Focus Group 1B Cybersecurity - PowerPoint PPT Presentation

Loading...

PPT – Focus Group 1B Cybersecurity PowerPoint presentation | free to view - id: 77d63-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Focus Group 1B Cybersecurity

Description:

Brief discussion of work completed for NRIC by FG1B ... Real World Application Example: January 25, 2003, 'Slammer' Worm Attack ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 22
Provided by: nlp1
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Focus Group 1B Cybersecurity


1
Focus Group 1B Cybersecurity Dr. Bill Hancock,
CISSP, CISM Cable Wireless FG1B
Chair bill.hancock_at_cw.com 972-740-7347
2
Purpose of Todays Brief
  • Brief discussion of work completed for NRIC by
    FG1B
  • Brief discussion of recovery best practices
    delivered on 3-14-03
  • Brief discussion on FG1B proposals to NRIC today
  • Guidance to NRIC on subsequent work in 2003 by
    FG1B per charter

3
Charter of FG1B
  • Generate Best Practices for cybersecurity
  • Telecommunications sector
  • Internet services
  • Propose New Actions (if needed)
  • Deliverables
  • December 2002 prevention (105 BPs)
  • March 2003 recovery (45 BPs)
  • Have made all deliverables, complete and on-time

4
Security in the Early Days
The Telegraph Station and Staff at Porthcurno,
1870
5
Security Evolves
The Eastern Telegraph Company demonstrates the
Telephone to Queen Victoria, 1880
6
Things, however, change.
7
The Past
8
The Present
Source http//cm.bell-labs.com/who/ches/map/gall
ery/index.html
9
Difference Between Prevention and Recovery BPs
Prevention
Ballet?
Sumo?
Both!
10
Difference Between Prevention and Recovery BPs
  • Recovery

11
Cybersecurity Recovery BPs
  • 45 delivered today per charter
  • Most are more technical than preventative
  • Some are focused on known issues
  • Extensive work on incident response
  • Some items too extensive for BPs are included as
    appendices to the recovery BPs
  • Not a one-to-one match to prevention BPs
  • Not all prevention BPs will stop incidents due to
    the nature of technologies used

12
Cybersecurity Prevention BPs
  • Edited version provided today
  • Three new BPs included (106 total)
  • Incorporated changes based on few comments
    returned during December balloting effort

13
Real World Application Example January 25, 2003,
Slammer Worm Attack
  • FG1B Prevention BPs that apply
  • 6-6-8000 Disable Unnecessary Services
  • 6-6-8008 Network Architecture Isolation/Partition
    ing
  • 6-6-8015 Segmenting Management Domains
  • 6-6-8020 Security HyperPatching
  • 6-6-8032 Patching Practices
  • 6-6-8034 Software Patching Policy
  • 6-6-8037 System Inventory Maintenance
  • 6-6-8039 Patch/Fix Verification
  • 6-6-8041 Prevent Network Element Resource
    Saturation
  • 6-6-8071 Threat Awareness
  • 6-6-8074 Denial of Service Attack Target
  • 6-6-8091 Validate source addresses

14
What Slammer Did
  • Originated in Asia at 1230am 1-25-03
  • Very small, very high propagation rate
  • Attacked MS SQL installations
  • Patch was available in July 2002
  • Affected SQL Server and MSDE installs
  • Did not affect sites that used general BP concept
    of turn it off if not needed
  • Sites that disabled UDP 1433 1434 did not allow
    propagation to network
  • Took 3 days to effectively kill it off

15
Some Slammer Lessons
  • Rapid propagation time
  • Code Red in 2001 took many hours (self
    replication in 37 minutes on average)
  • Slammer estimates are 8 minutes (self replication
    was almost immediate)
  • Payload was very small and efficient
  • From original demo code of the problem written
    last July, very compact
  • Payload was NIL, but easily could have been very,
    very UGLY
  • Companies that followed appropriate FG1B BPs NOW
    were unaffected by Slammer

16
What Does this Mean to NRIC?
  • Prevention of cyberattack is cheaper
  • Maintain SLAs, avoid penalties
  • Maintain reliability of connectivity
  • Reduce manpower costs
  • Consistent service and delivery
  • Increase customer satisfaction
  • Reduce support costs
  • Reduce negative PR burden
  • Many others

17
Cover Document Contents
  • Not required by charter
  • Included to preserve historical data
  • Included to highlight industry needs that cannot
    be solved by BPs at this time
  • Contains
  • Charter
  • History
  • Guidance issues
  • General issues and comments
  • Proposals

18
Highlights of General Issues
  • Current infrastructures built on total trust
    model, which makes security very complex and
    difficult
  • Need investment and RD to secure infrastructures
  • Potential NRIC work items on infrastructure
    long-term planning for security inclusion in
    future architecture
  • Convergence of network types will lead to
    weakened security of traditionally difficult to
    access networks (e.g. analog voice converges to
    VoIP on a data network CDMA cellular converges
    to 3G on shared IP infrastructure)
  • Corporate investment in security needs to be
    continued priority and reality

19
Highlights of Proposals
  • Improve Signaling Protocol Security
  • Accelerate Secure Network Element Technology
    (particularly protection against resource
    saturation attacks)
  • Improve the Authentication/Security of BGP
  • Improve the Authentication/Security of DNS
  • Interoperability Testing
  • IPv6 Transition
  • Key Management
  • PBX and Voicemail security
  • Software certification
  • Security certification of products and svcs

20
Next Steps
  • Evangelism efforts for FG1B BPs
  • Trade shows
  • Speeches and conferences
  • Internal efforts
  • Publications and interviews
  • Update of BPs later in 2003
  • Comments back from ballot efforts
  • Industry comments
  • Known need to add a few more
  • Preparation for industry survey in 2004 for
    adoption of FG1B cybersecurity BPs

21
Focus Group 1B Cybersecurity Dr. Bill Hancock,
CISSP, CISM Cable Wireless FG1B
Chair bill.hancock_at_cw.com 972-740-7347
About PowerShow.com