This document discusses security issues related to telecom infrastructure and networks. It outlines that telecom infrastructure is highly vulnerable to attacks, and automation/machine learning tools are needed to handle large amounts of data and logs. It also discusses the need for regulatory compliance, cryptography standards, increasing international attacks targeting various sectors like India, and critical security controls that should be implemented as part of security practices. These include secure network engineering, securing network subsystems, audit log maintenance and analysis, vulnerability assessment, and providing appropriate security training. The document advocates for a multi-layer security approach combining the latest tools and a modular framework to help address cybersecurity challenges.

1. Information & Telecom Network
Security – Models of Security
Brijesh Kumar, Ph.D.
+1 609 439 9060
bkumar@rapidsoftsystems.com
CTO and Chief Cloud/Security Consultant

2. Telecom Infrastructure Security
• Telecom Infrastructure are highly vulnerable to various
kinds of attacks.
• Too big foot prints for humans to handle data and logs
centrally. Risk of too many false positives can overwhelm
the organizations.
• Automation, Machine Intelligence and advanced tools are
needed.
• Regulatory compliance in terms of monitoring is needed,
continuous compliance with regulations such as PCI,
FISMA, and SOX, and actionable steps for risk
remediation
• Impact of service outage can be pretty severe – so just
can’t rely the same responsive tools as corporations do.

3. 3
Cryptographic Standards and Applications
• Cryptographic mechanisms provide vital underpinning for IT security
• We rely on cryptography standards implementations which are
notoriously insecure.
• Most network operators personnel do not have the necessary skills to
determine cryptographic strengths
• A multiplicity of cryptographic techniques hinders interoperability and
security analysis
• Formal voluntary standards bodies are inclusive in standardizing on
multiple techniques  many techniques inadequately
studied/analyzed
• Exploitation of flawed cryptographic methods via kiddie scripts

4. Increasing International Attacks
• No one is secure from international attackers
• U.K. – Ministry of Defense hit by Cyber Attack data Stolen
(Source Zdnet.om report , July 10, 2013)
• Pakistani hackers calling themselves “True Cyber Army”
defaced 1,059 websites of Indian election bodies (April 06,
2013, Source: International thenews.com.pk)
• Professional hackers to “cyber terrorists” all have
political/personal agendas to work for.
• By every measure, Internet is becoming less secure every day:
• More attacks, More damages and more losses
• Severity of damages is increasing – stolen users data, credit
card, ID-theft, System high-jacking

5. Country wise attack distribution
India remains a major target of all organized cyber attacks.
Source: Hackmageddon.com

6. Motivation Behind Cyber Attacks
Source: Hackmageddon.com

7. Cyber Attack distribution By sectors
Source: Hackmageddon.com

8. 1. China
41 percent (of the
world's attack traffic)
2. U.S. 10 percent
3. Turkey 4.7 percent
4. Russia 4.3 percent
5. Taiwan 3.7 percent
6. Brazil 3.3 percent
7. Romania 2.8 percent
8. India 2.3 percent
9. Italy 1.6 percent
10. Hungary 1.4 percent
Top 10 hacking Countries 2013
Source: http://www.govtech.com, April
2013

9. Some Critical Security Controls As part of safety
culture Needed
• Secure Network Engineering: Network segmentation, establishment
of security zones
• Securing Network Sub-Systems: Secure Configurations for Network
Devices such as Firewalls, Routers, and Switches: Strong
authentication for network infrastructure
• Maintenance, Monitoring, and Analysis of Security Audit Logs:
Audit log settings, storage, retention, and review
• Continuous Vulnerability Assessment and Remediation:
Automated vulnerability scanning, port checking, and patch
management solutions
• Application Software and Installed Hardware Security: Application
testing and code review, equipment validation, Updated Malware
detection tools etc.
• Security Skills Assessment and Appropriate Training to Fill Gaps:
Security awareness training, security policies, and awareness testing

10. Building Security Around Telecom networks
• Multi Layer Security with Perimeter defense
• Software Automation for analysis using machine
learning and intelligence.
• Separation of critical, important and non-critical
infrastructure
• Classifications and Marking of Security Levels
• Separated Response teams based on levels,
Reconfigurable bunker zones.
• Perimeter based Access Control, and Active
monitoring
• Many more steps in the model – too little space here

11. What can we do meet these challenges
- Technology + Policy Initiatives are required.
- Securing our National infrastructure needs concerted
efforts from every one.
- Government has created needed policy frameworks
but there is more to be achieved.
- Most important focus needs to be educating work
force regarding cyber security technologies.
- Combine latest tools with modular approach as
mentioned earlier.

12. Thank You -