Security - Telenor

More documents

Recommendations

Info

32 The Policy Control Center An implementation of a policy enforcement mechanism described in the previous section is currently being developed at Telenor R&D, called a “Policy Control Center”. The Policy Control Center is controlled by a secured “Policy Control Center Server” located at the home/ corporate network. For communication between mobile terminals and this server (between the Policy Control Center and the Policy Control Center Server) LDAP over SSL is currently being used with both client and server side certificates. The Policy Control Center Server contains different policies for different users, as well as different policies for different network configurations. When a mobile terminal is outside the corporate network, we enforce a stricter security policy compared to the case where the mobile terminal is connected via a physically “secured” cable inside the corporate network (and behind the corporate firewalls). However, when introducing the concept of Multiple shared virtual VPNs as described earlier where a physically secured cable is simply not available, you need to introduce a security policy similar to the one used when connected directly to the Internet. The initial implementation of the Policy Control Center was running on Linux, where we have investigated among other things the following security technologies to be integrated and used to secure the mobile terminal: • Local firewall service through the use of “Ipchains”. This is a rather basic packet filtering firewall available on Linux systems. • A simplified network Intrusion Detection System by a combination of “Ipchains” and “Port- Sentry” [2], allowing dynamical blocking of unauthorised network attacks using TCPwrappers. • Host based Intrusion Detection System through the use of “LIDS” [3], the Linux Intrusion Detection System. • Integrity protection on the PCC itself as well as on all system critical parts of the file system through the use of “LIDS” [3]. LIDS enables the strict enforcement of read-only policies, making selected parts of the file system read-only or append only even for the superuser (root). • VPN access through the use of “FreeS/WAN” [4], a Linux IPsec implementation. • Disk encryption mechanisms. All policies need to be verifiable. To verify that the policies defined are actually implemented correctly on the mobile terminal, we need to build our implementation upon strong cryptographic protection mechanisms as much as possible. All software components to be used as part of the Policy Control Center need to be integrity protected so that as many attempts as possible on modifying and bypassing the protection mechanisms are discovered. Successfully bypassing of the Policy Control Center could mean that a compromised mobile terminal is able to access the internal corporate network. We are currently investigating the possibility of integrating local information protection through further use of disk encryption, incorporating the use of smartcards and PKI systems as well as all other security mechanisms required covered earlier in this article, in order to achieve the best possible security for the future users of Internet mobility. Our current work covers the development of a pure JAVA version of the Policy Control Center, making sure that all kinds of different terminals running JAVA may be secured using our PCC. Although the PCC implementation is platform independent, the policies themselves are however highly platform dependent. Challenges currently under investigation include for example: • How to most efficiently and securely write and handle the policies for different platforms; • How to protect the Policy Control Center itself from unauthorised modification and bypassing attempts; • Making sure the right policy is selected automatically, how do you know where you are? Conclusions Keeping a computer system connected to the Internet secure is a challenging task even for experienced security personnel. New software is frequently being introduced, often with little or no concern for potential security implications, and new vulnerabilities are constantly being found both in old and new software. In particular, without an open development model, mistakes made before are bound to be repeated over and over again without the customers ever hav- Telektronikk 3.2000
ing the possibility to verify the functionality of the software or detect potential security flaws in the implementation themselves. Other security mechanisms are needed to secure computers, in particular mobile terminals roaming the Internet; the security focus must be shifted towards the terminals themselves. The Policy Control Center takes the security level steps ahead compared to the currently implemented state of the art security mechanisms available for mobile (as well as other) terminals. In particular, there are two aspects of the Policy Control Center worth repeating; it is able to • Automatically configure the mobile terminal with respect to a predefined security policy; • Verify the state of the mobile terminal with respect to security before access is granted to the internal corporate network. When designing the actual security policies, “Defence in Depth” should be the guideline; add redundant security mechanisms – do not rely on a single protection mechanism that will be a “single point of failure” with respect to security! The security level that may be achieved by introducing a Policy Control Center however is only as good as the actual security policies themselves; even with a flawless Policy Control Center in place, it will not be able to defend your terminal if there is an “opening” or a flaw in the actual security policies. Coming technologies and products that introduce some similar concepts as our PCC include COPS within the IETF [5], MEXE within the 3GPP [6], and PGP Desktop Security 7.0 from PGP Security [7]. Telektronikk 3.2000 References 1 Bellovin, S. Distributed Firewalls. ;login: special issue on security, November 1999. 2 Psionic PortSentry 1.0. 2000, September 28 [online]. – URL: http://www.psionic.com/ abacus/portsentry/ 3 Linux Intrusion Detection System. 2000, September 28 [online]. – URL: http://www. lids.org/ 4 Linux FreeS/WAN. 2000, September 28 [online]. – URL: http://www.freeswan.org/ 5 The Internet Engineering Task Force. 2000, October 9 [online]. – URL: http://www.ietf. org/ 6 3GPP. 2000, October 9 [online]. – URL: http://www.3gpp.org/ 7 PGP Security. 2000, October 9 [online]. – URL: http://www.pgp.com/ 33
Page 2 and 3: Telektronikk Volume 96 No. 3 - 2000
Page 4 and 5: Øyvind Eilertsen (34) is Research
Page 6 and 7: 4 E(P) = a ⋅ P + b (mod 26) D(C)
Page 8 and 9: 6 In 1997, NIST initiated the proce
Page 10 and 11: 8 decrypt the signed hash value, re
Page 12 and 13: Lars R. Knudsen (38) is Professor a
Page 14 and 15: Table 1 Timetable for AES Table 2 T
Page 16 and 17: 14 K m i Stream cipher algorithm Fi
Page 18 and 19: 16 6 Use of Encryption in Telecommu
Page 20 and 21: 18 mode, integrity mode, key divers
Page 22 and 23: 20 7 Beaver, D. Computing with DNA.
Page 24 and 25: 22 In both cases, my trust depends
Page 26 and 27: 24 A number of standard PC applicat
Page 28 and 29: Henning Wright Hansen (28) is Resea
Page 30 and 31: 28 Securing Locally Stored Informat
Page 32 and 33: Figure 3 A simple Public Key Infras
Page 36 and 37: Tønnes Brekne (31) is on leave fro
Page 38 and 39: 36 Sets definable by such predicate
Page 40 and 41: 38 A failure is caused by some type
Page 42 and 43: Figure 1 This figure illustrates th
Page 44 and 45: 42 ating system(s) and/or platform
Page 46 and 47: Message Sender Recipient Message pa
Page 48 and 49: 46 Assume some agent a carries with
Page 50 and 51: 48 gateway from attack, while the i
Page 52 and 53: 50 transfer at the expense of secur
Page 54 and 55: 52 7 FORE Systems. Firewall Switchi
Page 56 and 57: Figure 2-1 Object invocations throu
Page 58 and 59: Figure 4-1 3 Levels of different fi
Page 60 and 61: 58 phase two, in which the client r
Page 62 and 63: 60 5 CORBA Firewall Traversal 5.1 F
Page 64 and 65: 62 7.2 Visibroker Gatekeeper of Inp
Page 66 and 67: 64 References 1 Abie, H. An Overvie
Page 68 and 69: Cost Figure 1 Minimising total cost
Page 70 and 71: 68 In the coming years it is likely
Page 72 and 73: 70 financial, social, environmental
Page 74 and 75: Consequence 72 Insignificant Substa
Page 76 and 77: 74 in a one week time-frame, using

Security - Telenor

Create successful ePaper yourself

Delete template?

Save as template?