1 isalliance scap voip project update
play

1 ISAlliance SCAP VoIP Project Update 12 June 2009 Lawrence G - PowerPoint PPT Presentation

Sep 05, 2022 •173 likes •304 views

1 ISAlliance SCAP VoIP Project Update 12 June 2009 Lawrence G Dobranski, CISSP-ISSAP, CISM, CSSLP Leader, Security Architecture & Compliance Carrier VoIP and Applications Solutions Nortel ldobran@nortel.com (613) 763-6866 BUSINESS MADE

  1. 1

  2. ISAlliance SCAP VoIP Project Update 12 June 2009 Lawrence G Dobranski, CISSP-ISSAP, CISM, CSSLP Leader, Security Architecture & Compliance Carrier VoIP and Applications Solutions Nortel ldobran@nortel.com (613) 763-6866 BUSINESS MADE SIMPLE 2

  3. Agenda • ISA VoIP Proposal & Status Snapshot • Schedule, Deliverables & Status • Scope & Objective Statement • Resources • Next Steps • Program Meeting Schedule • Technical Working Groups Meeting • Backup • VoIP Security Standards • Participants from Industry • Participants from Government 3

  4. ISAlliance VoIP Proposal & Status Snapshot • To ¡lead ¡and ¡influence ¡the ¡development ¡of ¡industry ¡based ¡SCAP ¡ checklists ¡for ¡Voice ¡and ¡VoIP ¡Security ¡for ¡Government, ¡CriAcal ¡ Infrastructure ¡and ¡Enterprises ¡ (approved ¡Feb ¡2008 ¡ISAlliance ¡ BoD ¡Mee9ng) ¡ • ¡VoIP ¡Security ¡ImplementaAon ¡and ¡Assurance ¡Workshop ¡held ¡@ ¡ NIST ¡ (complete, ¡Sept ¡22 nd ¡-­‑-­‑ ¡23 rd , ¡2008) ¡ • SCAP ¡Voice ¡and ¡VoIP ¡Checklists: ¡ • Phase ¡I ¡– ¡ reports ¡due ¡Security ¡Autma9on ¡Conference ¡Oct ¡2009 ¡ • Applicability ¡of ¡SCAP ¡to ¡VoIP ¡ • Baseline ¡Standards ¡ • Phase ¡II ¡-­‑-­‑ ¡ proposed ¡ • Based ¡on ¡current ¡industry ¡standards ¡for ¡Voice ¡and ¡VoIP ¡Security ¡ • Developed ¡by ¡a ¡joint ¡Government/Industry ¡working ¡groups ¡ 4

  5. Scope, Objective & Deliverables • Objective: The development of industry based Baseline SCAP checklists for Voice and VoIP Security for Government, Critical Infrastructure and Enterprises • Scope: SCAP Voice and VoIP Checklists • Based on current industry standards for Voice and VoIP Security • Developed by a joint Government/Industry working group • Deliverables: • Policy Checklists for VoIP Security ( XCCDF based) • XML format standardized checklist representing VoIP Security Policy: • CPE – Platform – reference platform configuration based on source VoIP Security standards • CCE – Miss configuration – reference configuration for VoIP systems • CVSS – Impact – reference framework for characteristics and impacts for vulnerabilities in VoIP Systems • Schema for VoIP Systems (OVAL based) • XML format specifying vulnerability and configuration tests or changes • A collection of XML schema for representing VoIP Solution system information, expressing specific machine states, and reporting the results of an assessment • Reference implementation for VoIP Systems • API Reference Implementation • Reference implementation API for VoIP System Vendors, utilizing management, signaling and media plan model. • VoIP Solution vendors will implement specific interpretations of the ISAlliance deliverables for their solutions. 5

  6. Schedule, Deliverables & Status Event ¡ Plan ¡ Status ¡ Kick-­‑off ¡meeAng ¡with ¡NIST ¡to ¡ • July ¡2008 ¡ ¡ ü Complete ¡ present ¡ISA ¡Proposal ¡& ¡iniAal ¡ parAcipants ¡ Jointly ¡host ¡with ¡NIST ¡a ¡ VoIP ¡ • Proposed ¡agenda ¡end ¡of ¡July ¡ ü At ¡NIST’s ¡ 4th ¡Annual ¡ Security ¡Implementa3on ¡and ¡ 2008 ¡ Informa3on ¡Security ¡ Assurance ¡Workshop ¡to ¡discuss ¡the ¡ • Key ¡parAcipants ¡IDed ¡mid ¡ Automa3on ¡Conference ¡ applicability ¡of ¡SCAP ¡to ¡VoIP ¡and ¡to ¡ August ¡2008 ¡ (Sept ¡22nd ¡– ¡23rd ¡) ¡ establish ¡the ¡need ¡for ¡a ¡SCAP ¡ • Event ¡Oct ¡2008 ¡ ü ¡ISAlliance ¡presented ¡at ¡the ¡ checklist ¡for ¡VoIP ¡ developed ¡by ¡ conference ¡ ¡ industry . ¡ ü ISAlliance ¡hosted ¡a ¡day ¡long ¡ workshop ¡on ¡the ¡ applicability ¡of ¡SCAP ¡to ¡VoIP ¡ ISA ¡lead ¡working ¡groups ¡formed ¡to: ¡ • Bi-­‑weekly ¡virtual ¡meeAngs ¡ 1) ¡assess ¡applicability ¡of ¡SCAP ¡to ¡ • Reports ¡complete ¡end ¡August ¡ VoIP, ¡2) ¡to ¡determine ¡appropriate ¡ ¡ 2009 ¡ reference ¡standards ¡ • Reports ¡to ¡be ¡presented ¡at ¡ 5th ¡ Annual ¡Informa3on ¡Security ¡ Automa3on ¡Conference ¡(Sept ¡ 2009) ¡ 6

  7. SCAP Applicability Working Group • Status: Green • Accomplishments To Date: • Defined Scope of Effort (Basic VoIP Service) Just Voice, Just SIP, No SIP-trunking, No Voicemail • Defined Reference VoIP System • Near Term Work Plan (Due 7/4): • Conduct TRA on Reference VoIP System • Produce Control Matrix base on SP 800-53 • Longer Term Work Plan: • Develop Future Applicability Roadmap (Due 7/18) • Draft Whitepaper (Due 8/10) • Produce Presentation (Due 8/31) • Virtual Meetings: • meets every 2 nd Tuesday @ 1:00 PM Eastern for 1 hour • Leadership: • Chaired by Paul Sand, President of Salare Security 7

  8. SCAP Baseline Working Group • Status: Yellow • Accomplishments To Date: • SCAP 101 and 102 presented • Near Term Work Plan (Due 7/4): • Strawman work plan developed • Longer Term Work Plan: • Draft Whitepaper (Due 8/10) • Produce Presentation (Due 8/31) • Virtual Meetings: • Meets every 2nd Thursday @ 1:00 PM Eastern for 1 hour • Leadership • Co chair (1): Scott Armstrong, VP at Gideon Technologies • Co chair (2): TBD 8

  9. Detailed Schedule • Technical Working Group Meetings: • 1 hour duration • Applicability Working Group meets every 2 nd Tuesday @ 1:00 PM Eastern • Baseline Working Group meets every 2 nd Thursday @ 1:00 PM Eastern • Applicability & Baseline Working Groups meet in the same week 9

  10. Participants • Agilent Technologies, Inc. • Joint Task Force-Global Network Operations • American Century Investments • Jones Day • Assuria Ltd. • Lone Star College System • AT&T • ManTech • Boeing • McAfee • Center For Internet Security • Microsoft • City of Seattle • NASA • CNA Insurance • National Security Agency • Compliance Collaborators, Inc. • Nortel Networks • Damac Holding • Northrop Grumman • Department of Commerce • Oklahoma Office of State Finance • Department of Veterans Affairs • Palindrome Technologies • DHS • Pearl Technology • Direct Computer Resources • Raytheon • Disney • RedSeal • DoD • Rolls Royce • eTrade Financial • Salare Security • EWA-Canada • Science Applications International Corporation (SAIC) • Expedia • Secure Acuity Networks, LLC • FDA • Time Warner Cable • Gideon Technologies • US Department of Transportation • Global UniDocs Company • US-CERT • HSBC North America • Vanguard • IBM • VeriSign • ICSAlabs, an Independent Division of Verizon Business • VoIPshield Systems Inc. • Information Security and Forensics Management Team • Waters Edge Consulting • Institute for Defense Analyses • Invensys Process Systems 10

  11. Backup BUSINESS MADE SIMPLE 11

  12. Communications Tools -- collaboration site To join contact Barry Foer: bfoer@isalliance.org 12

  13. 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Application of SCAP to Secure Unified Communications www.isalliance.org The ISAlliance Board

Application of SCAP to Secure Unified Communications www.isalliance.org The ISAlliance Board

Application of SCAP to Secure Unified Communications www.isalliance.org The ISAlliance Board www.isalliance.org VoIP Project Leadership www.isalliance.org Government Participants www.isalliance.org Industry Participants www.isalliance.org

575 views • 14 slides
SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference

SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference

SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference Presentation Overview 1. The Business Challenge 2. Securing Voice over IP Networks 3. The ISA VoIP Security Project 4. Next Steps With SCAP 5. Summary

388 views • 23 slides
Irvine Ranch Water District SCAP Energy Committee Meeting IRWD Biosolids Project Update August

Irvine Ranch Water District SCAP Energy Committee Meeting IRWD Biosolids Project Update August

Irvine Ranch Water District SCAP Energy Committee Meeting IRWD Biosolids Project Update August 26, 2015 1 Presentation Agenda Introduction to IRWD IRWDs Biosolids Project Construction Update 2 Introduction to IRWD Irvine Ranch

639 views • 32 slides
What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

Welcome to Business Matters Todays topic: What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for Voice over Internet Protocol - Phone service through your Internet connection 2 Components of

510 views • 29 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org Are we thinking about this all wrong? Breaches and perimeter defense Hackers and kids in basements

565 views • 30 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org During the Last Minute 45 new viruses 200 new malicious web sites 180 personal identities stolen

531 views • 41 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org During the Last Minute 45 new viruses 200 new malicious web sites 180 personal identities stolen

624 views • 45 slides
Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information

Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information

For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit www.isalliance.org Digitalization

412 views • 16 slides
Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP (voice over IP) is an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet. A major advantage of

1.26k views • 5 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org Board of Directors Tim McKnight, Chair , VP and CISO , Northrop Grumman Jeff Brown, First Vice Chair ,

572 views • 28 slides
Automate Security Testing and System Compliance Agenda Introduction to SCAP Introduction

Automate Security Testing and System Compliance Agenda Introduction to SCAP Introduction

Automate Security Testing and System Compliance Agenda Introduction to SCAP Introduction to STIG SUSE STIG Automation Demo Time Whats next? What is SCAP? The Security Content Automation Protocol is a multi-purpose

684 views • 37 slides
Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org

Larry Clinton Barry Foer President Director of Policy & Membership lclinton@isalliance.org bfoer@isalliance.org 703-907-7028 703-907-7799 202-236-0001 ISA Board of Directors J. Michael Hickey , 1st Vice Chair Ty Sagalow, Esq ., Chairman

446 views • 43 slides
Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028

Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028

Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 ISA Project Background Started in 2007 with CMU & USCCU 60 Entities (NSA, NIST, DOD, DOE, FBI) Published base paper in 2008

696 views • 14 slides
VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite components VoIP switch - SIP softswitch based on VoIP switch Opensips significantly re-developed by 5g 5g Future. Future Dynamic or static routing - a

156 views • 11 slides
Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1 PRI Gateway Dedicated VoIP-ISDN PRI Gateway Plug-n-Play device VoIP access device for an existing PBX PRI trunking for an

404 views • 27 slides
Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE, NCTU Quincy Wu Email: solomon@ipv6.club.tw 1 Outline Introduction Voice over IP RTP & SIP NTP VoIP Platform Conclusion

1.02k views • 64 slides
Week 9: 10/28-11/1, 2013 Unit II continues Finish History Alive! Ch. 19: Foreign Policy; Ch.

Week 9: 10/28-11/1, 2013 Unit II continues Finish History Alive! Ch. 19: Foreign Policy; Ch.

Week 9: 10/28-11/1, 2013 Unit II continues Finish History Alive! Ch. 19: Foreign Policy; Ch. 20 Spanish-American War and Begin WW I via Trench Day Homework: Complete your 3- part foreign policy essay Monday, October 28, 2013 I.

707 views • 67 slides
Synthetic Bio-Communication S YNTHETIC B IO -C OMMUNICATION 1. A TOMIC 2. I NTERCELLULAR 3. T IME

Synthetic Bio-Communication S YNTHETIC B IO -C OMMUNICATION 1. A TOMIC 2. I NTERCELLULAR 3. T IME

Stanford-Brown 2013 Synthetic Bio-Communication S YNTHETIC B IO -C OMMUNICATION 1. A TOMIC 2. I NTERCELLULAR 3. T IME 4. S PACE S YNTHETIC B IO -C OMMUNICATION B IO W IRES 1. A TOMIC 2. I NTERCELLULAR 3. T IME 4. S PACE S YNTHETIC B IO -C

1.61k views • 122 slides
Suffix Trees Construction and Applications Joo Carreira 2008 Outline Why Suffix Trees?

Suffix Trees Construction and Applications Joo Carreira 2008 Outline Why Suffix Trees?

Suffix Trees Construction and Applications Joo Carreira 2008 Outline Why Suffix Trees? Definition Ukkonen's Algorithm (construction) Applications Why Suffix Trees? Why Suffix Trees? Asymptotically fast. Why Suffix Trees?

692 views • 68 slides
A Haskell Implementation of Turing Machines Lim Shao En Zhang Licheng Computer Science

A Haskell Implementation of Turing Machines Lim Shao En Zhang Licheng Computer Science

A Haskell Implementation of Turing Machines Lim Shao En Zhang Licheng Computer Science Computability Theory A Haskell Implementation of Turing Machines Computability Theory Turing Machine Recursion theory Lambda-calculus Post

448 views • 22 slides
Algorithms In Music Outreach to Students Interested in the Arts Lisa Lajeunesse Capilano

Algorithms In Music Outreach to Students Interested in the Arts Lisa Lajeunesse Capilano

Mathematical Symmetry and Algorithms In Music Outreach to Students Interested in the Arts Lisa Lajeunesse Capilano University Liberal Studies Bachelor of Arts (LSBA) at Capilano Program is broad-based like a traditional Liberal Arts

489 views • 48 slides
Data Structure Web Application PA3 Teaching Data Structure Ms.Ailada Bumroong 5522800390

Data Structure Web Application PA3 Teaching Data Structure Ms.Ailada Bumroong 5522800390

Data Structure Web Application PA3 Teaching Data Structure Ms.Ailada Bumroong 5522800390 Ms.Putchamon Puttamilinprateep 5522800408 Outline Introduction Implementation Prototype Web Application ADDITION DELETION The existing

119 views • 10 slides
On the number of palindromically rich words Amy Glen School of Engineering & IT Murdoch

On the number of palindromically rich words Amy Glen School of Engineering & IT Murdoch

On the number of palindromically rich words Amy Glen School of Engineering & IT Murdoch University, Perth, Australia amy.glen@gmail.com http://amyglen.wordpress.com 59th AustMS Annual Meeting @ Flinders University Special Session:

406 views • 21 slides
PROBABILISTIC ANALYSIS OF DYNAMIC SYSTEMS WITH COMPLEX-VALUED EIGENSOLUTIONS EIGENSOLUTIONS

PROBABILISTIC ANALYSIS OF DYNAMIC SYSTEMS WITH COMPLEX-VALUED EIGENSOLUTIONS EIGENSOLUTIONS

49 th AIAA SDM Conference, Schaumburg, IL, April 2008 PROBABILISTIC ANALYSIS OF DYNAMIC SYSTEMS WITH COMPLEX-VALUED EIGENSOLUTIONS EIGENSOLUTIONS Sharif Rahman The Uni ersit of Iowa The University of Iowa Iowa City, IA 52245 Work supported

637 views • 17 slides

More recommend