In this blog, I will finalize my thoughts on cyber security principles especially its role in network management techniques that would be very useful in predicting and preventing security hacking across corporate enterprise customers. Let me start with entire Enterprise Network Management systems needed to monitor all anomalies before, during and after any incident and use mechanism to prevent hackers from attacking systems across the globe.
Enterprise Network Management
Service providers need to build a comprehensive multi-pronged program that will institute a disciplined and structured infrastructure to manage internal computing assets. These areas are:
• Advisory Management: Establish a process to receive and categorize vendor advisories for subsequent distribution to administrators, developers, and system owners.
• Patch Verification: Implement a process that ensures patches are applied for networked infrastructure.
• Information Repository: Establish a means to obtain information about networked devices. Such a repository helps identify and remediate devices that are vulnerable or infected by a worm or virus.
• Network Access Controls: Implement an automated process to disconnect vulnerable devices and ensure only registered devices are allowed to connect to the network
As a large, technology-driven corporation, service providers have many internal applications that employees need to access.
Controlling access to more than a thousand applications is a security challenge. Service providers need to develop a Common Security Platform (CSP) to manage this authentication process. The CSP is a single-sign-on authenticating web proxy, built from off-the-shelf tools. The CSP uses public key cryptography for sharing user credentials with application web servers. It is used ubiquitously across service provider internal web applications.
Honoring the fundamental security principle of leveraging internally-developed technology to serve customers, the CSP platform is used as the single sign-on authentication and authorization platform.
DoS mitigation: Service providers also need to employ a variety of methods to detect and mitigate Denial of Service (DoS) attacks emanating from the Internet. Techniques include Perimeter Black holing, which uses a routing protocol such as BGP to divert traffic to a “bit bucket” into which packets are discarded before reaching their intended victim. Another similar technique, described later, diverts traffic to a packet scrubbing facility that can mitigate the malicious packets before sending the traffic back to its original destination.
•Dark-space Monitoring: Another facet of security analysis associated with the IP network is dark-space monitoring. Dark spaces are IP address blocks that are not registered to individual enterprise customers.
Most attackers do not know what IP address space is in use. They often randomly search for active hosts with a goal of wreaking havoc on any available victim. Thus, any activity addressed to unassigned space is at a minimum erroneous. In fact, it is likely malicious traffic, searching for vulnerable hosts. By observing the activity in this unassigned IP address space, service providers can gain valuable knowledge about attack patterns. Thus, studying “dark space” provides a method for detecting malicious traffic patterns by employing unused or privately routed address space to listen to Internet and network noise.
•Wireless Security: Recognizing that convergence is taking place at the “edges” of networks as well as the core, service providers must be actively involved in the development of wireless security protocols. Providers must take a leading role in the IETF, ITU, and IEEE. Wireless technologies were developed without security as part of the initial design, and multiple approaches to wireless security protocols have been developed, each with their own imperfections.
Wireless Service Providers should play an active role in these standards bodies to ensure that strong and effective end-to-end wireless security is developed. Without it, enterprises will be unable to utilize wireless technology in a secure manner. As voice and data co-mingle on the same wireless LAN infrastructure, securing these end-points at the enterprise level and as well at the network entrance becomes critical to assuring the security of all an enterprise’s communications.
•Control Plane Monitoring: Service providers must also develop a number of tools to monitor activity in the network control plane. This type of monitoring has historically been very limited because the control plan operates autonomously, but is very useful for capturing clues to instability in the IP network.
OSPF (Open Shortest Path First) is a widely deployed intra-domain routing protocol. It is a link-state protocol; i.e., each network router “learns” the entire network topology and computes a shortest path tree (SPT) using the topology as a graph. Each router uses SPT to build its routing table. In order to disseminate topology information, routers describe their local connectivity in Link State Advertisements (LSAs) and flood them in the entire network. Despite widespread use of OSPF, very few tools exist for effective management and operation of OSPF networks.
The Border Gateway Protocol (BGP) is used to accomplish inter-domain routing. It is the “glue” that holds the Internet together, enabling all its networks to communicate with each other through the exchange for availability information. BGP is used at the “edges” of networks and is employed to exchange Internet routes between ISPs and between ISPs and their customers.
Dr. H. Eslambolchi