Focus Group 1B Cybersecurity - PowerPoint PPT Presentation


PPT – Focus Group 1B Cybersecurity PowerPoint presentation | free to view - id: 77d63-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Focus Group 1B Cybersecurity


Brief discussion of work completed for NRIC by FG1B ... Real World Application Example: January 25, 2003, 'Slammer' Worm Attack ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 22
Provided by: nlp1


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Focus Group 1B Cybersecurity

Focus Group 1B Cybersecurity Dr. Bill Hancock,
CISSP, CISM Cable Wireless FG1B
Chair 972-740-7347
Purpose of Todays Brief
  • Brief discussion of work completed for NRIC by
  • Brief discussion of recovery best practices
    delivered on 3-14-03
  • Brief discussion on FG1B proposals to NRIC today
  • Guidance to NRIC on subsequent work in 2003 by
    FG1B per charter

Charter of FG1B
  • Generate Best Practices for cybersecurity
  • Telecommunications sector
  • Internet services
  • Propose New Actions (if needed)
  • Deliverables
  • December 2002 prevention (105 BPs)
  • March 2003 recovery (45 BPs)
  • Have made all deliverables, complete and on-time

Security in the Early Days
The Telegraph Station and Staff at Porthcurno,
Security Evolves
The Eastern Telegraph Company demonstrates the
Telephone to Queen Victoria, 1880
Things, however, change.
The Past
The Present
Source http//
Difference Between Prevention and Recovery BPs
Difference Between Prevention and Recovery BPs
  • Recovery

Cybersecurity Recovery BPs
  • 45 delivered today per charter
  • Most are more technical than preventative
  • Some are focused on known issues
  • Extensive work on incident response
  • Some items too extensive for BPs are included as
    appendices to the recovery BPs
  • Not a one-to-one match to prevention BPs
  • Not all prevention BPs will stop incidents due to
    the nature of technologies used

Cybersecurity Prevention BPs
  • Edited version provided today
  • Three new BPs included (106 total)
  • Incorporated changes based on few comments
    returned during December balloting effort

Real World Application Example January 25, 2003,
Slammer Worm Attack
  • FG1B Prevention BPs that apply
  • 6-6-8000 Disable Unnecessary Services
  • 6-6-8008 Network Architecture Isolation/Partition
  • 6-6-8015 Segmenting Management Domains
  • 6-6-8020 Security HyperPatching
  • 6-6-8032 Patching Practices
  • 6-6-8034 Software Patching Policy
  • 6-6-8037 System Inventory Maintenance
  • 6-6-8039 Patch/Fix Verification
  • 6-6-8041 Prevent Network Element Resource
  • 6-6-8071 Threat Awareness
  • 6-6-8074 Denial of Service Attack Target
  • 6-6-8091 Validate source addresses

What Slammer Did
  • Originated in Asia at 1230am 1-25-03
  • Very small, very high propagation rate
  • Attacked MS SQL installations
  • Patch was available in July 2002
  • Affected SQL Server and MSDE installs
  • Did not affect sites that used general BP concept
    of turn it off if not needed
  • Sites that disabled UDP 1433 1434 did not allow
    propagation to network
  • Took 3 days to effectively kill it off

Some Slammer Lessons
  • Rapid propagation time
  • Code Red in 2001 took many hours (self
    replication in 37 minutes on average)
  • Slammer estimates are 8 minutes (self replication
    was almost immediate)
  • Payload was very small and efficient
  • From original demo code of the problem written
    last July, very compact
  • Payload was NIL, but easily could have been very,
    very UGLY
  • Companies that followed appropriate FG1B BPs NOW
    were unaffected by Slammer

What Does this Mean to NRIC?
  • Prevention of cyberattack is cheaper
  • Maintain SLAs, avoid penalties
  • Maintain reliability of connectivity
  • Reduce manpower costs
  • Consistent service and delivery
  • Increase customer satisfaction
  • Reduce support costs
  • Reduce negative PR burden
  • Many others

Cover Document Contents
  • Not required by charter
  • Included to preserve historical data
  • Included to highlight industry needs that cannot
    be solved by BPs at this time
  • Contains
  • Charter
  • History
  • Guidance issues
  • General issues and comments
  • Proposals

Highlights of General Issues
  • Current infrastructures built on total trust
    model, which makes security very complex and
  • Need investment and RD to secure infrastructures
  • Potential NRIC work items on infrastructure
    long-term planning for security inclusion in
    future architecture
  • Convergence of network types will lead to
    weakened security of traditionally difficult to
    access networks (e.g. analog voice converges to
    VoIP on a data network CDMA cellular converges
    to 3G on shared IP infrastructure)
  • Corporate investment in security needs to be
    continued priority and reality

Highlights of Proposals
  • Improve Signaling Protocol Security
  • Accelerate Secure Network Element Technology
    (particularly protection against resource
    saturation attacks)
  • Improve the Authentication/Security of BGP
  • Improve the Authentication/Security of DNS
  • Interoperability Testing
  • IPv6 Transition
  • Key Management
  • PBX and Voicemail security
  • Software certification
  • Security certification of products and svcs

Next Steps
  • Evangelism efforts for FG1B BPs
  • Trade shows
  • Speeches and conferences
  • Internal efforts
  • Publications and interviews
  • Update of BPs later in 2003
  • Comments back from ballot efforts
  • Industry comments
  • Known need to add a few more
  • Preparation for industry survey in 2004 for
    adoption of FG1B cybersecurity BPs

Focus Group 1B Cybersecurity Dr. Bill Hancock,
CISSP, CISM Cable Wireless FG1B
Chair 972-740-7347