMENTS:
Device Security per 5G Segment
5G WORLD 2017 - PUBLIC15
Device Capabilities (consumption/processing/memory...)
Connectivity Cost (device)
Connectivity Cost (recurring – subscription)
Type of service provider data in transit
FOR THE MAIN 5G SUB-SEGMENTS, WE NEED TO ANALYSE:
WE THEN APPLY SECURITY SOLUTIONS (END-TO-END)
30. Segmenting Security Needs of Major 5G Use-Cases
5G WORLD 2017 - PUBLIC16
S.F.U.: Security Firmware Upgrade – A.R.M.: Active Risk Management
Security Needs
(MNO/SP)
WALLED GARDEN / OUT-OF-BAND MGMT / TOKENISATION / A.R.M. / S.F.U.
Complimentary
Core Security
to reinforce
SOFTWARE IN TRUSTED ENCLAVE / SECURE ELEMENT
Credentials
Protection
Sub. Authentication
Anti-DoS
Confidentiality
Sub. Authentication
Anti-DoS
Authenticity
ID/Privacy
Sub. Authentication
Confidentiality+
ID/Privacy+
Integrity+
Anti-DoS
Authenticity
Sub. Authentication
Confidentiality++
ID/Privacy++
Integrity++
Device FW Integrity
Anti-DoS
Authenticity
Sub. Authentication
Confidentiality+++
ID/Privacy+++
Integrity+++
Device FW Integrity
Anti-DoS
Authenticity
Basic Sensors Broadband Modem
Set-Top Box
Auto Info-tainment
Industrial Basic
Smart Wearable
Retail (PoS)
Laptop
Smartphone/tablet
Auto Telematics
Home Automation
Industrial Critical
Medical Wearable
Metering/CriticalSensors
Public Safety/1st Resp.
Military
Remote Surgery
V2X
1 2 3 54
31. PROTECT IDs
device
MANAGE IDs AND
GRANT ACCESS
core
It’s important to find the right balance
5G WORLD 2017 - PUBLIC17
RISK
END-TO-END MOBILE NETWORK + SERVICE PROVIDER SECURITY FRAMEWORK
• Secure Element
• Software in
Trusted Enclave
• Active Risk
Management
• Out of Band
• Tokenisation
• Security Firmware
Upgrade
32. Weaker Security at Device: Reinforce Core
5G WORLD 2017 - PUBLIC18
RISK
If a device does not support a Secure Element
(cost, data worthless…)
• Software in
Trusted Enclave
• Active Risk
Management
• Tokenisation
• Security Firmware
Upgrade
PROTECT IDs
device
MANAGE IDs AND
GRANT ACCESS
core
33. PROTECT IDs
device
MANAGE IDs AND
GRANT ACCESS
core
Stronger Device Security: Core adapted accordingly
5G WORLD 2017 - PUBLIC19
RISK
If the SP data in transit requires
normal to best-in-class security
• Secure
Element
• Security Firmware
Upgrade
34. To conclude…
5G WORLD 2017 - PUBLIC20
Virtualization brings new challenges in securing
your core and edge clouds. Adapt appropriate
security per network slice blueprint. Establish trust
between functions, encrypt all data at rest or in transit.
Choose your end-to-end security architecture wisely
based upon the value of the data being transmitted
and don’t only consider the device bill of materials.
Gemalto is focused on security at the device, multi-
access edge and the core with an appropriate
footprint per 5G segment meeting both MNO and
Service Provider requirements. We’re working with the
entire industry to continue to secure next generation
mobile communications.
35. Thank you
Come and see us at Booth 5G 504
You can find me on
5G WORLD 2017 - PUBLIC21