richard gurdak international development blue ridge networks service providers and lawful intercept
DESCRIPTION
©2008 Blue Ridge Networks. All rights reserved. Do More with Less Over the past 20 years the performance of the PC has increased over 600 Fold (from 6 MHz to 4.0 GHz) while energy consumed by the system is largely unchanged. Since the transistor was introduced 40 years ago the size has been reduced by 10 4, power consumption by 10 5 and costs reduced by overTRANSCRIPT
Richard GurdakInternational DevelopmentBlue Ridge Networks
Service Providers and Lawful Intercept
©2008 Blue Ridge Networks. All rights reserved.
2
Business Demands for Computing• Authorized access to any data, anywhere, anytime.• Networks utilizing more business friendly technologies
such as 3G, 4G, WiMaX , Virtual Ethernet Networks and network components which can compute at increasingly faster speeds will exceed the past benefits of computer technology.
• These technologies produce flexibilities and efficiencies which organizations, both network providers and customers, use to provide more solutions with minimal growth in Network Capital.
©2008 Blue Ridge Networks. All rights reserved.
Do More with Less• Over the past 20 years the performance of the
PC has increased over 600 Fold (from 6 MHz to 4.0 GHz) while energy consumed by the system is largely unchanged.
• Since the transistor was introduced 40 years ago the size has been reduced by 104, power consumption by 105 and costs reduced by over 109
3
©2008 Blue Ridge Networks. All rights reserved.
4
PC Hard Disc Capacity
1.00E-06
1.00E-05
1.00E-04
1.00E-03
1.00E-02
1.00E-01
1.00E+001985 1995 2005 2015
Wat
ts p
er M
IPS
©2008 Blue Ridge Networks. All rights reserved.
Exponential Growth
5
©2008 Blue Ridge Networks. All rights reserved.
6
Wireless Data Device Price Performance
• Like getting 3 million miles per gallon.
1
10
100
1000
10000
100000
1990 1995 2000 2005
Bits
/sec
/$
©2008 Blue Ridge Networks. All rights reserved.
7
Storage Media Price Performance
• Store the Library of Congress collections for $1,000.
1.00E+04
1.00E+05
1.00E+06
1.00E+07
1.00E+08
1.00E+09
1.00E+10
1.00E+11
1980 1985 1990 1995 2000 2005
Bits
per
$
©2008 Blue Ridge Networks. All rights reserved.
8
The Universal Business NetworkInternet Backbone Bandwidth
1.00E+04
1.00E+05
1.00E+06
1.00E+07
1.00E+08
1.00E+09
1.00E+10
1.00E+11
1985 1990 1995 2000 2005
Bits
Per
Sec
ond
©2008 Blue Ridge Networks. All rights reserved.
9
Any to Any
• Now 10,000,000,000 times more valuable!!!
Internet Hosts
1.00E+03
1.00E+04
1.00E+05
1.00E+06
1.00E+07
1.00E+08
1.00E+09
1985 1990 1995 2000
Hos
ts
©2008 Blue Ridge Networks. All rights reserved.
10
Network Security and Lawful Intercept• Responsibility to meet LI Requirements
– Local Communications Provider working with the Law Enforcement Agencies (LEAs)
– Complexity increased by technology (Mobile, VoIP, Encryption)– Almost all countries have LI requirements and have adopted
global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI) organization. In the USA, the requirements are governed by the Communications Assistance for Law Enforcement Act (CALEA).
• Overlay/Service/Network Manufacturers– No LI Requirements, but practical considerations
©2008 Blue Ridge Networks. All rights reserved.
11
Risks associated with LI• LI systems may be subverted for illicit
purposes. (Greece 2004)
• Access Point created for gaining private information.
• Malicious or inadvertent loss of data
©2008 Blue Ridge Networks. All rights reserved.
12
Trust as a foundation• Customers (ISPs, Telcos and end users) use
Network Products because they trust the product will deliver good service at a competitive price
• Network Security products add Trust to the expectations.– Obligation of the Network device/service
manufacturer is to create the best, most secure, product. Meeting LEA requirements is the responsibility of the Licensed Operator in-country.
©2008 Blue Ridge Networks. All rights reserved.
Blue Ridge• By design, our products do not provide any means of divulging
a traffic encryption key. Not to Blue Ridge, not to end-users, and therefore not to any government. It is not possible with Blue Ridge VPN products to insert a traffic encryption key either. All traffic keys are dynamically generated using a secure Diffie-Hellman key agreement protocol that creates a unique key for each session. No one has been able to propose a robust way of providing a "key escrow" mechanism that does not introduce significant security vulnerabilities for all parties.
• There are no "back door" features in our products.
14
©2008 Blue Ridge Networks. All rights reserved.
VPN and LI and Blue Ridge• It is Blue Ridge’s position that Lawful Intercept of
traffic over our products or services would be performed at some point in the network where cleartext traffic is naturally available. Our products, and other VPN/Security products, can be configured to provide a cleartext intercept point but we have never been asked to do so.
• Even in this event, only the LEA, working via the Local Licensed Provider would be able to perform the intercept. Not Blue Ridge, nor the customer.
15
©2008 Blue Ridge Networks. All rights reserved.
16
Security Products and Services• Secure Virtual Ethernet Service
– Cost effective private communications over public networks– Supports voice, video and data applications– Works with any carrier broadband services– Available as a fully managed service or supported product
suite• EdgeGuard™ End-Point Risk Mitigation
– Enforcement of enterprise security policy for fixed and mobile Windows computers
– Auditing of policy compliance– Discovery of security related risk factors– Available as a fully managed service or supported product
suite
©2008 Blue Ridge Networks. All rights reserved.
17
Secure Virtual Ethernet Service• Any-to-any, full mesh, enterprise connectivity• 100% end-to-end security• Unicast and Multicast• Any wired or wireless networks;
– DSL, Cable Modem, E1, etc.– Cell wireless, satellite, WiMax
• Any Data applications and Protocols• Any VoIP applications• Any IP Video applications• Anywhere on the globe
©2008 Blue Ridge Networks. All rights reserved.
18
SVES Deployment
Regional Office
Branch OfficeRemote workstation
EnterpriseHQ
SVES creates a complete end to end private and secure network on the global Internet.
Internet
Enterprise
Secure Mobile OfficeSecure Mobile Office
©2008 Blue Ridge Networks. All rights reserved.
19
Why Blue Ridge for Security• A company dedicated to security products and
services for over 10 years.• All products are independently certified for
security features.– Common Criteria– NIST FIPS 140-2 level 2
• No reported vulnerabilities in 14 years of use by demanding customers.
• Currently providing managed security services in 39 countries.
©2008 Blue Ridge Networks. All rights reserved.
20
Thank You