Transcript Network - wisetel.com.br

Switch Security Issues
(NIST Protection Profile - Final Document)
Prepared for:
NIST
Ron Bhattacharyya
732-699-5707
[email protected]
November 30, 1999
An SAIC Company
Copyright © 1999 Telcordia Technologies
All Rights Reserved
Agenda
Present an overview of:
Switch security issues especially
incorporated in the Final “Switch CC”
document
Switch Security Requirements related to– Peripheral Security Server
– Broadband Issues
– CALEA compliance
– Telecom Reform Act compliance
Suggestion for future work
Copyright © 1999 Telcordia Technologies
All Rights Reserved
2
Consideration due to peripheral security
server
Expanded definition of the Target of
Evaluation (TOE):

If the switch is protected by a peripheral
security server, the TOE is not just the
switch, but it includes the peripheral
security server.

The Protection Profile applies to the TOE,
not just the switch
Copyright © 1999 Telcordia Technologies
All Rights Reserved
3
The PP is applicable to a wide range of
switches OBS: Protection Profiles (PP)
• End Office Switches
• Local Tandem Switches
• Inter-Exchange Carrier Tandems
• Signaling Transfer Point (for CCS Network)
• Data-com Switches :
–ATM, Frame Relay
–Switched Megabyte Data Service (SMDS)
Copyright © 1999 Telcordia Technologies
All Rights Reserved
4
A Wide Range of Operations Channels
need to be protected
• Maintenance (Line, Trunk, SCC/NMA, STLWS)
• Testing (Line, Trunk, MLT)
• Provisioning (RMAS, MARCH, RCV)
• EADAS (Eng. Admin Data Acquisition System)
• SCANS (Software Change Admin Notify)
• ESAC (Electronic Systems Assistance)
• AMA (Automated Message Accounting)
Copyright © 1999 Telcordia Technologies
All Rights Reserved
5
Emerging Telecommunications Issues
(Except VoIP and AIN)
• Broadband Applications - SONET, ATM
• Local Number Portability
• TMN compliance
• Comm. Assistance for Law Enforcement
Act (CALEA)
• Telecom Reforms Act of 1996
–Collocation, Nondiscriminatory Access
Copyright © 1999 Telcordia Technologies
All Rights Reserved
6
Security Issues for Broadband Technology
• Numerous Broadband switches
– Limited physical security
–Limited TMN compliance for centralized
security management
• Elaborate Connectivity
–
Passwords travel in cleartext
• Limited security features
–(compared to traditional circuit switches)
• Surreptitious entry at the protocol level
Copyright © 1999 Telcordia Technologies
All Rights Reserved
7
Example of Layered Security Management (TMN)
Network Management
System (NMS)
Element Management
Element Management
Element Management
System (EMS)
System (EMS)
System (EMS)
To Other GNEs
To Other GNEs
To Other
Network
Elements
(NE)
Gateway
Network
Element
(GNE)
Gateway
Network
Element
(GNE)
Network
Element
(NE)
Gateway
Network
Element
(GNE)
To Other
Network
Elements
(NE)
Copyright © 1999 Telcordia Technologies
All Rights Reserved
8
A Broad Band Application - (SONET Ring)
ATM
Switch
ATM
Switch
OC-3
TBM
OC-3
OC-12
Craft
Interface
OC-48
OPC
Console
OC-48
TBM
ATM - Asynchronous
Transfer Mode
OC-48
OPC
OPC - Operations Controller
OSS Operations Support
System
LAN - Local Area Network
OS
S
LAN
TBM - Transport Bandwidth
Management
Copyright © 1999 Telcordia Technologies
All Rights Reserved
9
Points of Ingress (Vulnerable???)
• OPC Console (Admin Access)
• Remote access to OPC via Ethernet
(vulnerable)
• Remote access to OPC via X.25 (vulnerable)
• Craft Access to ADM (vulnerable)
• Data Communications Channel (DCC) allows
back door from one ADM to another - across
admin boundaries
• ATM switch vulnerabilities
Copyright © 1999 Telcordia Technologies
All Rights Reserved
10
Examples of ATM switch vulnerabilities

No user-specific user-ID (uses a community name)
– no user accountability

Hard coded passwords to signify privilege levels
– no confidentiality, user cannot change own password




Password reverts to default on switch initialization
No audit log
“Open IP Address” allows access between ATMs
ATM switch, as a default, may comply with
several protocols without challenge
Copyright © 1999 Telcordia Technologies
All Rights Reserved
11
Summary of Broadband Security Issues
• Because of ubiquity, physical security cannot be
guaranteed
• Due to numerosity, passwords cannot be managed
• Because of network connectivities, unencrypted
passwords travel in clear text
• Points of ingress have few security features
compared to the traditional Central Office switches
• If defaults are not customized, intrusion is possible
at the protocol level
Copyright © 1999 Telcordia Technologies
All Rights Reserved
12
CALEA Compliance (Comm. Assistance for
Law Enforcement Act)





Switch-based surveillance under court order
Confidentiality of target phone number(s) and of
message content
Confidentiality of the surveillance activity in occurrence
High risk of intrusion into lawful surveillance facility
American National Standards Institute (ANSI) has
extended the Deadline for CALEA compliance to June
30, 2000 (Ref. - Safe Harbor Document # J-STD-025,
December 1997)
Copyright © 1999 Telcordia Technologies
All Rights Reserved
13
Telecommunications Reforms Act of 1996
• Mandated Network Unbundling & collocation
• A Competitive Local Exchange Carrier (CLEC)
can access the facilities and Network of an
Incumbent Local Exchange Carrier (ILEC)
• Physical Partitioning (Cage) may not always be
realistic
• Database partition, augmenting, or proxy
server becomes a necessity
Copyright © 1999 Telcordia Technologies
All Rights Reserved
14
Future Work - (VoIP and related security
Issues)



Why Voice over Data Networks
Who will provide/use this service
Security issues special to Voice over IP
– Security of the network
– Security of IP/Frame Relay/ATM Elements
– Security of Functional Elements and OS/NE communication
– Security of gateway providing PSTN - IP interface
– Fraud related issues
– CALEA and Telecom Reform Act - for VoIP

How can a Govt. - Industry program
resolve these issues
Copyright © 1999 Telcordia Technologies
All Rights Reserved
15
Motivation behind the emergence of VoIP

Data Networks are proliferating

Consolidation of voice and data on a
single network is more economical than
circuit-switched voice

New services can be offered that combine
features of PSTN and IP flexibility

Within Data Networks, IP is the dominant
protocol
Copyright © 1999 Telcordia Technologies
All Rights Reserved
16
VoIP Security Issues

Security of Networks (Voice, SS7, Packet data)

Security of new IP-based Functional Elements
(FE) and their OS connectivity

Security of PSTN Elements

Fraud-related Issues

CALEA Compliance

Telecom Reform Act of 1996
Copyright © 1999 Telcordia Technologies
All Rights Reserved
17
Security of IP-based FEs and OSs

New Functional Elements and OSs may not meet
the PSTN security standard
–
–
–
–
–
–
Call Connection Agent (CCA)
Service Agent
Billing Agent
Announcement Agent
Routing and Domain Name Server
Customer Gateway, Access Gateway, Signaling
Gateway, Trunk Gateway
– Various Operations Agents

They do not have Protection Profiles (PP)
Copyright © 1999 Telcordia Technologies
All Rights Reserved
18
Security of PSTN Elements

PSTN elements may be connected to a WAN

PSTN elements would allow TCP/IP access

The interfaces are new and untested for their
security features

When VoIP service providers interconnect
their networks, an efficient approach will be to
interface at the IP level. However, there are no
well-defined security standards for networkto-network interfaces
Copyright © 1999 Telcordia Technologies
All Rights Reserved
19
Conclusion
The need for Switch PP has been presented
– Difference between a switch and a general purpose
computer
– Incorporation of comments received from last
workshop
– Impact of emerging technology
Future work needs to address:
– Security Issues related to VoIP Functional
Elements and PSTN - VoIP connectivity
Copyright © 1999 Telcordia Technologies
All Rights Reserved
20