promoting network security (a service provider perspective)
TRANSCRIPT
![Page 1: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/1.jpg)
DNW, BSNLDNW, BSNL 11
Promoting Network Security(A Service Provider
Perspective)“Prevention is the Foundation”
H S GuptaDGM (Technical) Data Networks, [email protected]
![Page 2: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/2.jpg)
DNW, BSNLDNW, BSNL 22
AgendaAgenda
• Importance of Network Security for a Service Provider
• Challenges in enhancing security in Service Provider environment
• Various security threats• Role of Service Provider in enhancing
security• Role of customer in enhancing security • Ways to minimize Security Threats• Conclusions
![Page 3: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/3.jpg)
DNW, BSNLDNW, BSNL 33
Importance of Network Security for a Importance of Network Security for a Service ProviderService Provider
• Service availability is maintained• SLAs are maintained and Service degradations
are avoided• Reduction in manpower and other support costs • Customer satisfaction and confidence is increased• Public image is maintained• Revenues are maintained• Possibilities of getting involved in litigation are
reduced
![Page 4: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/4.jpg)
DNW, BSNLDNW, BSNL 44
Challenges in Enhancing Security in Challenges in Enhancing Security in Service ProviderService Provider EnvironmentEnvironment
• Multiple Services– Internet [Narrowband, Broadband (DSL, Broadband Loop
Carrier), Wireless (Wi-Fi), Leased]– PSTN– Mobile– VPN, Dial VPN– Hosting and Colocation– & others
• Vast Coverage in terms of Network Elements• Increase in use of IT for OSS & BSS (Need to maintain
Main and DR sites)• A number of systems from different vendors need to get
integrated (Best of breed scenario)
![Page 5: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/5.jpg)
DNW, BSNLDNW, BSNL 55
Challenges in Enhancing Security in Challenges in Enhancing Security in Service Provider EnvironmentService Provider Environment
• Managing multiple vendors (More so in PSU scenario)
• A number of maintenance contracts with different vendors for maintenance of hardware and software
• Systems and Processes need to keep pace with technology
• Rapid Technological Evolution
![Page 6: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/6.jpg)
DNW, BSNLDNW, BSNL 66
Challenges in Enhancing Security in Challenges in Enhancing Security in Service Provider EnvironmentService Provider Environment
• Number of attacks and vulnerabilities continue to grow
• Applications and products continue to be shipped with insecure defaults
• Striking a right balance between Over Protected to Under Protected
• New services and applications are adding to the complexity
![Page 7: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/7.jpg)
DNW, BSNLDNW, BSNL 77
Various Security ThreatsVarious Security Threats
• Any use of the Internet, be it via broadband or dial-up technology, poses certain security and privacy risks.
• Broadband poses a higher risk than dialup technology because of “Always On” nature and high bandwidth.
![Page 8: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/8.jpg)
DNW, BSNLDNW, BSNL 88
Various Security ThreatsVarious Security Threats• Email• Open Proxies• Viruses, worms & Trojans• Open Mail Relay• Distributed Denial of Service Attacks (Weapons
of Mass Disruption)• Botnets• Intrusion• Malicious traffic• Malicious Code• Managing Multi Vendor scenario• Managing multiple hardware & software
![Page 9: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/9.jpg)
DNW, BSNLDNW, BSNL 99
Various Security ThreatsVarious Security Threats• Managing multiple services• Spyware• Identity Theft and Phishing• Increase in the use of Internet for criminal & terrorist
activities• Application and OS Vulnerabilities• Former employees• Insider threats (current employees, vendors)• Hackers • Employee Error• Social Engineering, Spoofing, Appl embedded attacks,
blended attacks
![Page 10: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/10.jpg)
DNW, BSNLDNW, BSNL 1010
Threats Due to EThreats Due to E--mailmail
• Spam• Phishing• Cyber Crime cases (including abusive
attacks)• Forged E-mails
![Page 11: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/11.jpg)
DNW, BSNLDNW, BSNL 1111
Impact of Spam on Service Impact of Spam on Service ProviderProvider
• Increase in hardware sizing• Increase in bandwidth requirement• Customer quality of service gets impacted• Cost at Customer side
– More data to download– More time to download– Loss of productivityBack
![Page 12: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/12.jpg)
DNW, BSNLDNW, BSNL 1212
Consequences of Open Proxy Consequences of Open Proxy ServersServers
• Open Proxies allow a third party to exploit the system to send unsolicited emails or carry out illegal activities that get traced to exploited system
• Malicious users cover their tracks by chaining through multiple proxies either manually or using products such as Proxy Chains
• The IP of the organization being blacklisted by various bodies
• The loss of image of the organization and legal ramifications, if misused for illegal activities
• Loss of bandwidth
Back
![Page 13: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/13.jpg)
DNW, BSNLDNW, BSNL 1313
Hacking of WebsitesHacking of Websites
• Defacement• Malicious content• Stealing of information• Hosting of Phishing Sites
– Customers even doesn’t know that this has been hosted
– Comes to know when Service Provider tells them– Incidents are increasing at an alarming rate
• Reduces confidence for Online ActivitiesBack
![Page 14: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/14.jpg)
DNW, BSNLDNW, BSNL 1414
Live Case StudiesLive Case Studies• Phishing sites of a number of Banks • List of Open Proxy Servers• Nigerian 419 scam• Lots of defacement of Websites• Increase in network traffic due to worms like
Blaster, Sobig, Nachi• Increase in CPU utilization due to malicious
traffic• More outbound traffic than inbound• Connecting insecure PC in the LAN
![Page 15: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/15.jpg)
DNW, BSNLDNW, BSNL 1515
Different Security ToolsDifferent Security Tools• Policies & Procedures• Access Control• Host Intrusion Detection System• Network Intrusion Detection System• Firewall• Intrusion Prevention System• Anti-Virus• Anti Spam• Vulnerability Assessment• Public Key Infrastructure
![Page 16: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/16.jpg)
DNW, BSNLDNW, BSNL 1616
Different Security ToolsDifferent Security Tools
• Network Baselining• Out of band Management• Time Synchronization (NTP)• Access Control Lists• Documentation• Physical Security
– Bio Metric devices– Water Leakage Detection– Rodent Repellant System
![Page 17: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/17.jpg)
DNW, BSNLDNW, BSNL 1717
Role of Service Provider in Role of Service Provider in Enhancing SecurityEnhancing Security
• Protect own infrastructure from customers, employees and outside world
• Help protect other peers• Make the Customers aware about Internet
Security as attacks targeted to a particular customer CAN and DO affect the Service provider infrastructure
• Protect customers from outside world as also from each other
![Page 18: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/18.jpg)
DNW, BSNLDNW, BSNL 1818
Role of customer in Enhancing Role of customer in Enhancing SecuritySecurity
• Awareness about Internet Security, viruses, Fraud developments etc.
• Use of Virus Protection software• Use of Personal Firewall• Filter E-mail for Spam
– Most Spam mails contain scam of some sort– Delete spam mails from webmail
• Not responding to phishing Emails• Not sharing the Internet account with anyone.
![Page 19: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/19.jpg)
DNW, BSNLDNW, BSNL 1919
Role of customer in Enhancing Role of customer in Enhancing SecuritySecurity
• Restricting access to the Internet leased line or Broadband connection.
• Visiting trusted websites• Turning off computer when not in use• Disable non-essential services such as file
and printer sharing• Download and install the patches as
needed
![Page 20: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/20.jpg)
DNW, BSNLDNW, BSNL 2020
Ways to Minimize Security ThreatsWays to Minimize Security Threats
• Deployment of proper technology• Increasing customer awareness• Increasing employee awareness• Updated Systems & Procedures• Keeping updated about latest trends in Security
![Page 21: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/21.jpg)
DNW, BSNLDNW, BSNL 2121
SecuritySecurity……
Not just a Technology Problem
80% of the security risks can be avoided by taking basic
precautions
![Page 22: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/22.jpg)
DNW, BSNLDNW, BSNL 2222
Security DilemmaSecurity Dilemma
• Moore’s law in reverse direction- networks are becoming less secure while the cost to defend them is increasing.
• PREVENTION IS THE FOUNDATION
![Page 23: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/23.jpg)
DNW, BSNLDNW, BSNL 2323
ConclusionsConclusions
• Security is not to be treated as a mere hardware and software issue
• Static and Passive approach to security is inadequate
• Customer & employee awareness is important
• Point solutions are no good. Holistic approach needs to be taken
![Page 24: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/24.jpg)
DNW, BSNLDNW, BSNL 2424
ConclusionsConclusions
• Security needs to kept in mind while designing the network
• Systems and Procedures must be in place to deal with multi-service, multi-vendor, multi-hardware & software network
• Concentrating on Preventive aspects will be cheaper and effective
![Page 25: Promoting Network Security (A Service Provider Perspective)](https://reader034.vdocuments.net/reader034/viewer/2022051711/5866843d1a28abf23f8b6280/html5/thumbnails/25.jpg)
DNW, BSNLDNW, BSNL 2525
Thank YouThank You