• No results found

Evolving Optical Transport Network Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Evolving Optical Transport Network Security"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

1 Copyright © 2012 All Rights Reserved.

Copyright © 2012 All Rights reserved

Evolving Optical Transport Network Security

May 15,

2012

Prepared by: John Kimmins Executive Director 732-699-6188 [email protected]

(2)

2 Copyright © 2012 All Rights Reserved.

Overview of Optical Communications and

Transport Networks

Evolving Transport Network Technology

Potential Security Issues

Security Risk Management

(3)

3 Copyright © 2012 All Rights Reserved.

Exploding bandwidth demands

− Annual growth of 50% or more to support services such as

− 3G and 4G wireless (backhaul) − Streaming video

− Cloud services − On-line gaming

− Capacity of optical systems is hundreds of times greater than that of electrical or radio-wave systems

Need for agility, scalability and sustainability to meet rising

customer expectations

− Shift from relatively static TDM-based services to rapidly changing IP/Ethernet-based services

(4)

4 Copyright © 2012 All Rights Reserved.

Optical Communications Stack Options

Transported Traffic (voice, video, data)

Optical Fiber

Optical Fiber Cable

Ethernet SONET Fibre Channel

Ethernet SONET Fibre

Channel

OTN

WDM (typically DWDM)

Ethernet SONET Fibre Channel FDDI

(5)

5 Copyright © 2012 All Rights Reserved.

Illustrative Physical Network View

Core/Long-Haul (undersea and terrestrial) Distribution/Metro Access/ Last mile

(6)

6 Copyright © 2012 All Rights Reserved.

Automatically Switched Optical Network (ASON) is an

emerging control plane technology that

− Automates discovery and provisioning of network resources and connections

− Allows for customer control over optical network connections

− Permits dynamic policy-driven network control

Transport network changes are initiated by a customer or

management system

Signaling controls the creation and removal of connections

Customer connects to the transport plane through a physical

interface and communicates with the control plane via a User

Network Interface (UNI)

(7)

7 Copyright © 2012 All Rights Reserved.

Automated provisioning allows for

− Dynamic bandwidth allocation based on demand

− Quick end-to-end connection setup and teardown

− Efficient rerouting and resource usage

− Reduced labor costs associated with manual tasks and customer/service provider interactions

− Time-efficient response to changing customer needs

ASON also supports

− Connection protection and restoration

− Address and wavelength assignment

− Traffic engineering

− Many Quality of Service (QoS) levels

− Multiple types of traffic (though it may be optimized for IP)

(8)

8 Copyright © 2012 All Rights Reserved.

Service demarcation points are where call control is provided

Inter-domain interfaces are service demarcation points

(9)

9 Copyright © 2012 All Rights Reserved.

• User-Network Interface (UNI)

− Separates the concerns of the user and provider

− Enables client-driven end-to-end service activation

• External Network-Network Interface (E-NNI) enables

− End-to-end service activation

− Multi-carrier and vendor inter-working

− Independence of survivability schemes for each domain

• Internal Network-Network Interface (I-NNI) supports

− Intra-domain connection establishment

− Explicit connection operations on individual switches

• UNI and E-NNI are supported by a family of ITU-T and OIF signaling protocols

• I-NNI is considered proprietary

ASON Network Interfaces

NE Provider A Provider B E-NNI NE NE NE Domain 1 Domain 2 E-NNI

I-NNI Domain 1 E-NNI

Domain 2

E-NNI

I-NNI E-NNI

UNI

(10)

10 Copyright © 2012 All Rights Reserved.

Growth of the Security Threats

1 High Low 1980 1985 1990 1995 2000 Sophi s ti c at io n

cross site scripting

password guessing

self-replicating code password cracking

exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing

graphic user interface

automated probes/scans denial of service www attacks “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools

Advanced Persistent Threat Supply Chain Counterfeits 2012+ RSA Compromise Sophistication Of Available Tools/Attacks Growing Botnets Mobile Malware ? Stuxnet

(11)

11 Copyright © 2012 All Rights Reserved.

Increases the exposure of the core optical transport

network

− With new user interface, unauthorized bandwidth requests may enable denial-of-service attacks

− New routing protocols may not be sufficiently protected and create network instability

− Network forensics may be more difficult in a dynamic environment

− Connections may be temporarily set up to support potential attacks and then disappear

Gateway products will be emerging to mediate network

access

− Testing of security features will be required to determine protection level

(12)

12 Copyright © 2012 All Rights Reserved.

Security Risk Management Roadmap

Current Network Infrastructure New Customer Services Assess Security • Address risk • Platforms,

applications, NEs & interfaces • Process flows • Security architecture • Security management New Network Technology Insertion Evolving Network Infrastructure Procurement Process Controls • Vulnerability Mitigation • Processes • Security design

• Operations testing &

turn-up

New Services Rollout

• Controls process • Vulnerability

assessment

• Procedures • Training

• Service testing &

turn-up

Threat & Vulnerability

• Monitoring • Patch management • Periodic Vulnerability assessments • Training

(13)

13 Copyright © 2012 All Rights Reserved. Powerhouse Research. Practical Solutions.

References

Download now ( PDF - 13 Page - 771.35 KB )

Related documents

An evaluation of the pedestrian classification in a multi-domain multi-modality setup

On both datasets, RIFIR and Parma-Tetravision, features computed on the FIR images have better performance than those computed on the visible domain, whichever the modality

A/HRC/26/49. General Assembly. United Nations

Given the multitude of stakeholders that may be involved in combating racism and incitement to racial hatred and violence on the Internet and social media

Buhmann M D - Radial Basis Functions, Theory and Implementations (CUP 2004)(271s)

After an introduction and a summary in Chapter 2 of the types and results of  analysis that are used for the radial basis functions, the order of the remaining chapters

Computational Analysis of Cryptic Splice Sites

For this project, we made use of a large dataset formed by collecting splice sites from different sources as explained in Chapter 2. The neighboring splice sites were 1516

A Perspective on the Debt of Deveoloping Countries

If Brazil's real GNP were to expand 9 percent per year in the future (compared with 11 percent in 1970-73); if its exports keep up with the growth of its GNP (in the years 1971-75,

Theory of (2+1)-dimensional fermionic topological orders and fermionic/bosonic topological orders with symmetries

A 2+1D phase with trivial topological order (i.e., a product state) can have only local particles, which, by definition, are particles that can be created/annihilated by

From structural to detailed land-use planning in the city of Valencia : options and limits for a new integrating community planning : case of 'Ciutat Vella'

Un elemento que sin duda va a repercutir sobre la posibilidad de que esta nueva planificación comunitaria arraigue y poder lograr así el objetivo de una ciudad más cohesiva

Cameron Drilling Chokes

removed. Refer to Paragraph C for the gate removal procedure. If any chrome plating in or around the groove has been eroded, the actuator body should be returned to Cameron Willis