AHRQ Bioterrorism Initiative
Download
Report
Transcript AHRQ Bioterrorism Initiative
Security of Next Generation Networks:
When Best Effort is not enough
Hank Kluepfel, CPP
01-973-543-7064
[email protected]
Sept 10-11, 2001
Workshop:
Mitigating the Vulnerability of Critical Infrastructures to
Catastrophic Failures
My Background
First case prosecuted under US Computer Crime Law
First Defense-In-Depth Quality Program on Security Design
and Management:
•
•
•
•
First Information Sharing & Leadership
•
•
2
Domestic -NSTAC Network Security Panel –1990
International - IEEE International Carnahan Conference Papers
First to be sued in the line of duty, first to be dismissed for
wrongful litigation
Authored First SS7 (CCITT #7) Security Best Practice
–
Assess Current Environments e.g., multidiscipline audits
Close Known Holes e.g., awareness, patches & reporting
Architect Security Into standards, requirements, systems & R&D
Deploy a network element border firewall
ATIS Security Base Guideline for Interconnected SS7
First to Chair an NRIC Focus Subgroup on Security
Traditional Threat Tree
Threat
Natural
•fires
•floods
•earthquakes
•hurricanes
•extreme heat
•extreme cold
Exploitable Vulnerabilities
•buffer overflows
•Insecure defaults
Unintentional
Errors, Omissions
•software bugs
•system overloads
•hardware failures
•poorly trained administrators
•errors and accidents
•uniformed, unmotivated and/or
incompetent custodians
Insider
•Dishonest or disgruntled employee, partner,
outsource employee or contract employee
Intentional
Outsider
•Hacker/Phreaker
•spy
•fraudster
•disgruntled
former employee
Telecom Incident’s At A Glance:
4
High Tech Telecom Hacks Linked to Organized Crime
High Tech Theft Strong Arm Burglaries of Central Offices
Burglary of Central Offices and Centers
Sophisticated Theft of Services
Unindicted Co-Conspirators Often On Payroll of Carriers
Theft of Intellectual Property & Privacy
Sophisticated Fraud through network manipulation
Law Enforcement Operations Targeted
Internet Economy Enabled Hacking
Vulnerable Operations: If its isn’t in the release and
administration neutral, its not patched or managed
Virtually every case found by accident or error
Decreasing Barriers to Intrusion:
It just gets easier!
Wireless Hack-in-a-box e.g., AirSnort aimed at WEP/802.11b
http://www.wired.com/news/print/0,1294,46187,00.html
Sources:
•CERT® Coordination Center
•Network Reliability and Interoperability Council
High
packet spoofing
sniffers
scanners/sweepers
Y2K enabled hacking
“stealth” / advanced
scanning techniques
Tools &
Techniques
Distributed
denial of
SONET /SDH service /
advanced
backbone
virus /worm
attacks
automated probes
techniques
GUI
denial of service
network element Trojans
back doors
network mgmt. diagnostics
PAD to PAD
hijacking
burglaries
sessions
exploiting known vulnerabilities
disabling audits
Sophistication
password cracking
Skills &
Knowledge
self-replicating code
Threat
password guessing
Low
1980
1985
1990
1995
5
Baseline
Reference: Telecommunications Risk Assessment NSTAC, June ‘99
2000
Cross Elastic Converged Network attacks:
Thousands
of targets
Reflectors
Use worm to gain control of
104 - 106 zombies
Zombies
(20-90 K
observed
during CodeRed)
Source: Stuart Staniford, O. Sami Saydjari & Ken Williams
6
Anonymizer
Code Red Worm
Affecting IIS web server software and propagating to other
selected IP addresses through Port80 (http) connectivity
Evolution and impact of worm inevitable
–
–
–
–
–
Relevance to NGN
–
–
–
7
Exploit trust relationships
Multiple Operating Systems
Code Posted on the Internet by White hat hackers
Now targeting local hosts first causing network congestion
More hidden elements e.g., backdoor Trojan Horse for POST IIS
Patch Access
At least three major providers of NGN products impacted
Access and management systems impacted
Other NGN aspects (e.g., Network OAM&P) ripe for potential
exploitation
Network Convergence Dream:
Merging the Voice and Data Worlds
8
Circuit Switching
TDM transport
High reliability
(Five9’s)
Limited
programmability
Time sensitive billing
Slow service set-up
Dumb phones
Telephony services
IN Services
• Single infrastructure
• Packet Switching
• Intelligence
distributed/collaborative
• Best Effort reliability,
security & QoS
• Innovative business to
business applications
• High value service
bundles
• Steep learning curve on
security
• Packet Switching
• Intelligence at “edge”
• Lower reliability &
security
• Innovation in PC and
enterprise applications
• Flat rate or bandwidth
pricing
• Hard to achieve quality
• Smart PCs
Telcordia’s Call Agent Architecture
GUI
JAVA
Service
Definition
Customer
- Service Definition
Service
- Billing
Applets
- Provisioning
Customer
Care &
Billing
TelCo
Service
Execution
Call Agent
Exchange
Link
Network
OSSs
ISCP
SS7
Gateway
API
Public
Signaling
Network
TCAP/SS7
ISUP/SS7
MGCP
Announcement
Server
Voice/IP
Voice/IP
Res Hub
9
HFC
ADSL
WLL
Voice/IP/ATM
SONET/SDH
Backbone
Network
PSTN
Trunking
Gateway
Lucent Technologies
Open Service Creation & Internetworking
PacketStar IP Services Platform
IP Databases
PSTN Databases
Directory
Coordinator
User Feature
Applet
Call Coordinator
Service Provider
Servlet
Device Servers
H.323V2
Device Server
H.323v1
Device Server
SS7
Device Server
SS7 Gateway
Lucent 5ESS
Cisco 5300™
Lucent Gateway
1000™
10
Ascend MAX
6000™
Lucent Packet
Voice Gateway
Security issues are suspect at
every layer of the infrastructure ...
User Interface device/
system
F
1
F F
n 1
Appl 1
F
n
Appl 2
F
1
User Interface device/
system
F
1
F
n
Appl 1
Appl n
File Systems, DBMS
Appl 2
F
1
Interconnecting
Networks
F
n
Appl n
OS, Sys. Lib., Drivers
File Systems, DBMS
Protocols: TCP/IP, TL1
Protocols: TCP/IP, TL1
Network Connectivity
Network Connectivity
Hardware Platforms
11
F
n
Middleware
Middleware
OS, Sys. Lib., Drivers
F F
n 1
Hardware Platforms
Common Problems
Vulnerabilities & Errors
12
Policies and standards driven by known exploits
rather than integral with evolving technology and
services
Unencrypted Login Sessions over vulnerable
networking coupled with Reusable Passwords
Poor access controls
Search for Holes in Protocols
Outdated Physical Security
Critical
Uncontrolled networking
Infrastructure
Resources
Inadequate documentation
Insecure System Defaults
Weak Auditing & Reporting
Network Convergence Nightmare:
VoIP Service Attacks demonstrated
Denial of service through buffer overflows against IP phones
and gatekeepers (Root cause: Relevant Standards are illdefined on security policy and expected behavior)
Modifying user registration to re-direct calls
Unauthorized monitoring of RTP call flows
Man-in-the-Middle (H323) proxy modification of signaling &
content
Brute force account password attacks on management
interfaces
Local network sniffing of account passwords and software
updates (configuration and feature changes)
Source: Utz Roedig paper, Darmstadt University of Technology
http://www.aravox.com/literature/aravox_security_analysis_ip_telephony.pdf
13
Today’s Business Case
for Security
Motivations
Vision/
Strategy
Board of
Directors
Incidents/
Accidents
Security Investments
Business
Case
Organizational
Response:
Prevention/
Mitigation
Security
Program
Vulnerability
Analysis
Investment Requests
Senior
Management
• Shareholder/Stakeholder Value Added
• Capital Markets
Perception
• Regulations/
Ordinances
• Securities Rules and
Regulations
Compliance
• Assurance/Insurance
• Competitive
Advantage
• Intangibles
• Media
Assets
Security
Requirements
Risk
Analysis
Source: www.ncs.gov (off line due to CODE RED WORM)
Factors influencing platform selections by
Service Providers
Assure security in the initial architecture
Stick with standards and avoid proprietary security
algorithms
Focus on Authentication, Authorization, Accounting
Protect SS7 to IP interconnects
Invite customers to test security of beta products
Set defaults to ‘secure’ on new elements
Source: Verizon paper, Converged Networks & Security;
NSTAC R&D Exchange, Telecommunications and Information Security Workshop 2000
15
Related Security Standards and Best Practices Fora
16
Secure Tunneling - e.g., IPSec
Packet cable security specification
Common Criteria switch profile
ITU H235
SNMP security
ATM Forum security specification
T1S1 SS7 security standard based on the Generic Upper
Layer Security (GULS) functions described in 'Information
Technology - Open Systems Interconnection Upper Layers
Security Model', ISO/IEC IS 10745, June 1993.
IETF efforts on control protocols (e.g., SIP)
Network Reliability and Interoperability Council (NRIC) V
Others Candidates that we might help develop?
Targeting Interoperability and Quality
Use of security standards that can address GW-GW,
inter-system and end-to-end interactions
Address signaling security, NGN and PSTN interface
Use security tunneling designed for IPv4 & IPv6
Adopt ATM Forum security specification that addresses
multiple planes
Support intersystem negotiation of security parameters
Leverage common security services and supporting
infrastructure (e.g., Directories, DNS)
Extending security baseline requirements defined for
PSTN - e.g., Telcordia GR-815 Update (Available for Comment)
Leveraging industry best practices - e.g., IPSec / VPNs
Adopting common Internet firewall approach
Use industry best practices & interoperability testing
17
Security of Telecom Network Elements
Current GR-815-CORE
18
First Published in 1989, updated in 1997
Procurements Specified by RBOCS and other LECs
Accepted as “de facto standard” for Telecom NEs
by all major suppliers and service operators
From ~20% to Over ~95% compliance ‘90-’95
Model for NIST Common Criteria Telecom
Switching Profile
Model for ATIS SS7 Base Security Guideline
Summary & Commentary
Next Generation Networks
–
–
–
–
–
–
–
–
Source: Mike Thompson, Detroit Free Press
19
More open and connected
More complex, distributed
More Interdependencies
Growing Vulnerabilities
Increasing standards of Due Care
Increased focus on standards
Less interoperable solutions
apparent
Great need for consensus on
standards and best practices
An excellent opportunity for CIP
Questions: Hank Kluepfel, CPP
01-973-543-7064
[email protected]