Hank Kluepfel, CPP 01-973-543-7064 [email protected] Sept 10-11, 2001 Workshop: Mitigating...
-
date post
20-Dec-2015 -
Category
Documents
-
view
226 -
download
0
Transcript of Hank Kluepfel, CPP 01-973-543-7064 [email protected] Sept 10-11, 2001 Workshop: Mitigating...
![Page 1: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/1.jpg)
Hank Kluepfel, CPP01-973-543-7064
Sept 10-11, 2001Sept 10-11, 2001Workshop:Workshop:
Mitigating the Vulnerability of Critical Mitigating the Vulnerability of Critical Infrastructures to Catastrophic FailuresInfrastructures to Catastrophic Failures
Security of Next Generation Security of Next Generation Networks: When Best Effort is not Networks: When Best Effort is not enoughenough
![Page 2: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/2.jpg)
2
My BackgroundMy Background
First case prosecuted under US Computer Crime Law First Defense-In-Depth Quality Program on Security Design
and Management:• Assess Current Environments e.g., multidiscipline audits• Close Known Holes e.g., awareness, patches & reporting• Architect Security Into standards, requirements, systems & R&D• Deploy a network element border firewall
First Information Sharing & Leadership• Domestic -NSTAC Network Security Panel –1990• International - IEEE International Carnahan Conference Papers
First to be sued in the line of duty, first to be dismissed for wrongful litigation
Authored First SS7 (CCITT #7) Security Best Practice – ATIS Security Base Guideline for Interconnected SS7
First to Chair an NRIC Focus Subgroup on Security
![Page 3: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/3.jpg)
Traditional Threat TreeTraditional Threat Tree
Threat
UnintentionalNatural Errors, Omissions Intentional
Outsider
•software bugs•system overloads•hardware failures•poorly trained administrators•errors and accidents•uniformed, unmotivated and/or
incompetent custodians
•fires•floods•earthquakes•hurricanes•extreme heat•extreme cold
Insider•Dishonest or disgruntled employee, partner, outsource employee or contract employee
•Hacker/Phreaker•spy•fraudster•disgruntled former employee
Exploitable Vulnerabilities•buffer overflows•Insecure defaults
![Page 4: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/4.jpg)
4
Telecom Incident’s At A Glance:Telecom Incident’s At A Glance: High Tech Telecom Hacks Linked to Organized Crime High Tech Theft Strong Arm Burglaries of Central Offices Burglary of Central Offices and Centers Sophisticated Theft of Services Unindicted Co-Conspirators Often On Payroll of Carriers Theft of Intellectual Property & Privacy Sophisticated Fraud through network manipulation Law Enforcement Operations Targeted Internet Economy Enabled Hacking Vulnerable Operations: If its isn’t in the release and administration neutral, its
not patched or managed Virtually every case found by accident or error
![Page 5: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/5.jpg)
5
High
Low
1980 1985 1990 1995 2000
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
scanners/sweepers
sniffers
packet spoofing
GUI automated probes
denial of service
SONET /SDHbackbone attacks
Tools & Techniques
Threat
Skills &Knowledge
Sophistication
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
network element Trojans
PAD to PAD
Y2K enabled hacking
Decreasing Barriers to Intrusion:It just gets easier!
Sources: •CERT® Coordination Center•Network Reliability and Interoperability Council
Distributed denial of service /advanced virus /worm techniques
Baseline Reference: Telecommunications Risk Assessment NSTAC, June ‘99
Wireless Hack-in-a-box e.g., AirSnort aimed at WEP/802.11bhttp://www.wired.com/news/print/0,1294,46187,00.html
![Page 6: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/6.jpg)
6
Cross Elastic Converged Network attacks:Cross Elastic Converged Network attacks:
Use worm to gain control of 104 - 106 zombies
Anonymizer
Thousands of targets
Zombies(20-90 K observed during CodeRed)
Reflectors
Source: Stuart Staniford, O. Sami Saydjari & Ken Williams
![Page 7: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/7.jpg)
7
Code Red WormCode Red Worm
Affecting IIS web server software and propagating to other selected IP addresses through Port80 (http) connectivity
Evolution and impact of worm inevitable– Exploit trust relationships – Multiple Operating Systems– Code Posted on the Internet by White hat hackers– Now targeting local hosts first causing network congestion– More hidden elements e.g., backdoor Trojan Horse for POST IIS
Patch Access Relevance to NGN
– At least three major providers of NGN products impacted– Access and management systems impacted– Other NGN aspects (e.g., Network OAM&P) ripe for potential
exploitation
![Page 8: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/8.jpg)
8
Network Convergence Dream:Network Convergence Dream:Merging the Voice and Data WorldsMerging the Voice and Data Worlds
Circuit Switching TDM transport High reliability
(Five9’s) Limited
programmability Time sensitive billing Slow service set-up Dumb phones Telephony services IN Services
• Packet Switching• Intelligence at “edge”• Lower reliability &
security• Innovation in PC and
enterprise applications• Flat rate or bandwidth
pricing• Hard to achieve quality• Smart PCs
• Single infrastructure• Packet Switching• Intelligence
distributed/collaborative• Best Effort reliability,
security & QoS• Innovative business to
business applications• High value service
bundles• Steep learning curve on
security
![Page 9: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/9.jpg)
9
Telcordia’s Call Agent Telcordia’s Call Agent ArchitectureArchitecture
ServiceServiceExecutionExecution
AnnouncementServer
AnnouncementServer
TCAP/SS7ISUP/SS7
MGCP MGCP
SS7SS7GatewayGateway
PublicSignalingNetwork
ISCPISCPISCPISCPCustomerCustomerCare &Care &BillingBilling
NetworkNetworkOSSsOSSs
MG
CP
ServiceServiceDefinitionDefinition
APICustomer
TelCoServiceApplets
- Service Definition- Billing- Provisioning
GUI JAVA
TrunkingGateway
BackboneNetwork
Res Hub
Voice/IP
Voice/IP
PSTNVoice/IP/ATMSONET/SDH
Call AgentExchange
Link
HFCADSLWLL
![Page 10: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/10.jpg)
10
Lucent TechnologiesOpen Service Creation & Internetworking
Lucent Gateway 1000™
Cisco 5300™
Ascend MAX6000™
Lucent PacketVoice Gateway
Lucent 5ESS
Service Provider Servlet
User Feature Applet
H.323V2Device Server
SS7Device Server
Call CoordinatorCall Coordinator
DirectoryCoordinator
H.323v1Device Server SS7 Gateway
Device Servers
IP Databases PSTN Databases
PacketStar IP Services Platform
![Page 11: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/11.jpg)
11
Network Connectivity
Protocols: TCP/IP, TL1
File Systems, DBMS
OS, Sys. Lib., Drivers
Middleware
Appl 1 Appl 2 Appl n
F1
Fn
F1
Fn
F1
Fn
Network Connectivity
Protocols: TCP/IP, TL1
File Systems, DBMS
OS, Sys. Lib., Drivers
Middleware
Appl 1 Appl 2 Appl n
F1
Fn
F1
Fn
F1
Fn
Security issues are suspect at every layer of the infrastructure ...
Hardware Platforms Hardware Platforms
Interconnecting Networks
User Interface device/ system
User Interface device/ system
![Page 12: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/12.jpg)
12
Common Problems Common Problems Vulnerabilities & ErrorsVulnerabilities & Errors
Policies and standards driven by known exploits rather than integral with evolving technology and services
Unencrypted Login Sessions over vulnerable networking coupled with Reusable Passwords
Poor access controls Search for Holes in Protocols Outdated Physical Security Uncontrolled networking Inadequate documentation Insecure System Defaults Weak Auditing & Reporting
CriticalInfrastructure
Resources
![Page 13: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/13.jpg)
13
Network Convergence Nightmare:Network Convergence Nightmare:VoIP Service Attacks demonstrated VoIP Service Attacks demonstrated
Denial of service through buffer overflows against IP phones and gatekeepers (Root cause: Relevant Standards are ill-defined on security policy and expected behavior)
Modifying user registration to re-direct callsUnauthorized monitoring of RTP call flowsMan-in-the-Middle (H323) proxy modification of signaling & content
Brute force account password attacks on management interfaces
Local network sniffing of account passwords and software updates (configuration and feature changes)
Source: Utz Roedig paper, Darmstadt University of Technology http://www.aravox.com/literature/aravox_security_analysis_ip_telephony.pdf
![Page 14: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/14.jpg)
Today’s Business Case Today’s Business Case for Securityfor Security
Vision/Strategy
Board ofDirectors
SeniorManagement
SecurityProgram
Assets
RiskAnalysis
BusinessCase
Incidents/Accidents
SecurityRequirements
VulnerabilityA
nalysis
Security Investments
Inve
stm
ent R
eque
sts
Motivations
• Shareholder/Stake-holder Value Added
• Capital Markets Perception
• Regulations/ Ordinances
• Securities Rules and Regulations Compliance
• Assurance/Insurance• Competitive
Advantage• Intangibles• Media
Organizational Response:
Prevention/ Mitigation
Source: www.ncs.gov (off line due to CODE RED WORM)
![Page 15: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/15.jpg)
15
Factors influencing platform selections Factors influencing platform selections by Service Providersby Service Providers
Assure security in the initial architecture Stick with standards and avoid proprietary
security algorithms Focus on Authentication, Authorization,
Accounting Protect SS7 to IP interconnects Invite customers to test security of beta
products Set defaults to ‘secure’ on new elements
Source: Verizon paper, Converged Networks & Security; NSTAC R&D Exchange, Telecommunications and Information Security Workshop 2000
![Page 16: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/16.jpg)
16
Related Security Standards and Best Practices Related Security Standards and Best Practices ForaFora
Secure Tunneling - e.g., IPSec Packet cable security specification Common Criteria switch profile ITU H235 SNMP security ATM Forum security specification T1S1 SS7 security standard based on the Generic Upper
Layer Security (GULS) functions described in 'Information Technology - Open Systems Interconnection Upper Layers Security Model', ISO/IEC IS 10745, June 1993. IETF efforts on control protocols (e.g., SIP)
Network Reliability and Interoperability Council (NRIC) V Others Candidates that we might help develop?
![Page 17: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/17.jpg)
17
Targeting Interoperability and QualityTargeting Interoperability and QualityUse of security standards that can address GW-GW, inter-system and end-to-end interactions
Address signaling security, NGN and PSTN interfaceUse security tunneling designed for IPv4 & IPv6Adopt ATM Forum security specification that addresses multiple planes
Support intersystem negotiation of security parametersLeverage common security services and supporting infrastructure (e.g., Directories, DNS)
Extending security baseline requirements defined for PSTN - e.g., Telcordia GR-815 Update (Available for Comment)
Leveraging industry best practices - e.g., IPSec / VPNsAdopting common Internet firewall approachUse industry best practices & interoperability testing
![Page 18: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/18.jpg)
18
Security of Telecom Network ElementsSecurity of Telecom Network ElementsCurrent GR-815-CORECurrent GR-815-CORE
First Published in 1989, updated in 1997 Procurements Specified by RBOCS and other
LECs Accepted as “de facto standard” for Telecom
NEs by all major suppliers and service operators From ~20% to Over ~95% compliance ‘90-’95 Model for NIST Common Criteria Telecom
Switching Profile Model for ATIS SS7 Base Security Guideline
![Page 19: Hank Kluepfel, CPP 01-973-543-7064 henry.m.kluepfel@saic.com Sept 10-11, 2001 Workshop: Mitigating the Vulnerability of Critical Infrastructures to Catastrophic.](https://reader036.fdocuments.in/reader036/viewer/2022081504/56649d4c5503460f94a2a059/html5/thumbnails/19.jpg)
19
Summary & CommentarySummary & Commentary
Next Generation Networks– More open and connected– More complex, distributed– More Interdependencies– Growing Vulnerabilities– Increasing standards of Due Care– Increased focus on standards– Less interoperable solutions
apparent– Great need for consensus on
standards and best practices An excellent opportunity for
CIPSource: Mike Thompson, Detroit Free Press
Questions: Hank Kluepfel, CPP01-973-543-7064