Transcript Blue Ridge Networks - SAMENA Telecommunications Council

Service Providers and Lawful Intercept
Richard Gurdak
International Development
Blue Ridge Networks
Business Demands for Computing
• Authorized access to any data, anywhere, anytime.
• Networks utilizing more business friendly technologies
such as 3G, 4G, WiMaX , Virtual Ethernet Networks
and network components which can compute at
increasingly faster speeds will exceed the past
benefits of computer technology.
• These technologies produce flexibilities and
efficiencies which organizations, both network
providers and customers, use to provide more
solutions with minimal growth in Network Capital.
2
©2008 Blue Ridge Networks. All rights reserved.
Do More with Less
• Over the past 20 years the performance of the
PC has increased over 600 Fold (from 6 MHz
to 4.0 GHz) while energy consumed by the
system is largely unchanged.
• Since the transistor was introduced 40 years
ago the size has been reduced by 104, power
consumption by 105 and costs reduced by
over 109
3
©2008 Blue Ridge Networks. All rights reserved.
PC Hard Disc Capacity
1.00E+00
1985
1995
2005
2015
Watts per MIPS
1.00E-01
1.00E-02
1.00E-03
1.00E-04
1.00E-05
1.00E-06
4
©2008 Blue Ridge Networks. All rights reserved.
Exponential Growth
5
©2008 Blue Ridge Networks. All rights reserved.
Wireless Data Device Price Performance
100000
Bits/sec/$
10000
1000
100
10
1
1990
1995
2000
2005
• Like getting 3 million miles per gallon.
6
©2008 Blue Ridge Networks. All rights reserved.
Storage Media Price Performance
1.00E+11
1.00E+10
Bits per $
1.00E+09
1.00E+08
1.00E+07
1.00E+06
1.00E+05
1.00E+04
1980
1985
1990
1995
2000
2005
• Store the Library of Congress collections for $1,000.
7
©2008 Blue Ridge Networks. All rights reserved.
The Universal Business Network
Internet Backbone Bandwidth
1.00E+11
Bits Per Second
1.00E+10
1.00E+09
1.00E+08
1.00E+07
1.00E+06
1.00E+05
1.00E+04
1985
1990
1995
2000
2005
8
©2008 Blue Ridge Networks. All rights reserved.
Any to Any
Internet Hosts
1.00E+09
1.00E+08
Hosts
1.00E+07
1.00E+06
1.00E+05
1.00E+04
1.00E+03
1985
1990
1995
2000
• Now 10,000,000,000 times more valuable!!!
9
©2008 Blue Ridge Networks. All rights reserved.
Network Security and Lawful
Intercept
• Responsibility to meet LI Requirements
– Local Communications Provider working with the Law
Enforcement Agencies (LEAs)
– Complexity increased by technology (Mobile, VoIP,
Encryption)
– Almost all countries have LI requirements and have adopted
global LI requirements and standards developed by the
European Telecommunications Standards Institute (ETSI)
organization. In the USA, the requirements are governed by
the Communications Assistance for Law Enforcement Act
(CALEA).
• Overlay/Service/Network Manufacturers
– No LI Requirements, but practical considerations
10
©2008 Blue Ridge Networks. All rights reserved.
Risks associated with LI
• LI systems may be subverted for illicit
purposes. (Greece 2004)
• Access Point created for gaining private
information.
• Malicious or inadvertent loss of data
11
©2008 Blue Ridge Networks. All rights reserved.
Trust as a foundation
• Customers (ISPs, Telcos and end users) use
Network Products because they trust the
product will deliver good service at a
competitive price
• Network Security products add Trust to the
expectations.
– Obligation of the Network device/service
manufacturer is to create the best, most secure,
product. Meeting LEA requirements is the
responsibility of the Licensed Operator in-country.
12
©2008 Blue Ridge Networks. All rights reserved.
Blue Ridge
• By design, our products do not provide any means of divulging
a traffic encryption key. Not to Blue Ridge, not to end-users,
and therefore not to any government. It is not possible with Blue
Ridge VPN products to insert a traffic encryption key either. All
traffic keys are dynamically generated using a secure DiffieHellman key agreement protocol that creates a unique key for
each session. No one has been able to propose a robust way of
providing a "key escrow" mechanism that does not introduce
significant security vulnerabilities for all parties.
• There are no "back door" features in our products.
14
©2008 Blue Ridge Networks. All rights reserved.
VPN and LI and Blue Ridge
• It is Blue Ridge’s position that Lawful Intercept of
traffic over our products or services would be
performed at some point in the network where
cleartext traffic is naturally available. Our products,
and other VPN/Security products, can be configured
to provide a cleartext intercept point but we have
never been asked to do so.
• Even in this event, only the LEA, working via the
Local Licensed Provider would be able to perform
the intercept. Not Blue Ridge, nor the customer.
15
©2008 Blue Ridge Networks. All rights reserved.
Security Products and Services
• Secure Virtual Ethernet Service
–
–
–
–
Cost effective private communications over public networks
Supports voice, video and data applications
Works with any carrier broadband services
Available as a fully managed service or supported product
suite
• EdgeGuard™ End-Point Risk Mitigation
– Enforcement of enterprise security policy for fixed and mobile
Windows computers
– Auditing of policy compliance
– Discovery of security related risk factors
– Available as a fully managed service or supported product
suite
16
©2008 Blue Ridge Networks. All rights reserved.
Secure Virtual Ethernet Service
•
•
•
•
Any-to-any, full mesh, enterprise connectivity
100% end-to-end security
Unicast and Multicast
Any wired or wireless networks;
– DSL, Cable Modem, E1, etc.
– Cell wireless, satellite, WiMax
•
•
•
•
Any Data applications and Protocols
Any VoIP applications
Any IP Video applications
Anywhere on the globe
17
©2008 Blue Ridge Networks. All rights reserved.
SVES Deployment
Enterprise
HQ
Enterprise
SVES creates a complete end to end
private and secure network on the
global Internet.
Regional Office
Internet
Remote workstation
Branch Office
Secure Mobile Office
18
©2008 Blue Ridge Networks. All rights reserved.
Why Blue Ridge for Security
• A company dedicated to security products and
services for over 10 years.
• All products are independently certified for
security features.
– Common Criteria
– NIST FIPS 140-2 level 2
• No reported vulnerabilities in 14 years of use
by demanding customers.
• Currently providing managed security services
in 39 countries.
19
©2008 Blue Ridge Networks. All rights reserved.
Thank You
20
©2008 Blue Ridge Networks. All rights reserved.