2009 06 08 barry foer isa and lawrence dobranski nortel isas voip security program update at nist...
TRANSCRIPT
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
1/13
1
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
2/13
BUSINESS MADE SIMPLE
2
ISAlliance SCAP VoIP Project Update
12 June 2009Lawrence G Dobranski, CISSP-ISSAP, CISM, CSSLPLeader, Security Architecture & ComplianceCarrier VoIP and Applications SolutionsNortel
[email protected](613) 763-6866
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
3/13
3
Agenda
ISA VoIP Proposal & Status Snapshot Schedule, Deliverables & Status Scope & Objective Statement Resources Next Steps
Program Meeting ScheduleTechnical Working Groups Meeting
BackupVoIP Security StandardsParticipants from IndustryParticipants from Government
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
4/13
4
ISAlliance VoIP Proposal & StatusSnapshot
ToleadandinfluencethedevelopmentofindustrybasedSCAPchecklistsforVoiceandVoIPSecurityforGovernment,CricalInfrastructureandEnterprises(approvedFeb2008ISAllianceBoDMee9ng)
VoIPSecurityImplementaonandAssuranceWorkshopheld@NIST(complete,Sept22nd--23rd,2008)SCAPVoiceandVoIPChecklists:
PhaseIreportsdueSecurityAutma9onConferenceOct200ApplicabilityofSCAPtoVoIPBaselineStandards
PhaseII--proposedBasedoncurrentindustrystandardsforVoiceandVoIPSecurityDevelopedbyajointGovernment/Industryworkinggroups
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
5/13
5
Scope, Objective & Deliverables
Objective: The development of industry based Baseline SCAP checklists for Voiceand VoIP Security for Government, Critical Infrastructure and Enterprises
Scope:SCAP Voice and VoIP Checklists Based on current industry standards for Voice and VoIP Security Developed by a joint Government/Industry working group
Deliverables: Policy Checklists for VoIP Security ( XCCDF based)
XML format standardized checklist representing VoIP Security Policy: CPE Platform reference platform configuration based on source VoIP Security standards CCE Miss configuration reference configuration for VoIP systems CVSS Impact reference framework for characteristics and impacts for vulnerabilities in VoIP
Systems
Schema for VoIP Systems (OVAL based) XML format specifying vulnerability and configuration tests or changes A collection of XML schema for representing VoIP Solution system information, expressing
specific machine states, and reporting the results of an assessment Reference implementation for VoIP Systems
API Reference Implementation Reference implementation API for VoIP System Vendors, utilizing management, signaling
and media plan model.
VoIP Solution vendors will implement specific interpretations of the ISAlliancedeliverables for their solutions.
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
6/13
6
Schedule, Deliverables & Status
Event Plan Status
Kick-offmeengwithNISTtopresentISAProposal&inialparcipants
July2008 Complete
JointlyhostwithNISTaVoIP
SecurityImplementa3onandAssuranceWorkshoptodiscusstheapplicabilityofSCAPtoVoIPandtoestablishtheneedforaSCAPchecklistforVoIPdevelopedbyindustry.
ProposedagendaendofJuly2008
KeyparcipantsIDedmidAugust2008
EventOct2008
AtNISTs4thAnnualInforma3onSecurityAutoma3onConference(Sept22nd23rd)
ISAlliancepresentedattheconference
ISAlliancehostedadaylongworkshopontheapplicabilityofSCAPtoVoIP
ISAleadworkinggroupsformedto:1)assessapplicabilityofSCAPtoVoIP,2)todetermineappropriatereferencestandards
Bi-weeklyvirtualmeengs ReportscompleteendAugust
2009 Reportstobepresentedat5thAnnualInforma3onSecurity
Automa3onConference(Sept
2009)
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
7/13
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
8/138
SCAP Baseline Working Group
Status: Yellow Accomplishments To Date:
SCAP 101 and 102 presented Near Term Work Plan (Due 7/4):
Strawman work plan developed Longer Term Work Plan:
Draft Whitepaper (Due 8/10) Produce Presentation (Due 8/31)
Virtual Meetings: Meets every 2nd Thursday @ 1:00 PM Eastern for 1 hour
Leadership Co chair (1): Scott Armstrong, VP at Gideon Technologies Co chair (2): TBD
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
9/139
Detailed Schedule
Technical Working Group Meetings:1 hour durationApplicability Working Group meets every 2nd Tuesday @ 1:00
PM Eastern
Baseline Working Group meets every 2nd Thursday @ 1:00PM Eastern
Applicability & Baseline Working Groups meet in the sameweek
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
10/13
10
Participants
Agilent Technologies, Inc.American Century InvestmentsAssuria Ltd.AT&TBoeingCenter For Internet SecurityCity of SeattleCNA InsuranceCompliance Collaborators, Inc.Damac HoldingDepartment of CommerceDepartment of Veterans AffairsDHSDirect Computer ResourcesDisneyDoDeTrade FinancialEWA-CanadaExpediaFDAGideon TechnologiesGlobal UniDocs CompanyHSBC North AmericaIBMICSAlabs, an Independent Division of Verizon BusinessInformation Security and Forensics Management TeamInstitute for Defense AnalysesInvensys Process Systems
Joint Task Force-Global Network OperationsJones DayLone Star College SystemManTechMcAfeeMicrosoftNASANational Security AgencyNortel NetworksNorthrop GrummanOklahoma Office of State FinancePalindrome TechnologiesPearl TechnologyRaytheonRedSealRolls RoyceSalare SecurityScience Applications International Corporation (SAIC)Secure Acuity Networks, LLCTime Warner CableUS Department of TransportationUS-CERTVanguardVeriSignVoIPshield Systems Inc.Waters Edge Consulting
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
11/13
BUSINESS MADE SIMPLE
11
Backup
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
12/13
12
Communications Tools -- collaboration site
To join contact Barry Foer: [email protected]
-
7/31/2019 2009 06 08 Barry Foer ISA and Lawrence Dobranski Nortel ISAs VoIP Security Program Update at NIST Conference
13/13
13