t1m1 management plane security standard t1 276
play

T1M1: Management Plane Security Standard (T1.276) Presentation - PowerPoint PPT Presentation

May 28, 2023 •161 likes •412 views

T1M1/2003-039R3 July 9, 2003 T1M1: Management Plane Security Standard (T1.276) Presentation Contributors and Liaison Representatives: Mike Fargano - T1M1 Chair, michael.fargano@qwest.com Jim Stanco - T1M1 Vice Chair (previous),

  1. T1M1/2003-039R3 July 9, 2003 T1M1: Management Plane Security Standard (T1.276) Presentation Contributors and Liaison Representatives: Mike Fargano - T1M1 Chair, michael.fargano@qwest.com Jim Stanco - T1M1 Vice Chair (previous), jim.stanco@aol.com Lakshmi Raman - T1M1.5 Chair, lraman@sunreyes.com Mike McGuire - T1M1 Security Team Lead, mm8631@sbc.com Rod Wallace - T1M1 Security SME, rod.wallace@nortelnetworks.com Chris Lonvick - T1M1 Security SME, clonvick@cisco.com Note: This presentation is for general information sharing purposed only – refer to T1.276 American National Standard (and/or latest draft proposed ANS) for details and clarifications. 1

  2. Outline • Why Care? • T1M1 Overview • OAM&P Simplified Reference Model • T1M1 History in Security • Management Plane Security: – Business Drivers/Case and Motivation – Objective – Driving Principles – Network Mgt Security Reference Model – Summary/Status, Challenges, Contributors 2

  3. Why Care? Network Management Security Risk • From ATIS/T1 Press Release on T1M1 Security Work (http://www.atis.org/atis/press/pressreleases2002/100202.htm): – “A security breach of a NE or OSS at the Management Plane could include a major incursion into the network by an intruder, leading to loss of integrity and service of the elements and a major network outage or disruption.” 3

  4. T1M1 - Overview • Telecom Network Management – Operations, Administration, Maintenance, and Provisioning (OAM&P); Technical Subcommittee of Committee T1 – ANSI Accredited USA SDO • Major Programs: – Common OAM&P Functionality and Technology – Inter-Administration OAM&P (OSS Interconnect) – Network Technology-Specific OAM&P • OAM&P Security: Part of each major program; bulk of work in Common OAM&P Functionality and Technology program 4

  5. OAM&P Simplified Systems Interface Reference Model X Suite of standard telecom B2B (interconnect) interfaces Core OSSs tML(XML), EDI, CORBA, ... Q Q CORBA, tML (XML), … EMSs SNMP, CORBA, TL1, MML, … Q Network 5

  6. T1M1 History in Security • Network Management Security Areas: – NEs and OSSs OAM&P interfaces – NS/EP, Emergency Telecom Services (ETS), Lawfully Authorized Electronic Surveillance • 1980’s to 2001: Many standards per above (see document T1M1/2002-006 for history to 2001 ftp://ftp.t1.org/T1M1/M1.0/2002/2m100060.pdf) • 2002/2003: Management Plane Security Standard – Collaboration with T1M1, NSTAC NSIE, Gov NSIE, + liaisons 6

  7. Mgt Plane Sec – Business Drivers • Net Mgt Security Standard Business Drivers : – Efficiency: Reduced costs via commonality - economies of scale – Effectiveness: Common baseline for security functionality - reasonable risk management • Common baseline network management security requirements for NEs and OSSs to build network technology specific OAM&P security specifications and standards upon (e.g., optical network OAM&P security) 7

  8. Mgt Plane Sec – Business Case The general business rational to implement the Management Plane Security Standard is that it: 1. Raises the baseline OAM&P security requirements to meet the new (current) realized security risks and; 2. Provides for the new minimum cost zone between relatively too little security and too much security (with the relative high costs that come with these two extremes). 8

  9. Mgt Plane Sec – Business Case Framework Generic security business case is Risk Management based. A given curve represents the cost/security tradeoffs given a set High of realized (i.e., accountable) threats, vulnerabilities, risk based incident/attack costs, and direct/indirect security costs. High risk High direct/ Minimum cost zone is at the . . Total based costs indirect costs bottom of the curve - between Cost relatively too little security and (risk based plus direct too much security (with the & indirect Cost relative high costs that come . costs) Savings Opportunity with these two extremes). Low Low High Security Level 9

  10. Mgt Plane Sec – Business Case with Increased Security Risks High New curve based on realization of new set New Total of increased threats, Security Cost vulnerabilities, Scenario Old (risk based plus direct incident/attack costs, Security & indirect Scenario and security costs – costs) e.g., post 9/11 Low Low High Security Level 10

  11. Mgt Plane Sec – Business Case: Cost Shifts w/ Increased Security Risks To capture the new minimum cost zone while the new security scenario is in play – the Security Level High must be increased. Being at the old . minimum cost New Total Old Security Level while Cost the new security (risk based plus direct scenario is in play Cost . . & indirect Savings A puts an organization costs) Opportunity C in a relatively high B Total Cost position. C Low A SL B SL Low High Security Level 11

  12. Mgt Plane Sec – Motivation • A major concern to NSIE and T1M1 is that network infrastructure is a terrorist target, identified as part of National Critical Infrastructure. • Our industry is transitioning to converged packet networks resulting in an increased sense of vulnerability. • Service providers are specifying similar but different security requirements for products resulting in inconsistent vendor feature sets. System Integration and operations costs increase when • dealing with vendors products that have differing security features and functionality. • Infrastructure Security adds cost without generating additional revenue for both vendors and service providers alike. 12

  13. Mgt Plane Sec - Network (NGN) Security Challenges Then Now Isolated Network Public Network Management Management Control/Signaling Control/Signaling Bearer/Data Bearer/Data Public Network • Public traffic and management/control traffic • Public traffic and management/control traffic are sent on the same network. were sent on separate networks. • Threats in Public network are now threats to • Threats in Public network were insulated from network management and control network management and control • Management and Control network was easier • Management and Control network now needs to secure – e.g., known users. higher security level, e.g., security level that is applied to secure Public traffic. 13

  14. Mgt Plane Sec - Objective Define a consistent and standardized set of baseline network element and network management security requirements. Standardize this set of security requirements within standards organizations such as T1M1 and ITU-T (SG4). These requirements will: • Ensure a minimal baseline of security throughout the industry. • Provide vendors with a standard set of design objectives in relation to product and network security features. • Make it easier for service providers to procure & build a secure infrastructure comprised of multiple vendor platforms. 14

  15. Mgt Plane Sec - Key Principles • Secure management traffic with strong encryption and authentication. • Authenticate and attribute all management actions. • Maintain secure logs for all of the above. 15

  16. Network Management Security Reference Model Network Management System 4. Remote Operator To NMS 7. Local Operator To NMS 1. NMS to EMS 2. NMS to NE 12. EMS to EMS Element Management Remote Element Management Local System Operator Operator System 8. Local Operator To NMS 5. Remote Operator To EMS 3. EMS to NE 6. Remote Operator To NMS 9. Local Operator To NE Network Element 10. NE to NE 11. NE to Foreign NE Multi-Vendor Network Element Network Element 16

  17. Mgt Plane Sec - Summary/Status • Started work in NSIE with intent to make OAM&P security best practice recommendations public. NSIE and T1M1 agreed that T1M1 adoption was an effective means to make document public and standard. – Status: Draft Standard (T1.276) Letter Ballot process completed - see document T1M1.5/2003-007R5 – Final (official) publication version should be available by end of July 2003. • Recommendations brought to the NRIC VI Workgroup 1B for inclusion in Cyber-security OAM Best Practices. • Submitted to the ITU-T (SG4) for adoption as an International Standard (ITU-T Recommendation). 17

  18. Mgt Plane Sec – Challenges • To have the standard used and implemented - ASAP – There is evidence that this is happening. • Wide spread adoption of the standard. – Vendors and Service Provider contributors are working this now. 18

  19. Mgt Plane Sec – Key Contributors BellSouth Booz-Allen Hamilton BT Cisco DoD/NorAD Harris Lucent Nortel Networks Qwest SBC Siemens Telcordia Verizon Worldcom 19

  20. Management Plane Security Appendix: Backup Slides 20

  21. Security Framework Model Application Security THREATS Communication Security Access Management repudiation Authentication Data Security Interruption Availability Integrity Privacy Service Security Interception VULNERABILITIES Modification Non - Fabrication Infrastructure Security ATTACKS End User Plane Security Dimensions Control Plane Management Plane 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pinhole Cameras f 1 y P p z v x ! C u Retinal plane Normalized image plane Standard

Pinhole Cameras f 1 y P p z v x ! C u Retinal plane Normalized image plane Standard

Pinhole Cameras f 1 y P p z v x ! C u Retinal plane Normalized image plane Standard Perspective Camera Model Skew of camera axes. ! = 90 o Scale in x direction between world if the axes are perpendicular coordinates and image coordinates

426 views • 27 slides
Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data

Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data

Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data delivery Control Plane To support data delivery (efficiently, reliably, and etc.) Routing information exchange In some sense, every protocol

396 views • 39 slides
1 Background | Problems | Challenges | Design | Evaluation | Summary Control Plane Applications

1 Background | Problems | Challenges | Design | Evaluation | Summary Control Plane Applications

SPEED Resource-Ef+icient and High-Performance Deployment for Data Plane Programs Xiang Chen , Hongyan Liu, Qun Huang, Peiqiao Wang, Dong Zhang, Haifeng Zhou, Chunming Wu Control Plane Applications Monitor Security Routing Data Plane

826 views • 45 slides
A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer

A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer

A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer API James Jody Neel Security Propagation benefits ZigBee james.neel@crtwireless.com 32- / 64- / 128-bit encryption Alliance might enable

773 views • 24 slides
Management of ASON- -capable capable Management of ASON Network and its Control Plane Network

Management of ASON- -capable capable Management of ASON Network and its Control Plane Network

I nternational Telecom m unication Union ITU-T Management of ASON- -capable capable Management of ASON Network and its Control Plane Network and its Control Plane H. Kam LAM Lucent Technologies I TU-T W orkshop NGN and its Transport

449 views • 28 slides
Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane Hongil Kim , Jiho

Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane Hongil Kim , Jiho

Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane Hongil Kim , Jiho Lee, Eunkyu Lee, and Yongdae Kim 2019 IEEE Symposium on Security and Privacy LTE communication is everywhere Public safety services Autonomous driving

605 views • 34 slides
SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane

SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane

SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane Overview Data plane: How to send packets [Chapter 2.2, Chapter 8] Path lookup Path combination Path encoding in packet 2 Path

387 views • 18 slides
SCION: Control Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Control

SCION: Control Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Control

SCION: Control Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Control Plane Overview Control plane: How to find and distribute end-to-end paths [Chapter 2.1, Chapter 7] Path exploration Path registration

411 views • 22 slides
4. Coordinate geometry A special kind of geometry where the position of points on the plane is

4. Coordinate geometry A special kind of geometry where the position of points on the plane is

D AY 107 A RECTANGLE AND A SQUARE ON THE X - Y PLANE I NTRODUCTION A plane figure in the x-y plane can resemble one of the common quadrilaterals we have come across, but that is not enough to show that the figure meets all the basic

1.45k views • 24 slides
If a plane cuts through a cone such that the plane is not parallel to the sliding side of the cone

If a plane cuts through a cone such that the plane is not parallel to the sliding side of the cone

D AY 138 E QUATION OF ELLIPSE I NTRODUCTION A plane cutting through a circular cone produces different shapes depending on the angle the plane makes with the circular cone. If the plane cuts across the cone such that it is not

811 views • 20 slides
Notes Other Standard Approach Find where line intersects plane of triangle Email list

Notes Other Standard Approach Find where line intersects plane of triangle Email list

Notes Other Standard Approach Find where line intersects plane of triangle Email list Check if it s on the segment Even if you re just auditing! Find if that point is inside the triangle Use barycentric coordinates

540 views • 4 slides
Overview Attacks Handling Security Incidents Security Incidents Handling Security

Overview Attacks Handling Security Incidents Security Incidents Handling Security

Overview Attacks Handling Security Incidents Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Chapter 7 Standard Incident Handling Procedures Learn

358 views • 7 slides
DPX: Data-Plane eXtensions for SDN Security Service Instantiation Taejune Park , Yeonkeun

DPX: Data-Plane eXtensions for SDN Security Service Instantiation Taejune Park , Yeonkeun

DPX: Data-Plane eXtensions for SDN Security Service Instantiation Taejune Park , Yeonkeun Kim , Vinod Yegneswaran , Phillip Porras , Zhaoyan Xu , KyoungSoo Park , and Seungwon Shin 1) KAIST, Korea 2) SRI

697 views • 35 slides
Performance and Security Evaluation of SDN Networks in OMNeT++/INET Marco Tiloca, Alexandra

Performance and Security Evaluation of SDN Networks in OMNeT++/INET Marco Tiloca, Alexandra

Performance and Security Evaluation of SDN Networks in OMNeT++/INET Marco Tiloca, Alexandra Stagkopoulou, Gianluca Dini Software Defined Networking - Overview Key concepts Separation of Control plane and Data plane Centralized SDN

386 views • 22 slides
Drivers For Control Plane Technology Alan McGuire, New Wave Networks, OneIT, BT Management

Drivers For Control Plane Technology Alan McGuire, New Wave Networks, OneIT, BT Management

Drivers For Control Plane Technology Alan McGuire, New Wave Networks, OneIT, BT Management & Control Starting point is service management Network management criticism cannot be applied universally Not all systems are the

137 views • 13 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
policies Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this

policies Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this

Information security policies Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this lecture: 1. ISO 27001 and ISO 27002 2. Besluit voorschrift informatiebeveiliging rijksdienst 2007 (www.wetten.nl) 3.

680 views • 40 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
Secrecy Security Policy CSE497b - Spring 2007 Introduction Computer and Network Security

Secrecy Security Policy CSE497b - Spring 2007 Introduction Computer and Network Security

Secrecy Security Policy CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Secrecy

389 views • 23 slides
Probable Security of Networks LI Angsheng Institute of Software Chinese Academy of Sciences

Probable Security of Networks LI Angsheng Institute of Software Chinese Academy of Sciences

Definitions Security model Mathematical principles Security theorems Probable Security of Networks LI Angsheng Institute of Software Chinese Academy of Sciences Joint work with Yicheng Pan, Wei Zhang Fragrant Hill Meeting 6th, Oct 2013

488 views • 36 slides
Managing random generator seeds with SeedService Gianluca Petrillo University of

Managing random generator seeds with SeedService Gianluca Petrillo University of

Managing random generator seeds with SeedService Gianluca Petrillo University of Rochester/Fermilab LArSoft Coordinators Meeting, February 24 th , 2015 February 24 th , 2015 G. Petrillo (Rochester/FNAL) Managing random generator seeds with

425 views • 16 slides
k -variates++: Poster #29, Mon. 3-7pm more pluses in the k -means++ Richard Nock , Raphal

k -variates++: Poster #29, Mon. 3-7pm more pluses in the k -means++ Richard Nock , Raphal

(formerly NICTA) k -variates++: Poster #29, Mon. 3-7pm more pluses in the k -means++ Richard Nock , Raphal Canyasse, Roksana Boreli, Frank Nielsen DATA61 | ANU | TECHNION | ECOLE POLYTECHNIQUE | UNSW | SONY CS LABS, INC. www.data61.csiro.au In

288 views • 26 slides
EX/7-2: Impurity Seeding on JET to Achieve Power Plant like Divertor Conditions M. Wischmeier

EX/7-2: Impurity Seeding on JET to Achieve Power Plant like Divertor Conditions M. Wischmeier

EX/7-2: Impurity Seeding on JET to Achieve Power Plant like Divertor Conditions M. Wischmeier Max-Planck-Institut fr Plasmaphysik, Garching, Germany 25 th IAEA Conference, St Petersburg, 2014 M. Wischmeier 1 /27 25 th IAEA

295 views • 27 slides
Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and

Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and

Search Based Test Data Generation for Server-side Web Application Testing Nadia Alshahwan and Mark Harman CREST Centre University College London Automated web application testing using search based software Engineering (ASE 2011) Hill

588 views • 15 slides

More recommend