international telecommunication union geneva, 9(pm)-10 february 2009 international collaboration for...

27
International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes, ITU-T SG-17 vice-chairman Anatel (Brazil) ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009

Upload: justin-godwin-carson

Post on 18-Jan-2018

219 views

Category:

Documents


0 download

DESCRIPTION

International Telecommunication Union Geneva, 9(pm)-10 February Cybersecurity – Resolution 50 Considering:  inherent security properties in PSTN (hierarchical struct., management);  in IP nets, separation between user and system components is reduced;  converged legacy networks with IP networks are more vulnerable;  new cyberattacks are emerging and having serious impacts;  ITU-T and JTC 1 (ISO/IEC) have significant published materials and ongoing works on cybersecurity. Resolves:  ITU-T should work closely with ITU-D, particularly in Q. 22/1;  use as a framework ITU-T Recs.(X.805, X.1205), ISO/IEC products/standards and deliverables from other organizations;  global, consistent and interoperable processes for sharing incident-response related information should be promoted;.

TRANSCRIPT

Page 1: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnion

Geneva, 9(pm)-10 February 2009

International collaboration for national public networks security

Antonio Guimaraes,ITU-T SG-17 vice-chairman

Anatel (Brazil)

ITU-T Workshop on“New challenges for Telecommunication

Security Standardizations"

Geneva, 9(pm)-10 February 2009

Page 2: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 2

Contents WTSA-08 results concerning

security and collaboration: Resolution 50 Resolution 52 Resolution 58

Security Baseline for national public networks operators: operator policy technical tools collaboration

ITU role in organizing collaboration and coordination: capacity building information exchange strategy and practical issues

Page 3: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 3

Cybersecurity – Resolution 50Considering: inherent security properties in PSTN

(hierarchical struct., management); in IP nets, separation between user

and system components is reduced; converged legacy networks with IP

networks are more vulnerable; new cyberattacks are emerging and

having serious impacts; ITU-T and JTC 1 (ISO/IEC) have

significant published materials and ongoing works on cybersecurity.

Resolves: ITU-T should work closely with ITU-D, particularly in Q. 22/1; use as a framework ITU-T Recs.(X.805, X.1205), ISO/IEC

products/standards and deliverables from other organizations; global, consistent and interoperable processes for sharing

incident-response related information should be promoted; .

Page 4: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 4

Countering/combating spam – Res.52Recognizing that : "Declaration of Principles" of

WSIS states in 37 that: "Spam is a significant and growing problem for users, networks and the Internet as a whole”.

spamming is used for criminal, fraudulent or deceptive activities;

technical work is carried in SG 17 (Recs. X.1231, X.1240, X.1241).

Resolves to instruct the relevant study groups: to support ongoing work, in particular in SG 17, related to

countering spam (e.g., e-mail) and to accelerate their work in order to address existing and future threats;

to continue collaboration with relevant organizations (e.g. IETF)), in order to continue developing technical Recs., exchange best practices and disseminating information through joint workshops, training sessions, etc.,

Page 5: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 5

Creation of CIRTs - Resolution 58Noting: the increasing attacks and threats

on ICT nets through computers; the high level of interconnectivity of

networks could be affected by attacks from less-prepared nations;

the work carried out on this subject by ITU-D, under Q. 22/1;

importance of computer emergency preparedness in all countries.

Instructs TSB, in collaboration with TDB : to support the creation of national computer incident response

teams (CIRTs), where needed and are currently absent; to collaborate with experts for establishment of national CIRTs; to facilitate collaboration between national CIRTs, such as

exchange of information, within an appropriate framework .

Page 6: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 6

Security baseline for network operators

Page 7: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 7

Policy baseline – legal and regulatoryNetwork operators must : have info. security provisions

compliant with legal and regulatory requirements of the jurisdiction of business activity;

meet the requirements of local jurisdiction, related to cooperation with the law enforcement agencies.

It is recommended that: operator adopts a security policy based on recognized best

practices (such as [b-ISO/IEC 27002] and [b-ITU-T X.1051]) and risk assessment, that meets the demands of business activity, compliant with national legislation and that is in accordance with the internal network operator procedures.

Page 8: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 8

Policy baseline – contractsNetwork operators must: make aware its personnel and

the external participants (users, interconnected operators and other interested parties) of the requirements of security policy

It is recommended that: the security policy has a clause dedicated to delimitation of

responsibility within the operator's personnel, between the operator and its partners, and between the operator and its customers.

information security requirements that must be followed by personnel are included in the labor contracts of all employees dealing with publicly-accessible information.

network operators work collaboratively to address risks and vulnerabilities.

Page 9: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 9

Policy baseline – implementationOperators must : implement security facilities

which should address the reduction of risk;

make the cost of such measures reflect the value of the assets protected and the potential damage.

It is recommended that: measures implemented to protect an operator's resources

or the resources of its customers, should not result in harmful consequences for third parties in an information exchange, nor should any side effects of their deployment cause damage or inconvenience that exceeds the impact of the risk being mitigated.

Page 10: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 10

Technical tools baseline - principles Basic orientations: deploy hardware and software

according to the terms of license agreement;

install updates and patches in a timely manner as recommended;

bring to the notice of users information about applicable patches and updates.

Best practices: have accounts for access to the interfaces of

communication hardware management (group accounts not recommended).

do not use default passwords (set by the manufacturer) to authorize access to any communication hardware/ software;

protect network management system information by confidentiality and integrity mechanisms or by using network segments physically isolated from service domains.

Page 11: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 11

Technical tools baseline – proceduresMessage labelling: inspected packages can be

labelled, so that interconnected operators know that outgoing address is correct;

for all incoming messages, mark messages with unsolicited information.

Recommendations for counteracting spam : operators should filter spam within their own network; e-mail servers must have the ability to limit the amount of

outgoing messages from one user within a unit of time (e.g. protecting against spam or denial of service attacks).

ability to delay the delivery of outgoing messages by such sender, until the server administrator confirmation is obtained.

Page 12: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 12

Technical tools baseline – filters

Anti-virus and anti-spam: network operators and public information

server owners must deploy regularly-updated anti-viral software.

is recommended to have facilities for detecting infected messages, marking and optionally deleting them;

each e-mail information server must be enabled with spam-detection;

It is recommended for all network operators: to install anti-spoofing filters at the points of interconnection

with other networks (operators) and end-users; these filters prevent the transmission of packages with the

outgoing addresses from external networks or multicast addresses, as well as receiving packages with such addresses or with reserved or incorrect addresses.

Page 13: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 13

Technical tools baseline – inspectionData traffic analysis: operators can deploy automated

discovery of statistical traffic anomalies;

such traffic anomaly analysis can be used for counteraction to DDoS attacks.

Recommendations the operator should deploy technical and organizational

measures that allow him to determine the source of a violation (e.g., a DoS attacks) and to block (de-activate) the attacks;

regularly-updated intrusion detection and prevention services (IDS/IPS) can be applied to handle selective real-time contextual traffic analysis for the traffic received from users and other operators.

Page 14: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 14

Technical tools baseline – logs

Critical information: operators must assure the

confidentiality of transmitted and/or stored information related to management and billing systems, personal user data and information about services provided to users.

Security logs: personnel activities on the communication facility should be

logged; the logs of detected incidents must be stored for a time long

enough to facilitate the investigation of incidents. technical correlation tools can be deployed to assess

information from all available security logs.

Page 15: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 15

Technical tools baseline – settingsSecurity settings: operators should offer the

capability to selectively block or filter traffic, at the request of the user.

routine control facilities can be used for configuration and maintenance of the security settings of communication facilities and management network elements (including firewalls, routers and servers).

Best practices: operators should use approved best security practices (such

as [b-ISO/IEC 27002] and [b-ITU-T X.1051]) whenever developing applications and services for end-users (for example, when offering self-service capabilities).

Page 16: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 16

Technical tools baseline – users

Users decision: users shall be able to

reject communications that do not comply with their minimum security policy.

Security mechanisms: security mechanisms and other parameters beyond default

security mechanisms shall be configurable (static for NNI interface and may be negotiated for UNI interfaces);

the security mechanism negotiation shall have a certain minimum level to be defined by the security domain; e.g., avoid bidding-down attacks.

Page 17: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 17

Collaboration baseline - interactionRecognizing risks: the operators should help

customers (end-users) and service providers recognize risks that arise from the use of network services.

Actions to be taken: it would be advisable to establish national interoperator

bodies, to work with government branches in the security and integrity of public networks operation;

these bodies would have facilities to identify all users and other operators involved in the interactions on the network, to prevent illegal acts (such as child pornography);

the operators should inform users about fundamental risks that arise from the network and about counter-measures against these risks, aimed at the reduction of damages.

Page 18: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 18

Collaboration baseline – prevention

Leakage of information: It is recommended that the

operator promptly inform all affected parties in the event of leakage of a user's data, or the data of an interconnected operator.

Operators must have the ability : to determine the jurisdiction (i.e., the territory or state) in

which a publicly-available information network resource is located.

to obtain information about the owner (administrator) of a publicly-available information network resource for purposes of incident investigation or resolution.

Page 19: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 19

Collaboration baseline - incidentsRecognizing risks: personnel responsible for

the information security of corporate resources shall be appointed by enterprise users (legal entities);

such employees should have sufficient qualifications and authority to counteract security threats. Treatment of incidents:

the operator should have a round-the-clock incident response team (IRT), use an outsourced IRT or a National-CSIRT ;

operator's IRT must be accessible via phone and e-mail for authorized customers or interconnected operators, in accordance with the operator's policy or service agreement;

incidents should be investigated based on the best practices.

Page 20: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 20

Collaboration baseline – follow up

Service level agreement: stipulate, in service level agreement, a clause on procedures

for informing users about discovered vulnerabilities in hardware or software that can cause negative consequences to them, mainly those respecting their privacy;

the agreement should contain a comprehensive statement of security requirements, should they be violated, it will cause the suspension or termination of communication services.

Notification of vulnerabilities : inform users about threats

relating to the use of services and information resources;

educate the users about settings in the edge network equipment;

notification should also be sent to equipment manufacturers.

Page 21: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 21

ITU’s role in organizing cooperation

Page 22: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 22

ITU’s role – WSIS and GCA Implementing WSIS action line C.5: a fundamental role of ITU, according to WSIS and the 2006

ITU Plenipotentiary Conference is to build confidence and security in the use of information and communication technologies (ICTs).

Heads of states and government and other global leaders participating in WSIS as well as ITU Member States entrusted ITU to take concrete steps towards limiting the threats and insecurities related to the information society.

Global Cybersecurity Agenda : on 17 May 2007, ITU launched the CGA

to provide a framework within which the international response to the growing challenges to cybersecurity can be coordinated and addressed in response to its role as Facilitator for action line C.5;

Page 23: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 23

ITU’s role – capacity buildingCapacity building: experts’ training is highly important

because people are the weakest link in cybersecurity;

training and a high level of user awareness is thus one of the key challenges today.

International collaboration and coordination: people are the main actors - they develop the systems, they

elaborate the policies and strategies to secure transactions; security threats information exchange: cyberthreat issues

are global (countries cannot easily close their borders to incoming cyberthreats);

time and geography, as well as the location of victims, are no longer barriers to where and when these attacks are launched by cybercriminals.

Page 24: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 24

ITU’s role – cooperationKnowledge sharing: best practices and information

exchange, including reports on strategy and practical issues of security standardization, evaluation and implementation .

Functions available in GCA: the Discussion Forum aimed at exchanging views and ideas

on the different work areas, follow the discussion threads, and respond to specific items that have been posted;

the Wiki area, providing post and upload resources, links and articles on cybersecurity, in the different work areas of GCA;

the Documents area, allowing upload written contributions and documents - all outcome documents resulting from the work of GCA will be posted in this area;

the Chat area meant to engage in on-line talks with the other logged-on users. 

Page 25: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 25

ITU’s role – cybersecurity gatewaySections: information sharing of national

approaches, good practices and guidelines;

developing watch, warning and incident response capabilities;

technical standards and industry solutions;

harmonizing national legal approaches, international legal coordination and enforcement;

privacy, data and consumer protection.

For citizens, governments, business and internationalorganizations.

Page 26: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 26

ITU’s role – security standards

ITU-T Study Group 17: SG-17 is the leading study group for

activities on telecommunication security;

SG-17 produces materials that can be of interest and use to developing countries when identifying practical security solutions;

an example of this is the newly revised “ICT Security Standards Roadmap”.

this roadmap captures network-related security work of not only ITU-T but also of ISO/IEC, IETF and consortia groups as part of their out-reach activities

Generalizing the recommendations on various aspects of security (from different SDOs) for telecom operators.

Page 27: International Telecommunication Union Geneva, 9(pm)-10 February 2009 International collaboration for national public networks security Antonio Guimaraes,

InternationalTelecommunicationUnionGeneva, 9(pm)-10 February 2009 27

Thank you !

Antonio [email protected]